From 46df60dd533b3d35f840395d28db6f3a5a26d10b Mon Sep 17 00:00:00 2001
From: Bojan Kucera <boki@stare.gg>
Date: Thu, 5 Jun 2025 22:36:35 -0400
Subject: [PATCH] more ingress

---
 k8s-ingress.yaml | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/k8s-ingress.yaml b/k8s-ingress.yaml
index 7e428e5..03587f7 100644
--- a/k8s-ingress.yaml
+++ b/k8s-ingress.yaml
@@ -1,3 +1,13 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: custom-headers
+  namespace: ingress-nginx
+data:
+  X-Real-IP: '$remote_addr'
+  X-Forwarded-For: '$proxy_add_x_forwarded_for'
+  X-Forwarded-Proto: '$scheme'
+---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
@@ -7,13 +17,10 @@ metadata:
     nginx.ingress.kubernetes.io/ssl-redirect: "true"
     nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
     # Aggressive real IP configuration
-    nginx.ingress.kubernetes.io/configuration-snippet: |
-      more_set_headers "X-Real-IP $remote_addr";
-      more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for";
-    nginx.ingress.kubernetes.io/server-snippet: |
-      set_real_ip_from 0.0.0.0/0;
-      real_ip_header X-Forwarded-For;
-      real_ip_recursive on;
+    # Use allowed annotations instead of snippets
+    nginx.ingress.kubernetes.io/proxy-set-headers: "ingress-nginx/custom-headers"
+    nginx.ingress.kubernetes.io/enable-real-ip: "true"
+    nginx.ingress.kubernetes.io/real-ip-header: "X-Forwarded-For"
   labels:
     app: proxy-detection-api
 spec:
@@ -32,4 +39,4 @@ spec:
           service:
             name: proxy-detection-service
             port:
-              number: 80
+              number: 80
\ No newline at end of file