Remove the_real_ip variable

2019-09-12 20:01:33 -03:00 · 2019-09-12 20:01:33 -03:00 · 9af574a234
commit 9af574a234
parent fe4f178db1
6 changed files with 22 additions and 38 deletions
--- a/docs/user-guide/nginx-configuration/configmap.md
+++ b/docs/user-guide/nginx-configuration/configmap.md
@ -58,7 +58,7 @@ The following table shows a configuration option's name, type, and the default v
 |[keep-alive-requests](#keep-alive-requests)|int|100|
 |[large-client-header-buffers](#large-client-header-buffers)|string|"4 8k"|
 |[log-format-escape-json](#log-format-escape-json)|bool|"false"|
-|[log-format-upstream](#log-format-upstream)|string|`%v - [$the_real_ip] - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status $req_id`|
+|[log-format-upstream](#log-format-upstream)|string|`$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status $req_id`|
 |[log-format-stream](#log-format-stream)|string|`[$time_local] $protocol $status $bytes_sent $bytes_received $session_time`|
 |[enable-multi-accept](#enable-multi-accept)|bool|"true"|
 |[max-worker-connections](#max-worker-connections)|int|16384|
--- a/docs/user-guide/nginx-configuration/log-format.md
+++ b/docs/user-guide/nginx-configuration/log-format.md
@ -4,8 +4,7 @@ The default configuration uses a custom logging format to add additional informa

 ```
 log_format upstreaminfo
-    '{{ if $cfg.useProxyProtocol }}$proxy_protocol_addr{{ else }}$remote_addr{{ end }} - '
-    '[$the_real_ip] - $remote_user [$time_local] "$request" '
+    '$remote_addr - $remote_user [$time_local] "$request" '
    '$status $body_bytes_sent "$http_referer" "$http_user_agent" '
    '$request_length $request_time [$proxy_upstream_name] [$proxy_alternative_upstream_name] $upstream_addr '
    '$upstream_response_length $upstream_response_time $upstream_status $req_id';
@ -14,8 +13,7 @@ log_format upstreaminfo
 | Placeholder | Description |
 |-------------|-------------|
 | `$proxy_protocol_addr` | remote address if proxy protocol is enabled |
-| `$remote_addr` | remote address if proxy protocol is disabled (default) |
-| `$the_real_ip` | the source IP address of the client |
+| `$remote_addr` | the source IP address of the client |
 | `$remote_user` | user name supplied with the Basic authentication |
 | `$time_local` | local time in the Common Log Format |
 | `$request` | full original request line |
--- a/internal/ingress/controller/config/config.go
+++ b/internal/ingress/controller/config/config.go
@ -55,7 +55,7 @@ const (

 	brotliTypes = "application/xml+rss application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component"

-	logFormatUpstream = `%v - [$the_real_ip] - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] [$proxy_alternative_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status $req_id`
+	logFormatUpstream = `$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] [$proxy_alternative_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status $req_id`

 	logFormatStream = `[$time_local] $protocol $status $bytes_sent $bytes_received $session_time`

@ -768,7 +768,7 @@ func NewDefault() Configuration {
 // is enabled.
 func (cfg Configuration) BuildLogFormatUpstream() string {
 	if cfg.LogFormatUpstream == logFormatUpstream {
-		return fmt.Sprintf(cfg.LogFormatUpstream, "$the_real_ip")
+		return fmt.Sprintf(cfg.LogFormatUpstream, "$remote_addr")
 	}

 	return cfg.LogFormatUpstream
--- a/internal/ingress/controller/config/config_test.go
+++ b/internal/ingress/controller/config/config_test.go
@ -17,7 +17,6 @@ limitations under the License.
