Add docs for rewrite client IP settings #2701
Conversation
github-actions
bot
added
the
documentation
salonichf5
force-pushed
the
docs/rewrite-client-ip-settings
branch
from
4415cc8 to
d119f84
Compare
✅ Deploy Preview will be available once build job completes!
|
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #2701 +/- ##
=======================================
Coverage 89.38% 89.38%
=======================================
Files 110 110
Lines 10913 10913
Branches 50 50
=======================================
Hits 9755 9755
Misses 1100 1100
Partials 58 58 ☔ View full report in Codecov by Sentry. |
salonichf5
force-pushed
the
docs/rewrite-client-ip-settings
branch
from
d119f84 to
5aa6353
Compare
Co-authored-by: Alan Dooley <[email protected]>
Co-authored-by: Alan Dooley <[email protected]>
Co-authored-by: Alan Dooley <[email protected]>
Co-authored-by: Saylor Berman <[email protected]>
Co-authored-by: bjee19 <[email protected]>
salonichf5
force-pushed
the
docs/rewrite-client-ip-settings
branch
from
f3a223e to
8c4a0ba
Compare
|
|
||
| ## Configure PROXY protocol and RewriteClientIP settings | ||
|
|
||
| When the request is passed through multiple proxies or load balancers, the client IP is set to the IP address of the server that last handled the request. To preserve the original client IP address, you can configure `RewriteClientIP` settings in the `NginxProxy` resource. `RewriteClientIP` has the fields: _mode_, _trustedAddresses_ and _setIPRecursively_. |
There was a problem hiding this comment.
"When a request" not "When the request"
| spec: | ||
| config: | ||
| rewriteClientIP: | ||
| mode: XForwardedFor |
There was a problem hiding this comment.
Part of me wonders if it makes more sense to use ProxyProtocol as the example, since that was the main use case we were targeting with this feature.
There was a problem hiding this comment.
I am a little confused about that as well. I wanted to mention setIPrecursively field since it only applies to XForwardedFor
But at this point, its causing a lot of confusion so I can include both.
There was a problem hiding this comment.
I don't think we need to provide every field in our example. Nor do we need to provide examples of both modes. Our API covers all cases, I think we just provide a basic example of the most common use case.
| trustedAddresses: | ||
| - type: CIDR | ||
| value: ":1/28" | ||
| - type: IPAddress | ||
| value: "192.68.74.28" | ||
| - type: Hostname | ||
| value: "cafe.com" |
There was a problem hiding this comment.
On second thought, I'm not sure we need to specify all three examples here. One should be enough to get the point across. A realistic CIDR would be fine.
There was a problem hiding this comment.
Just added this for user convenience to not go refer the spec and figure out types. I think we can have all fields for one example and simply it for our second example of ProxyProtocol
There was a problem hiding this comment.
See my comment above, this resource should ideally be something that a user could probably just plug in and use, maybe just altering the single CIDR value for their case. They shouldn't have to go in and delete every field they aren't using.
There was a problem hiding this comment.
I guess the way we are thinking about this is a little different. I agree to your point too for it to be a plugin, but there would still be some editing needed to change the field value. I don't know how much of an effort difference would it be edit a field and delete two. I mentioned all types just so we could bring out most of the information in one page for the user without having to check out the spec.
But maybe that's not the right way to think about this and I'll change it to one example.
There was a problem hiding this comment.
I get where you're coming from. We just have a pattern of our examples being realistic and not just a showcase of all of the options. And our API reference is there to specifically showcase all the options.
| EOF | ||
| ``` | ||
|
|
||
| For more information, see the `NginxProxy spec` in the [API reference]({{< relref "reference/api.md" >}}). |
There was a problem hiding this comment.
Instead of "For more information", I'd say "For the full configuration API".
|
|
||
| For more information, see the `NginxProxy spec` in the [API reference]({{< relref "reference/api.md" >}}). | ||
|
|
||
| {{< note >}} When sending curl requests to a server expecting proxy information, use the flag `--harproxy-protocol` to avoid broken header errors. {{< /note >}} |
There was a problem hiding this comment.
--haproxy-protocol is misspelled
Proposed changes
Write a clear and concise description that helps reviewers understand the purpose and impact of your changes. Use the
following format:
Problem: User needs documentation explaining how to configure rewrite client IP settings.
Solution: Adds documentation on how to configure rewrite client IP settings
Testing: Manual testing using
make watchdocs.Please focus on (optional): If you any specific areas where you would like reviewers to focus their attention or provide
specific feedback, add them here.
Closes #2517
Checklist
Before creating a PR, run through this checklist and mark each as complete.
Release notes
If this PR introduces a change that affects users and needs to be mentioned in the release notes,
please add a brief note that summarizes the change.