Description of problem: The HTTP_X_FORWARDED_FOR is not the client IP for ELB env Version-Release number of selected component (if applicable): openshift v3.5.5.24 kubernetes v1.5.2+43a9be4 How reproducible: Always Steps to Reproduce: 1. Create project 2. Create dc/svc/route # oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/header-test/dc.json # oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/header-test/insecure-service.json # oc expose service header-test-insecure 3. Access the route Actual results: 3. # curl http://header-test-insecure-3gzw6.34bf.online-int.openshiftapps.com % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0<pre> host: header-test-insecure-3gzw6.34bf.online-int.openshiftapps.com user-agent: curl/7.43.0 accept: */* x-forwarded-host: header-test-insecure-3gzw6.34bf.online-int.openshiftapps.com x-forwarded-port: 80 x-forwarded-proto: http forwarded: for=172.31.54.149;host=header-test-insecure-3gzw6.34bf.online-int.openshiftapps.com;proto=http x-forwarded-for: 172.31.54.149 </pre> Expected results: The HTTP_X_FORWARDED_FOR should be the client IP for ELB env Additional info: Check the online-int haproxy config file, found ROUTER_USE_PROXY_PROTOCOL is not enabled.
As noted the ROUTER_USE_PROXY_PROTOCOL was missing in the router DC. After adding that and making sure the AWS ELB already has it set, created a project in the cluster with the aosqe/http-header-test image and got the correct x-forwarded-for ip back: host: http-header-test-ihorvathtest.34bf.online-int.openshiftapps.com upgrade-insecure-requests: 1 user-agent: Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 accept-encoding: gzip, deflate, sdch accept-language: en-US,en;q=0.8 x-forwarded-host: http-header-test-ihorvathtest.34bf.online-int.openshiftapps.com x-forwarded-port: 80 x-forwarded-proto: http forwarded: for=66.187.233.202;host=http-header-test-ihorvathtest.34bf.online-int.openshiftapps.com;proto=http x-forwarded-for: 66.187.233.202
Retest on online-int env openshift v3.5.5.27 kubernetes v1.5.2+43a9be4 Bug have been fixed. host: myroute-hg7zu.34bf.online-int.openshiftapps.com user-agent: curl/7.43.0 accept: */* x-forwarded-host: myroute-hg7zu.34bf.online-int.openshiftapps.com x-forwarded-port: 443 x-forwarded-proto: https forwarded: for=54.173.1.35;host=myroute-hg7zu.34bf.online-int.openshiftapps.com;proto=https x-forwarded-for: 54.173.1.35 </pre>