From e8cb75b705727e3ecc4f66eed478ca5f52386a55 Mon Sep 17 00:00:00 2001 From: loveuer Date: Tue, 2 Jul 2024 13:39:22 +0800 Subject: [PATCH] feat: nginx ingress controller forward real ip --- deployment/real-ip.yaml | 71 ++++++++++++++++++++++++++++++++++++++ go.mod | 10 +++++- go.sum | 17 +++++++-- service/real-ip/Dockerfile | 23 ++++++++++++ service/real-ip/main.go | 36 +++++++++++++++++++ service/real-ip/readme.md | 13 +++++++ 6 files changed, 167 insertions(+), 3 deletions(-) create mode 100644 deployment/real-ip.yaml create mode 100644 service/real-ip/Dockerfile create mode 100644 service/real-ip/main.go create mode 100644 service/real-ip/readme.md diff --git a/deployment/real-ip.yaml b/deployment/real-ip.yaml new file mode 100644 index 0000000..339c69f --- /dev/null +++ b/deployment/real-ip.yaml @@ -0,0 +1,71 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: real-ip + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: real-ip + name: real-ip +spec: + replicas: 1 + selector: + matchLabels: + app: real-ip + template: + metadata: + labels: + app: real-ip + spec: + containers: + - name: system + image: repo.me/build/test/real-ip:v01 + imagePullPolicy: IfNotPresent + command: ["/app/real-ip_app"] + ports: + - containerPort: 80 + resources: + limits: + memory: 10Mi + cpu: 1 + +--- +apiVersion: v1 +kind: Service +metadata: + namespace: real-ip + name: real-ip +spec: + selector: + app: real-ip + type: ClusterIP + ports: + - name: real-ip-http + port: 80 + targetPort: 80 + +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ing-real-ip + namespace: real-ip + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/rewrite-target: /api/real-ip/$2 +spec: + ingressClassName: nginx + rules: + - host: "real-ip.zyp.dev.com" + http: + paths: + - path: /api/real-ip(/|$)(.*) + pathType: Prefix + backend: + service: + name: real-ip + port: + number: 80 diff --git a/go.mod b/go.mod index 6a22192..db2c136 100644 --- a/go.mod +++ b/go.mod @@ -2,4 +2,12 @@ module hello go 1.20 -require github.com/loveuer/nf v0.1.3 +require github.com/loveuer/nf v0.2.3 + +require ( + github.com/fatih/color v1.17.0 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/mattn/go-colorable v0.1.13 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect + golang.org/x/sys v0.18.0 // indirect +) diff --git a/go.sum b/go.sum index 75b54d0..6039b1a 100644 --- a/go.sum +++ b/go.sum @@ -1,2 +1,15 @@ -github.com/loveuer/nf v0.1.3 h1:tZP+FtwhiU+VTfPwfaEQUmiw1z6U9XwfDzJV46h5vZw= -github.com/loveuer/nf v0.1.3/go.mod h1:uKsKYym27ravyTXSBSnxU86V7osxx9cM6DJ+dVBfJ1Q= +github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= +github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/loveuer/nf v0.2.3 h1:OsH2IHDlGy7dj3xmPlCwisdbwG2neuP36bBBfQfCFkA= +github.com/loveuer/nf v0.2.3/go.mod h1:mR3Hc3j6kivKS+QwaYULYuiZOLQCfcaRPTtK260pBaw= +github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= +github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= +github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= diff --git a/service/real-ip/Dockerfile b/service/real-ip/Dockerfile new file mode 100644 index 0000000..73fe466 --- /dev/null +++ b/service/real-ip/Dockerfile @@ -0,0 +1,23 @@ +FROM repo.me/external/golang:latest AS builder + +WORKDIR /app/build + +COPY go.mod . +COPY go.sum . +COPY service/real-ip/main.go . + +ENV GOPROXY https://goproxy.io + +RUN go mod download && go build -ldflags='-s -w' -o real-ip_app . + +FROM repo.me/external/alpine:latest + +RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories && apk add curl + +ENV TZ Asia/Shanghai + +WORKDIR /app + +COPY --from=builder /app/build/real-ip_app . + +CMD [ "/app/real-ip_app" ] \ No newline at end of file diff --git a/service/real-ip/main.go b/service/real-ip/main.go new file mode 100644 index 0000000..3882080 --- /dev/null +++ b/service/real-ip/main.go @@ -0,0 +1,36 @@ +package main + +import ( + "flag" + "github.com/loveuer/nf" + "github.com/loveuer/nf/nft/log" + "time" +) + +var ( + address string +) + +func init() { + flag.StringVar(&address, "address", ":80", "listen address") + flag.Parse() +} + +func main() { + app := nf.New() + + app.Get("/api/real-ip/available", func(c *nf.Ctx) error { + return c.JSON(nf.Map{"status": 200, "data": "available@" + time.Now().Format(time.RFC3339)}) + }) + + app.Get("/api/real-ip/ip", func(c *nf.Ctx) error { + headers := c.Request.Header + + return c.JSON(nf.Map{"status": 200, "data": nf.Map{ + "ip": c.IP(), + "headers": headers, + }}) + }) + + log.Fatal(app.Run(address).Error()) +} diff --git a/service/real-ip/readme.md b/service/real-ip/readme.md new file mode 100644 index 0000000..e560fc6 --- /dev/null +++ b/service/real-ip/readme.md @@ -0,0 +1,13 @@ +# enable nginx-ingress-controller real-ip forward + +### edit nginx-ingress-controller configmap yaml as blow: + +```yaml +apiVersion: v1 +data: + allow-snippet-annotations: 'true' + use-forwarded-headers: 'true' +kind: ConfigMap +metadata: + ... +``` \ No newline at end of file