You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm not sure how good/bad idea this is, I'll describe my issue and maybe better solution will came up during discussion.
Configuration:
Workflow 2.10
EC2
TCP ELB with proxy protocol
Router deployment with router.deis.io/nginx.useProxyProtocol: true and proper router.deis.io/nginx.proxyRealIpCidrs.
Usually our request are running client -> elb -> workflow and it's working fine real ip is present in logs. However some domains (not even whole apps), are running through CloudFlare client -> cf -> elb -> workflow and here hell breaks loose :/ we're getting CF ip as remote address. So best option would be per domain real_ip_header, is it possible? Each domain is separate server block in nginx.conf, but is application/domain configuration available from nginx.conf template?
Maybe are there some workarounds? Switch to HTTP(S) LB is not an option.
From @szymonpk on January 27, 2017 8:5
I'm not sure how good/bad idea this is, I'll describe my issue and maybe better solution will came up during discussion.
Configuration:
router.deis.io/nginx.useProxyProtocol: trueand properrouter.deis.io/nginx.proxyRealIpCidrs.Usually our request are running
client -> elb -> workflowand it's working fine real ip is present in logs. However some domains (not even whole apps), are running through CloudFlareclient -> cf -> elb -> workflowand here hell breaks loose :/ we're getting CF ip as remote address. So best option would be per domainreal_ip_header, is it possible? Each domain is separate server block in nginx.conf, but is application/domain configuration available from nginx.conf template?Maybe are there some workarounds? Switch to HTTP(S) LB is not an option.
Copied from original issue: deis/router#308
The text was updated successfully, but these errors were encountered: