0

I'm using CloudFlare as DNS server for the system and need of whitelist IP for some domains of the system. I managed to do this but when I enable Proxy status feature for domain on CloudFlare I get 403 Forbidden error because CloudFlare forwards its own IP for ingress instead of client IP address.
I found a tutorial here.
Is there any other way to solve this problem?
Here is the CloudFlare configuration.

enter image description here

Here is the ingress configuration.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: admin-ingress
  namespace: machine-learning
  labels:
    app.kubernetes.io/managed-by: Helm
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: 50m
    nginx.ingress.kubernetes.io/whitelist-source-range: 184.90.9.99,183.88.6.88
spec:
  rules:
    - host: "admin.xxx.com"
      http:
        paths:
          - path: /
            pathType: ImplementationSpecific
            backend:
              service:
                name: admin-service
                port:
                  name: http

And this is the error I get

enter image description here

Any contribution is greatly appreciated.
Best regards,

quoc9x
  • 1,423
  • 2
  • 9
  • 26

2 Answers2

2

Please add this line real_ip_header CF-Connecting-IP; in your Nginx config file to forward the original client IP address to the server.

Umair Latif
  • 518
  • 4
  • 6
1

try this https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#configuration-snippet

nginx.ingress.kubernetes.io/configuration-snippet: |
  real_ip_header CF-Connecting-IP;
yip102011
  • 751
  • 4
  • 11