I'm using the nginx ingress controller on gke, by default these are what my access logs look like:
"10.123.0.20 - [10.123.0.20] - - [22/Apr/2019:18:47:59 +0000] "GET /sdflksdf/sdfsdf HTTP/2.0" 404 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/538.12 (KHTML, like Gecko) Chrome/73.0.3683.100 Safari/537.36" 26 0.002 [default-blah-80] 10.44.0.26:80 0 0.001 404 skjf0s93jf0ws93jfsijf3s3fjs3i
I want to add the x-forwarded-for header in my access logs. I'd like that field to be added at the end of the current log lines if possible. Or at the start of the log line would be OK too I guess.
Im looking at their docs and its not clear to me how to add x-forwarded-for to the access log: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/log-format/
The IC uses the Kubernetes API to get the latest Ingress resources created in the cluster and then configures NGINX according to those resources. Application A with two pods deployed in the namespace A by User A. To expose the application to its clients (Clients A) via the host a.example.com , User A creates Ingress A.
NGINX Ingress resources support additional protocols (TCP, UDP, and TLS Passthrough) – You can now deliver complex, non-HTTP-based services from Kubernetes using custom resources, in a simple and intuitive manner.
For configuring the error_log, you have to add the path of the log file and set the log level. If you do not set the second parameter, then the error_log will take “error” as its default log level: error_log /var/log/nginx/error.
The syntax for configuring a log format is: log_format format_name 'set_of_variables_to_define_format'; and the syntax for configuring access log is: access_log /path/to/log_file format_name; #simplest form OR access_log /path/to/log_file [format [buffer=size] [gzip[=level]] [flush=time] [if=condition]];
Nginx X-Forwarded-For | How to use nginx x-forwarded-for? Nginx x-forwarded-for header is the header of the de-facto standard used for identifying the client connecting originating IP address to web server through the proxy of HTTP or we can also connect through by using a load balancer.
In IIS 8.5 and later, custom logging fields can be added to record X-Forwarded-For headers to record a client's source IP address when transparency is not being used. Navigate to the site which will use X-Forwarded-For logging and click Logging and Open Feature. Click the Select Fields... option Click the Add Field... option.
Long story short: You can use X-Forwarded-For request header to find and log the IP address of the client. This field is not logged in IIS by default so that you need to manually add it. You can use custom logging to add X-Forwarded-For field.
Inserting the X-Forwarded-For header allows the Real Server to log the client source IP address in its logs. Adding the X-Forwarded-For header using the LoadMaster can be done either as a global setting or as a per-Virtual Service setting.
You should use a ConfigMap to customize the NGINX configuration:
ConfigMaps allow you to decouple configuration artifacts from image content to keep containerized applications portable.
The ConfigMap API resource stores configuration data as key-value pairs. The data provides the configurations for system components for the nginx-controller.
To configure custom logs, you need to use the log-format-upstream
key.
e.g.:
Create the following configmap:
apiVersion: v1
data:
log-format-upstream: '$remote_addr - $request_id - [$proxy_add_x_forwarded_for] - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status'
kind: ConfigMap
metadata:
name: nginx-ingress-config
and make sure that you are using --configmap=$(POD_NAMESPACE)/nginx-ingress-config
as command args
for your nginx-ingress-controller (example from offical repo here).
Installing nginx-ingress
from the helm official repo works by setting the controller.service.externalTrafficPolicy
to Local like this.
helm install nginx-ingress stable/nginx-ingress --set rbac.create=true --set controller.service.externalTrafficPolicy=Local
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With