Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I add the x-forwarded-for field to my access logs for the nginx ingress controller?

I'm using the nginx ingress controller on gke, by default these are what my access logs look like:

"10.123.0.20 - [10.123.0.20] - - [22/Apr/2019:18:47:59 +0000] "GET /sdflksdf/sdfsdf HTTP/2.0" 404 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/538.12 (KHTML, like Gecko) Chrome/73.0.3683.100 Safari/537.36" 26 0.002 [default-blah-80] 10.44.0.26:80 0 0.001 404 skjf0s93jf0ws93jfsijf3s3fjs3i

I want to add the x-forwarded-for header in my access logs. I'd like that field to be added at the end of the current log lines if possible. Or at the start of the log line would be OK too I guess.

Im looking at their docs and its not clear to me how to add x-forwarded-for to the access log: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/log-format/

like image 840
red888 Avatar asked Apr 22 '19 18:04

red888


People also ask

How does nginx controller work in ingress?

The IC uses the Kubernetes API to get the latest Ingress resources created in the cluster and then configures NGINX according to those resources. Application A with two pods deployed in the namespace A by User A. To expose the application to its clients (Clients A) via the host a.example.com , User A creates Ingress A.

Which protocol does nginx ingress controller handle?

NGINX Ingress resources support additional protocols (TCP, UDP, and TLS Passthrough) – You can now deliver complex, non-HTTP-based services from Kubernetes using custom resources, in a simple and intuitive manner.

How do I enable nginx logs?

For configuring the error_log, you have to add the path of the log file and set the log level. If you do not set the second parameter, then the error_log will take “error” as its default log level: error_log /var/log/nginx/error.

How do I change the log format in nginx?

The syntax for configuring a log format is: log_format format_name 'set_of_variables_to_define_format'; and the syntax for configuring access log is: access_log /path/to/log_file format_name; #simplest form OR access_log /path/to/log_file [format [buffer=size] [gzip[=level]] [flush=time] [if=condition]];

What is Nginx X-Forwarded-For?

Nginx X-Forwarded-For | How to use nginx x-forwarded-for? Nginx x-forwarded-for header is the header of the de-facto standard used for identifying the client connecting originating IP address to web server through the proxy of HTTP or we can also connect through by using a load balancer.

How do I add custom logging fields for X-Forwarded-For headers?

In IIS 8.5 and later, custom logging fields can be added to record X-Forwarded-For headers to record a client's source IP address when transparency is not being used. Navigate to the site which will use X-Forwarded-For logging and click Logging and Open Feature. Click the Select Fields... option Click the Add Field... option.

How to use X-Forwarded-For header to find client IP address?

Long story short: You can use X-Forwarded-For request header to find and log the IP address of the client. This field is not logged in IIS by default so that you need to manually add it. You can use custom logging to add X-Forwarded-For field.

What is the purpose of the X-Forwarded-For header?

Inserting the X-Forwarded-For header allows the Real Server to log the client source IP address in its logs. Adding the X-Forwarded-For header using the LoadMaster can be done either as a global setting or as a per-Virtual Service setting.


2 Answers

You should use a ConfigMap to customize the NGINX configuration:

ConfigMaps allow you to decouple configuration artifacts from image content to keep containerized applications portable.

The ConfigMap API resource stores configuration data as key-value pairs. The data provides the configurations for system components for the nginx-controller.

To configure custom logs, you need to use the log-format-upstream key.

e.g.:

Create the following configmap:

apiVersion: v1
data:
  log-format-upstream: '$remote_addr - $request_id - [$proxy_add_x_forwarded_for] - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status'
kind: ConfigMap
metadata:
  name: nginx-ingress-config

and make sure that you are using --configmap=$(POD_NAMESPACE)/nginx-ingress-config as command args for your nginx-ingress-controller (example from offical repo here).

like image 151
Eduardo Baitello Avatar answered Oct 22 '22 12:10

Eduardo Baitello


Installing nginx-ingress from the helm official repo works by setting the controller.service.externalTrafficPolicy to Local like this.

helm install nginx-ingress stable/nginx-ingress --set rbac.create=true --set controller.service.externalTrafficPolicy=Local
like image 37
Tobi Adeniji Avatar answered Oct 22 '22 10:10

Tobi Adeniji