Cleanup

controllers/nginx/pkg/template/template.go

@@ -673,17 +673,20 @@ func buildForwardedFor(input interface{}) string {
 func trustHTTPHeaders(input interface{}) bool {
 	conf, ok := input.(config.TemplateConfig)
 	if !ok {
+		glog.Errorf("%v", input)
 		return true
 	}
 
 	return conf.Cfg.RealClientFrom == "http-proxy" ||
-		(conf.Cfg.RealClientFrom == "auto" && !conf.Cfg.UseProxyProtocol &&
+		(conf.Cfg.RealClientFrom == "auto" && !conf.Cfg.UseProxyProtocol ||
-			(conf.PublishService != nil && conf.PublishService.Spec.Type == apiv1.ServiceTypeLoadBalancer))
+			(conf.Cfg.RealClientFrom == "auto" && conf.PublishService != nil &&
+				conf.PublishService.Spec.Type == apiv1.ServiceTypeLoadBalancer))
 }
 
 func trustProxyProtocol(input interface{}) bool {
 	conf, ok := input.(config.TemplateConfig)
 	if !ok {
+		glog.Errorf("%v", input)
 		return true
 	}
 

controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl

@@ -155,8 +155,8 @@ http {
     # Trust HTTP X-Forwarded-* Headers, but use direct values if they're missing.
     map {{ buildForwardedFor $cfg.ForwardedForHeader }} $the_real_ip {
         # Get IP address from X-Forwarded-For HTTP header
-        default          $remote_addr;
+        default          $realip_remote_addr;
-        ''               $realip_remote_addr;
+        ''               $remote_addr;
     }
 
     # trust http_x_forwarded_proto headers correctly indicate ssl offloading