[FEAT] getting real client IP

[venkatamutyala]

I'm using chisel operator with ingress nginx it looks like by default I can only see the IP of the chisel pods. Is there a way to get the client IP? I'd like to leverage it to do some advance operations based on IP within my nginx setup.

[linear]

FYRA-126 [FEAT] getting real client IP

[korewaChino]

I don't think so, unless Chisel has an option to pass a HTTP header when it detects HTTP traffic.

Chisel is a first and foremost TCP and UDP tunnel, so I don't think this is the case. The chisel operator also treats the tunnel like any normal TCP traffic by specifically setting ip:port/tcp in the args, so it does not process any headers.

[korewaChino]

I found an issue related here jpillora/chisel#266

[venkatamutyala]

Thanks Cappy. I had a few minutes to do some more research, and it appears if Chisel supported the PROXY Protocol (v2?), it would send over the data needed for my ingress (e.g., nginx) to detect the IP. I opened up a ticket here: jpillora/chisel#540

ref:
https://inlets.dev/blog/2022/09/02/real-client-ips-with-proxy-protocol.html
https://aws.amazon.com/blogs/networking-and-content-delivery/preserving-client-ip-address-with-proxy-protocol-v2-and-network-load-balancer/

[korewaChino]

Will this require any changes to the operator?

[venkatamutyala]

I think at this time it makes sense to close this out until the support exists upstream.