Fix remote address in log when protocol is https

controllers/nginx/pkg/cmd/controller/tcp.go

@@ -10,9 +10,9 @@ import (
 )
 
 type server struct {
-	Hostname string
+	Hostname      string
-	IP       string
+	IP            string
-	Port     int
+	Port          int
 	ProxyProtocol bool
 }
 
@@ -41,19 +41,16 @@ func (p *proxy) Handle(conn net.Conn) {
 		return
 	}
 
-	var proxy *server
+	proxy := p.Default
 	hostname, err := parser.GetHostname(data[:])
 	if err == nil {
-		glog.V(3).Infof("parsed hostname from TLS Client Hello: %s", hostname)
+		glog.V(4).Infof("parsed hostname from TLS Client Hello: %s", hostname)
 		proxy = p.Get(hostname)
-		if proxy == nil {
+	}
-			return
+
-		}
+	if proxy == nil {
-	} else {
+		glog.V(4).Infof("there is no configured proxy for SSL connections")
-		proxy = p.Default
+		return
-		if proxy == nil {
-			return
-		}
 	}
 
 	clientConn, err := net.Dial("tcp", fmt.Sprintf("%s:%d", proxy.IP, proxy.Port))

controllers/nginx/pkg/config/config.go

@@ -48,7 +48,7 @@ const (
 
 	gzipTypes = "application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component"
 
-	logFormatUpstream = `%v - [$proxy_add_x_forwarded_for] - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status`
+	logFormatUpstream = `%v - [$the_x_forwarded_for] - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status`
 
 	logFormatStream = `[$time_local] $protocol $status $bytes_sent $bytes_received $session_time`
 
@@ -332,10 +332,7 @@ func NewDefault() Configuration {
 // is enabled.
 func (cfg Configuration) BuildLogFormatUpstream() string {
 	if cfg.LogFormatUpstream == logFormatUpstream {
-		if cfg.UseProxyProtocol {
+		return fmt.Sprintf(cfg.LogFormatUpstream, "$the_x_forwarded_for")
-			return fmt.Sprintf(cfg.LogFormatUpstream, "$proxy_protocol_addr")
-		}
-		return fmt.Sprintf(cfg.LogFormatUpstream, "$remote_addr")
 	}
 
 	return cfg.LogFormatUpstream

controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl

@@ -85,6 +85,9 @@ http {
 
     server_tokens {{ if $cfg.ShowServerTokens }}on{{ else }}off{{ end }};
 
+    # disable warnings
+    uninitialized_variable_warn off;
+
     log_format upstreaminfo '{{ buildLogFormatUpstream $cfg }}';
 
     {{/* map urls that should not appear in access.log */}}
@@ -127,6 +130,16 @@ http {
        ''                $server_port;
     }
 
+    map $pass_access_scheme $the_x_forwarded_for {
+       default           $remote_addr;
+       https             $proxy_protocol_addr;
+    }
+
+    map $pass_access_scheme $the_real_ip {
+       default           $remote_addr;
+       https             $proxy_protocol_addr;
+    }
+
     # map port 442 to 443 for header X-Forwarded-Port
     map $pass_server_port $pass_port {
         442              443;
@@ -352,7 +365,8 @@ http {
             proxy_set_header                        Upgrade           $http_upgrade;
             proxy_set_header                        Connection        $connection_upgrade;
 
-            proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
+            proxy_set_header X-Real-IP              $the_real_ip;
+            proxy_set_header X-Forwarded-For        $the_x_forwarded_for;
             proxy_set_header X-Forwarded-Host       $best_http_host;
             proxy_set_header X-Forwarded-Port       $pass_port;
             proxy_set_header X-Forwarded-Proto      $pass_access_scheme;