How can I configure NGINX ingress controller to work with Cloudflare and Digital Ocean Load Balancer?
The problem you are facing is here:
proxy-real-ip-cidr: "173.245.48.0/20,173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22,2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32"
However, the traffic being seen is coming from your DO LB instead 10.x.x.x
. This is causing it to be ignored for this rule.
I did the following to get it functional:
apiVersion: v1data: enable-real-ip: "true" server-snippet: | real_ip_header CF-Connecting-IP;kind: ConfigMapmetadata:[...]
Security Notice: This will apply to all traffic even if it didn't originate from Cloudflare itself. As such, someone could spoof the headers on the request to impersonate another IP address.