feat: nginx ingress controller forward real ip

2024-07-02 13:39:22 +08:00 · 2024-07-02 13:39:22 +08:00 · e8cb75b705
commit e8cb75b705
parent 4ae56d1726
6 changed files with 167 additions and 3 deletions
--- a/deployment/real-ip.yaml
+++ b/deployment/real-ip.yaml
@ -0,0 +1,71 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: real-ip
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: real-ip
+  name: real-ip
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: real-ip
+  template:
+    metadata:
+      labels:
+        app: real-ip
+    spec:
+      containers:
+        - name: system
+          image: repo.me/build/test/real-ip:v01
+          imagePullPolicy: IfNotPresent
+          command: ["/app/real-ip_app"]
+          ports:
+            - containerPort: 80
+          resources:
+            limits:
+              memory: 10Mi
+              cpu: 1
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: real-ip
+  name: real-ip
+spec:
+  selector:
+    app: real-ip
+  type: ClusterIP
+  ports:
+    - name: real-ip-http
+      port: 80
+      targetPort: 80
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ing-real-ip
+  namespace: real-ip
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/use-regex: "true"
+    nginx.ingress.kubernetes.io/rewrite-target: /api/real-ip/$2
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: "real-ip.zyp.dev.com"
+      http:
+        paths:
+          - path: /api/real-ip(/|$)(.*)
+            pathType: Prefix
+            backend:
+              service:
+                name: real-ip
+                port:
+                  number: 80
--- a/go.mod
+++ b/go.mod
@ -2,4 +2,12 @@ module hello

 go 1.20

-require github.com/loveuer/nf v0.1.3
+require github.com/loveuer/nf v0.2.3
+
+require (
+	github.com/fatih/color v1.17.0 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	golang.org/x/sys v0.18.0 // indirect
+)
--- a/go.sum
+++ b/go.sum
@ -1,2 +1,15 @@
-github.com/loveuer/nf v0.1.3 h1:tZP+FtwhiU+VTfPwfaEQUmiw1z6U9XwfDzJV46h5vZw=
-github.com/loveuer/nf v0.1.3/go.mod h1:uKsKYym27ravyTXSBSnxU86V7osxx9cM6DJ+dVBfJ1Q=
+github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4=
+github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/loveuer/nf v0.2.3 h1:OsH2IHDlGy7dj3xmPlCwisdbwG2neuP36bBBfQfCFkA=
+github.com/loveuer/nf v0.2.3/go.mod h1:mR3Hc3j6kivKS+QwaYULYuiZOLQCfcaRPTtK260pBaw=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
+golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
--- a/service/real-ip/Dockerfile
+++ b/service/real-ip/Dockerfile
@ -0,0 +1,23 @@
+FROM repo.me/external/golang:latest AS builder
+
+WORKDIR /app/build
+
+COPY go.mod .
+COPY go.sum .
+COPY service/real-ip/main.go .
+
+ENV GOPROXY https://goproxy.io
+
+RUN go mod download && go build -ldflags='-s -w' -o real-ip_app .
+
+FROM repo.me/external/alpine:latest
+
+RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.tuna.tsinghua.edu.cn/g' /etc/apk/repositories && apk add curl
+
+ENV TZ Asia/Shanghai
+
+WORKDIR /app
+
+COPY --from=builder /app/build/real-ip_app .
+
+CMD [ "/app/real-ip_app" ]
--- a/service/real-ip/main.go
+++ b/service/real-ip/main.go
@ -0,0 +1,36 @@
+package main
+
+import (
+	"flag"
+	"github.com/loveuer/nf"
+	"github.com/loveuer/nf/nft/log"
+	"time"
+)
+
+var (
+	address string
+)
+
+func init() {
+	flag.StringVar(&address, "address", ":80", "listen address")
+	flag.Parse()
+}
+
+func main() {
+	app := nf.New()
+
+	app.Get("/api/real-ip/available", func(c *nf.Ctx) error {
+		return c.JSON(nf.Map{"status": 200, "data": "available@" + time.Now().Format(time.RFC3339)})
+	})
+
+	app.Get("/api/real-ip/ip", func(c *nf.Ctx) error {
+		headers := c.Request.Header
+
+		return c.JSON(nf.Map{"status": 200, "data": nf.Map{
+			"ip":      c.IP(),
+			"headers": headers,
+		}})
+	})
+
+	log.Fatal(app.Run(address).Error())
+}
--- a/service/real-ip/readme.md
+++ b/service/real-ip/readme.md
@ -0,0 +1,13 @@
+# enable nginx-ingress-controller real-ip forward
+
+### edit nginx-ingress-controller configmap yaml as blow:
+
+```yaml
+apiVersion: v1
+data:
+  allow-snippet-annotations: 'true'
+  use-forwarded-headers: 'true'
+kind: ConfigMap
+metadata:
+  ...
+```