Nginx反代实现IP访问

1 替换 proxy_set_header
2 如要固定到果个节点需要配置 nodeName

---
---
apiVersion: v1
data:
  default.conf: |-
    upstream ingress {
        server ingress-nginx-controller.ingress-nginx;
    }
    map $http_upgrade $connection_upgrade {
      default upgrade;
      '' close;
    }

    server_tokens off;
    real_ip_header      X-Forwarded-For;
    real_ip_recursive   on;
    set_real_ip_from    0.0.0.0/0;

    # disable any limits to avoid HTTP 413 for large image uploads
    client_max_body_size 0;

    server {
        listen       81;
        listen  [::]:81;
        server_name  localhost;

        #access_log  /var/log/nginx/host.access.log  main;

        location / {
           proxy_pass http://ingress;

           #Proxy Settings
           #proxy_set_header Host <替换为代理的网址，如：abc.flyrise.cn>;
           proxy_set_header Host internal.lingyun.local;
           #proxy_redirect <替换为代理的网址，如：http://abc.flyrise.cn> <http://ip:port>;
           proxy_redirect off;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
           proxy_max_temp_file_size 0;
           proxy_connect_timeout 90;
           proxy_send_timeout 90;
           proxy_read_timeout 90;
           proxy_buffer_size 4k;
           proxy_buffers 4 32k;
           proxy_busy_buffers_size 64k;
           proxy_temp_file_write_size 64k;

           #support websocket
           proxy_http_version 1.1;
           proxy_set_header Upgrade $http_upgrade;
           proxy_set_header Connection "upgrade";
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }
    }
kind: ConfigMap
metadata:
  name: nginx-conf
  namespace: pai-cloud

---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    k8s.kuboard.cn/layer: gateway
    k8s.kuboard.cn/name: nginx-proxy
  name: nginx-proxy
  namespace: pai-cloud
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s.kuboard.cn/name: nginx-proxy
  template:
    metadata:
      labels:
        k8s.kuboard.cn/name: nginx-proxy
    spec:
      containers:
        - image: 'dev.flyrise.cn:8082/library/nginx:alpine'
          imagePullPolicy: IfNotPresent
          name: nginx-proxy
          volumeMounts:
            - mountPath: /etc/nginx/conf.d/default.conf
              name: volume-conf
              subPath: default.conf
            - mountPath: /etc/localtime
              name: host-time
              readOnly: true
      restartPolicy: Always
      dnsPolicy: ClusterFirstWithHostNet
      hostNetwork: true
      volumes:
        - configMap:
            defaultMode: 420
            name: nginx-conf
          name: volume-conf
        - hostPath:
            path: /etc/localtime
            type: ''
          name: host-time

3 注意事项：

• 解决server ingress-nginx-controller.ingress-nginx解析失败，需要要把dnsPolicy 改为 ClusterFirstWithHostNet

• 不同命名空间中的路由名称不要一样，尤其是pai-gateway 否则可能会出现域名及IP乱串问题