From 13f012ffde285f2fbf23faae98c19c0521f90522 Mon Sep 17 00:00:00 2001
From: Rajesh Rajendran <rjshrjndrn@gmail.com>
Date: Fri, 21 May 2021 01:17:21 +0530
Subject: [PATCH] chore(nginx): pass x-forward-for

Signed-off-by: Rajesh Rajendran <rjshrjndrn@gmail.com>
---
 .../nginx-ingress/templates/configmap.yaml             | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/scripts/helm/nginx-ingress/nginx-ingress/templates/configmap.yaml b/scripts/helm/nginx-ingress/nginx-ingress/templates/configmap.yaml
index 6520a7632..d02cc26b1 100644
--- a/scripts/helm/nginx-ingress/nginx-ingress/templates/configmap.yaml
+++ b/scripts/helm/nginx-ingress/nginx-ingress/templates/configmap.yaml
@@ -37,6 +37,9 @@ data:
       proxy_http_version 1.1;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "Upgrade";
+      proxy_set_header X-Forwarded-For $real_ip;
+      proxy_set_header X-Forwarded-Host $real_ip;
+      proxy_set_header X-Real-IP $real_ip;
       proxy_set_header Host $host;
       proxy_pass http://http-openreplay.app.svc.cluster.local;
     }
@@ -104,6 +107,13 @@ data:
     ;
 
   sites.conf: |-
+    # Need real ip address for flags in replay.
+    # Some LBs will forward real ips as x-forwarded-for
+    # So making that as priority
+    map $http_x_forwarded_for $real_ip {
+        ~^(\d+\.\d+\.\d+\.\d+) $1;
+        default $remote_addr;
+    }
     map $http_upgrade $connection_upgrade {
       default upgrade;
       '' close;