Hello,
I have a private gitlab-ce instance installed in a private on premise kubernetes cluster. Everything is running great, but the gitlab workhorse (webservice) is not logging the real client ips (private IPs). Instead it logs the ingress-controller’s IP.
I have looked at the source and it seems that the xff module used, does not accept private IPs in the X-Forward-For header.
Anyone else running gitlab in private network, without internet access? Is it that way “by design” or I am missing some settings?
1 Like
Did you ever find a solution for this?
Not really. I gave up. At least it is a private instance, not exposed on the internet.
I just fixed it on my on-prem k8s cluster by setting the trusted_proxies option for the webservice chart to include the pod subnet of my cluster, with this option in the gitlab values.yaml:
gitlab:
gitlab:
webservice:
trusted_proxies: ["192.168.64.0/18"]
It’s a bit primitive to have to do this, a much nicer solution would be for the trusted proxy to add a secret token to a header and then trust the proxy when it passes the correct header.
Thanks, that fixed it for the gitlab interface. But the gitlab-workhorse still does not see the real remote_ip. I don’t see similar option for that container