 package config

 import (
-	"fmt"
 	"testing"
 )

@ -28,8 +27,6 @@ func TestBuildLogFormatUpstream(t *testing.T) {
 		curLogFormat     string
 		expected         string
 	}{
-		{true, logFormatUpstream, fmt.Sprintf(logFormatUpstream, "$the_real_ip")},
-		{false, logFormatUpstream, fmt.Sprintf(logFormatUpstream, "$the_real_ip")},
 		{true, "my-log-format", "my-log-format"},
 		{false, "john-log-format", "john-log-format"},
 	}
--- a/rootfs/etc/nginx/template/nginx.tmpl
+++ b/rootfs/etc/nginx/template/nginx.tmpl
@ -162,20 +162,20 @@ http {
    # https://github.com/leev/ngx_http_geoip2_module#example-usage

    geoip2 /etc/nginx/geoip/GeoLite2-City.mmdb {
-        $geoip2_city_country_code source=$the_real_ip country iso_code;
-        $geoip2_city_country_name source=$the_real_ip country names en;
-        $geoip2_city source=$the_real_ip city names en;
-        $geoip2_postal_code source=$the_real_ip postal code;
-        $geoip2_dma_code source=$the_real_ip location metro_code;
-        $geoip2_latitude source=$the_real_ip location latitude;
-        $geoip2_longitude source=$the_real_ip location longitude;
-        $geoip2_time_zone source=$the_real_ip location time_zone;
-        $geoip2_region_code source=$the_real_ip subdivisions 0 iso_code;
-        $geoip2_region_name source=$the_real_ip subdivisions 0 names en;
+        $geoip2_city_country_code source=$remote_addr country iso_code;
+        $geoip2_city_country_name source=$remote_addr country names en;
+        $geoip2_city source=$remote_addr city names en;
+        $geoip2_postal_code source=$remote_addr postal code;
+        $geoip2_dma_code source=$remote_addr location metro_code;
+        $geoip2_latitude source=$remote_addr location latitude;
+        $geoip2_longitude source=$remote_addr location longitude;
+        $geoip2_time_zone source=$remote_addr location time_zone;
+        $geoip2_region_code source=$remote_addr subdivisions 0 iso_code;
+        $geoip2_region_name source=$remote_addr subdivisions 0 names en;
    }

    geoip2 /etc/nginx/geoip/GeoLite2-ASN.mmdb {
-        $geoip2_asn source=$the_real_ip autonomous_system_number;
+        $geoip2_asn source=$remote_addr autonomous_system_number;
    }
    {{ end }}

@ -306,17 +306,6 @@ http {
        {{ end }}
    }

-    # The following is a sneaky way to do "set $the_real_ip $remote_addr"
-    # Needed because using set is not allowed outside server blocks.
-    map '' $the_real_ip {
-    {{ if $cfg.UseProxyProtocol }}
-        # Get IP address from Proxy Protocol
-        default          $proxy_protocol_addr;
-    {{ else }}
-        default          $remote_addr;
-    {{ end }}
-    }
-
    # Reverse proxies can detect if a client provides a X-Request-ID header, and pass it on to the backend server.
    # If no such header is provided, it can provide a random value.
    map $http_x_request_id $req_id {
@ -435,7 +424,7 @@ http {

    {{ range $rl := (filterRateLimits $servers ) }}
    # Ratelimit {{ $rl.Name }}
-    geo $the_real_ip $whitelist_{{ $rl.ID }} {
+    geo $remote_addr $whitelist_{{ $rl.ID }} {
        default 0;
        {{ range $ip := $rl.Whitelist }}
        {{ $ip }} 1;{{ end }}
@ -904,11 +893,11 @@ stream {
            proxy_set_header            X-Original-URL          $scheme://$http_host$request_uri;
            proxy_set_header            X-Original-Method       $request_method;
            proxy_set_header            X-Sent-From             "nginx-ingress-controller";
-            proxy_set_header            X-Real-IP               $the_real_ip;
+            proxy_set_header            X-Real-IP               $remote_addr;
            {{ if and $all.Cfg.UseForwardedHeaders $all.Cfg.ComputeFullForwardedFor }}
            proxy_set_header            X-Forwarded-For        $full_x_forwarded_for;
            {{ else }}
-            proxy_set_header            X-Forwarded-For        $the_real_ip;
+            proxy_set_header            X-Forwarded-For        $remote_addr;
            {{ end }}

            {{ if $externalAuth.RequestRedirect }}
@ -1196,11 +1185,11 @@ stream {
            {{ end }}

            {{ $proxySetHeader }} X-Request-ID           $req_id;
-            {{ $proxySetHeader }} X-Real-IP              $the_real_ip;
+            {{ $proxySetHeader }} X-Real-IP              $remote_addr;
            {{ if and $all.Cfg.UseForwardedHeaders $all.Cfg.ComputeFullForwardedFor }}
            {{ $proxySetHeader }} X-Forwarded-For        $full_x_forwarded_for;
            {{ else }}
-            {{ $proxySetHeader }} X-Forwarded-For        $the_real_ip;
+            {{ $proxySetHeader }} X-Forwarded-For        $remote_addr;
            {{ end }}
            {{ $proxySetHeader }} X-Forwarded-Host       $best_http_host;
            {{ $proxySetHeader }} X-Forwarded-Port       $pass_port;
--- a/test/data/config.json
+++ b/test/data/config.json
@ -46,7 +46,7 @@
 		"useHttp2": true,
 		"proxyStreamTimeout": "600s",
 		"workerProcesses": 1,
-		"limitConnZoneVariable": "$the_real_ip"
+		"limitConnZoneVariable": "$remote_addr"
 	},
 	"customErrors": true,
 	"defResolver": "",