helmchart/wordpress
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

feat: Add configurable real IP forwarding for bare-metal clusters
All checks were successful
Helm Chart Release / release-chart (push) Successful in 12s
Details
Update Docker Images and Helm Chart / update (push) Successful in 22s
Details

Browse Source 
Implement a new nginx.forwardRealIP configuration flag to enable/disable
real client IP extraction from X-Forwarded-For headers on bare-metal clusters.

Changes:
- Added nginx.forwardRealIP.enabled flag (default: false) to values.yaml
- Added nginx.forwardRealIP.trustedProxies list for flexible proxy IP ranges
- Updated Nginx configmap to conditionally apply real IP extraction settings
- Updated FastCGI parameters to use real IP when enabled, direct connection IP otherwise
- Updated WordPress wp-config.php to conditionally extract real IPs from headers

Configuration:
- When enabled: Extracts real client IP from X-Forwarded-For header
- When disabled: Uses direct connection IP (default Nginx behavior)
- Supports custom proxy IP ranges for CloudFlare, AWS ALB, etc.

This allows Helmchart to work seamlessly on both:
1. Bare-metal clusters with iptables load balancing
2. Cloud-managed clusters with proper IP forwarding

Version bumped to 6.9.0-a (WordPress version with implementation suffix)

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit is contained in:
Claude
2026-02-10 14:10:14 +09:00
parent 2f4a6092e8
commit 31935a5c68
4 changed files with 39 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
values.yaml
View File

@@ -45,26 +45,20 @@ wordpress:
# google.com, pub-0000000000000000, DIRECT, f08c47fec0942fa0
nginx:
extraConfig: |
# リアルIP取得設定
real_ip_header X-Forwarded-For;
real_ip_recursive on;
# Kubernetesクラスタ内のIPレンジを信頼
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
# CloudflareやAWS ALB等を使っている場合は追加
# set_real_ip_from 173.245.48.0/20;
# set_real_ip_from 103.21.244.0/22;
# ... (Cloudflareの他のIPレンジ)
# ベアメタルクラスター等でリアルIPを取得する設定
# ローカルIPベアメタル等から訪問者のリアルIP取得する場合に有効にします
forwardRealIP:
enabled: false
# 信頼できるプロキシのIPレンジを追加してください
trustedProxies:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
# CloudflareやAWS ALB等を使っている場合は以下のIPレンジも追加してください
# - 173.245.48.0/20
# - 103.21.244.0/22
# FastCGIパラメータにリアルIPを渡す
fastcgiParams:
REMOTE_ADDR: $remote_addr
HTTP_X_REAL_IP: $realip_remote_addr
HTTP_X_FORWARDED_FOR: $proxy_add_x_forwarded_for
extraConfig: |
# Service設定
service: