adds the enable-real-ip-recursive allowing control over real_ip_recursive

2023-11-29 08:23:55 +00:00 · 2023-11-29 08:23:55 +00:00 · bcab7c1f0b
commit bcab7c1f0b
parent eb1303da02
2 changed files with 11 additions and 0 deletions
--- a/internal/ingress/controller/config/config.go
+++ b/internal/ingress/controller/config/config.go
@ -556,6 +556,11 @@ type Configuration struct {
 	// Sets whether to enable the real ip module
 	EnableRealIP bool `json:"enable-real-ip"`

+	// Sets whether to use recursive search in the real ip module
+	// https://nginx.org/en/docs/http/ngx_http_realip_module.html#real_ip_recursive
+	// Default: true
+	EnableRealIpRecursive bool `json:"enable-real-ip-recursive"`
+
 	// Sets the header field for identifying the originating IP address of a client
 	// Default is X-Forwarded-For
 	ForwardedForHeader string `json:"forwarded-for-header,omitempty"`
@ -790,6 +795,7 @@ func NewDefault() Configuration {
 		ErrorLogLevel:                    errorLevel,
 		UseForwardedHeaders:              false,
 		EnableRealIP:                     false,
+		EnableRealIPRecursive:            true,
 		ForwardedForHeader:               "X-Forwarded-For",
 		ComputeFullForwardedFor:          false,
 		ProxyAddOriginalURIHeader:        false,
--- a/rootfs/etc/nginx/template/nginx.tmpl
+++ b/rootfs/etc/nginx/template/nginx.tmpl
@ -143,7 +143,12 @@ http {
    real_ip_header      {{ $cfg.ForwardedForHeader }};
    {{ end }}

+    {{ if $cfg.EnableRealIpRecursive }}
    real_ip_recursive   on;
+    {{ else }}
+    real_ip_recursive   off;
+    {{ end }}
+
    {{ range $trusted_ip := $cfg.ProxyRealIPCIDR }}
    set_real_ip_from    {{ $trusted_ip }};
    {{ end }}