feat: Add Real IP forwarding feature for bare-metal clusters

ベアメタルKubernetesクラスターやLoadBalancer環境において、 PHP側で訪問者の実IPアドレスを取得できる機能を追加。 Changes: - Add nginx.forwardRealIP configuration in values.yaml - Implement real_ip_header and set_real_ip_from in Nginx config - Pass real IP info to PHP-FPM via fastcgi_param - Add usage example and documentation in README.md - Create test-real-ip.php for verification - Update chart version to 8.5.2-a Features: - Compatible with existing customConfig.snippet - Configurable trusted proxy networks - Supports multi-tier proxy with recursive option - Default disabled for backward compatibility Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-10 09:21:55 +09:00
parent 59a21fca9b
commit 02696fc55e
6 changed files with 434 additions and 3 deletions
--- a/templates/configmap.yaml
+++ b/templates/configmap.yaml
@@ -29,6 +29,25 @@ data:
        sendfile        on;
        keepalive_timeout  65;

+        {{- if .Values.nginx.forwardRealIP.enabled }}
+        # ========================================
+        # Real IP forwarding configuration
+        # ========================================
+        # クライアントの実IPアドレスを取得する設定
+        real_ip_header {{ .Values.nginx.forwardRealIP.header }};
+        {{- if .Values.nginx.forwardRealIP.recursive }}
+        real_ip_recursive on;
+        {{- end }}
+
+        # 信頼するプロキシのネットワーク範囲
+        {{- range .Values.nginx.forwardRealIP.trustedProxies }}
+        set_real_ip_from {{ . }};
+        {{- end }}
+        {{- range .Values.nginx.forwardRealIP.additionalTrustedProxies }}
+        set_real_ip_from {{ . }};
+        {{- end }}
+        {{- end }}
+
        server {
            listen       80;
            server_name  localhost;
@@ -45,6 +64,12 @@ data:
                fastcgi_pass   127.0.0.1:9000;
                fastcgi_index  index.php;
                fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+                {{- if .Values.nginx.forwardRealIP.enabled }}
+                # リアルIP情報をPHP-FPMに渡す
+                fastcgi_param  REMOTE_ADDR        $remote_addr;
+                fastcgi_param  HTTP_X_REAL_IP     $remote_addr;
+                fastcgi_param  HTTP_X_FORWARDED_FOR $proxy_add_x_forwarded_for;
+                {{- end }}
            }

            error_page   500 502 503 504  /50x.html;