[PR] feat: add configurable real_ip_header option for nginx [apisix-helm-chart]

Fri, 14 Nov 2025 02:04:11 -0800 


vichaos opened a new pull request, #904:
URL: https://github.com/apache/apisix-helm-chart/pull/904

   ## Add configurable `real_ip_header` option for nginx configuration
   
   ### Summary
   This PR makes the nginx `real_ip_header` directive configurable via 
`values.yaml`, allowing users to customize which header is used to extract the 
real client IP address.
   
   ### Changes
   - Added `apisix.nginx.realIpHeader` configuration option in `values.yaml` 
with a default value of `"X-Real-IP"`
   - Updated `configmap.yaml` template to use the configurable value instead of 
hardcoded `"X-Real-IP"`
   - Maintains backward compatibility with existing deployments (default 
remains `"X-Real-IP"`)
   
   ### Why This Change is Necessary
   
   Different deployment environments and proxy setups use different headers to 
pass the original client IP address:
   
   1. **Load Balancer Variations**: Different cloud providers and load 
balancers use different headers:
      - AWS ALB/ELB often uses `X-Forwarded-For`
      - Cloudflare uses `CF-Connecting-IP`
      - Google Cloud Load Balancer may use `X-Forwarded-For`
      - Some proxies use `X-Real-IP` (current default)
   
   2. **Multi-Layer Proxy Environments**: In complex deployments with multiple 
proxy layers (e.g., CDN → Load Balancer → Ingress → APISIX), the appropriate 
header may differ based on architecture.
   
   3. **Security and Rate Limiting**: Correctly identifying client IPs is 
crucial for:
      - Accurate rate limiting based on client IP
      - Security plugins that rely on IP-based access control
      - Logging and analytics
      - Compliance requirements
   
   4. **Flexibility**: Without this configuration option, users would need to 
either:
      - Fork the chart and modify it
      - Use post-deployment patches
      - Accept incorrect IP detection in their environment
   
   This change provides the flexibility needed for various deployment scenarios 
while maintaining sensible defaults.
   
   ### Usage Example
   
   ```yaml
   apisix:
     nginx:
       realIpHeader: "X-Forwarded-For"  # For AWS ALB/ELB environments
   ```
   
   Or via Helm CLI:
   ```bash
   helm install apisix . --set apisix.nginx.realIpHeader="CF-Connecting-IP"
   ```
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to