more aggresive ip check

2025-06-05 22:33:16 -04:00 · 2025-06-05 22:33:16 -04:00 · 2fd2d68a9e
commit 2fd2d68a9e
parent d4b9b2eb50
2 changed files with 34 additions and 12 deletions
--- a/k8s-ingress.yaml
+++ b/k8s-ingress.yaml
@ -6,10 +6,14 @@ metadata:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-    nginx.ingress.kubernetes.io/use-real-ip: "true"
-    nginx.ingress.kubernetes.io/real-ip-header: "X-Forwarded-For"
-    nginx.ingress.kubernetes.io/forwarded-for-header: "X-Forwarded-For"
-    nginx.ingress.kubernetes.io/proxy-real-ip-cidr: "0.0.0.0/0"
+    # Aggressive real IP configuration
+    nginx.ingress.kubernetes.io/configuration-snippet: |
+      more_set_headers "X-Real-IP $remote_addr";
+      more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for";
+    nginx.ingress.kubernetes.io/server-snippet: |
+      set_real_ip_from 0.0.0.0/0;
+      real_ip_header X-Forwarded-For;
+      real_ip_recursive on;
  labels:
    app: proxy-detection-api
 spec: