kubernetes · k8s-ci-robot · Sep 16, 2019 · Sep 12, 2019
diff --git a/docs/user-guide/nginx-configuration/configmap.md b/docs/user-guide/nginx-configuration/configmap.md
@@ -58,7 +58,7 @@ The following table shows a configuration option's name, type, and the default v
 |[keep-alive-requests](#keep-alive-requests)|int|100|
 |[large-client-header-buffers](#large-client-header-buffers)|string|"4 8k"|
 |[log-format-escape-json](#log-format-escape-json)|bool|"false"|
-|[log-format-upstream](#log-format-upstream)|string|`%v - [$the_real_ip] - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status $req_id`|
+|[log-format-upstream](#log-format-upstream)|string|`$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status $req_id`|
 |[log-format-stream](#log-format-stream)|string|`[$time_local] $protocol $status $bytes_sent $bytes_received $session_time`|
 |[enable-multi-accept](#enable-multi-accept)|bool|"true"|
 |[max-worker-connections](#max-worker-connections)|int|16384|

diff --git a/docs/user-guide/nginx-configuration/log-format.md b/docs/user-guide/nginx-configuration/log-format.md
@@ -4,8 +4,7 @@ The default configuration uses a custom logging format to add additional informa
 
 ```
 log_format upstreaminfo
-    '{{ if $cfg.useProxyProtocol }}$proxy_protocol_addr{{ else }}$remote_addr{{ end }} - '
-    '[$the_real_ip] - $remote_user [$time_local] "$request" '
+    '$remote_addr - $remote_user [$time_local] "$request" '
     '$status $body_bytes_sent "$http_referer" "$http_user_agent" '
     '$request_length $request_time [$proxy_upstream_name] [$proxy_alternative_upstream_name] $upstream_addr '
     '$upstream_response_length $upstream_response_time $upstream_status $req_id';
@@ -14,8 +13,7 @@ log_format upstreaminfo
 | Placeholder | Description |
 |-------------|-------------|
 | `$proxy_protocol_addr` | remote address if proxy protocol is enabled |
-| `$remote_addr` | remote address if proxy protocol is disabled (default) |
-| `$the_real_ip` | the source IP address of the client |
+| `$remote_addr` | the source IP address of the client |
 | `$remote_user` | user name supplied with the Basic authentication |
 | `$time_local` | local time in the Common Log Format |
 | `$request` | full original request line |

diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go
@@ -55,7 +55,7 @@ const (
 
 	brotliTypes = "application/xml+rss application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component"
 
-	logFormatUpstream = `%v - [$the_real_ip] - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] [$proxy_alternative_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status $req_id`
+	logFormatUpstream = `$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] [$proxy_alternative_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status $req_id`
 
 	logFormatStream = `[$time_local] $protocol $status $bytes_sent $bytes_received $session_time`
 
@@ -768,7 +768,7 @@ func NewDefault() Configuration {
 // is enabled.
 func (cfg Configuration) BuildLogFormatUpstream() string {
 	if cfg.LogFormatUpstream == logFormatUpstream {
-		return fmt.Sprintf(cfg.LogFormatUpstream, "$the_real_ip")
+		return fmt.Sprintf(cfg.LogFormatUpstream, "$remote_addr")
 	}
 
 	return cfg.LogFormatUpstream

diff --git a/internal/ingress/controller/config/config_test.go b/internal/ingress/controller/config/config_test.go
@@ -17,7 +17,6 @@ limitations under the License.
 package config
 
 import (
-	"fmt"
 	"testing"
 )
 
@@ -28,8 +27,6 @@ func TestBuildLogFormatUpstream(t *testing.T) {
 		curLogFormat     string
 		expected         string
 	}{
-		{true, logFormatUpstream, fmt.Sprintf(logFormatUpstream, "$the_real_ip")},
-		{false, logFormatUpstream, fmt.Sprintf(logFormatUpstream, "$the_real_ip")},
 		{true, "my-log-format", "my-log-format"},
 		{false, "john-log-format", "john-log-format"},
 	}

diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl
@@ -162,20 +162,20 @@ http {
     # https://github.com/leev/ngx_http_geoip2_module#example-usage
 
     geoip2 /etc/nginx/geoip/GeoLite2-City.mmdb {
-        $geoip2_city_country_code source=$the_real_ip country iso_code;
-        $geoip2_city_country_name source=$the_real_ip country names en;
-        $geoip2_city source=$the_real_ip city names en;
-        $geoip2_postal_code source=$the_real_ip postal code;
-        $geoip2_dma_code source=$the_real_ip location metro_code;
-        $geoip2_latitude source=$the_real_ip location latitude;
-        $geoip2_longitude source=$the_real_ip location longitude;
-        $geoip2_time_zone source=$the_real_ip location time_zone;
-        $geoip2_region_code source=$the_real_ip subdivisions 0 iso_code;
-        $geoip2_region_name source=$the_real_ip subdivisions 0 names en;
+        $geoip2_city_country_code source=$remote_addr country iso_code;
+        $geoip2_city_country_name source=$remote_addr country names en;
+        $geoip2_city source=$remote_addr city names en;
+        $geoip2_postal_code source=$remote_addr postal code;
+        $geoip2_dma_code source=$remote_addr location metro_code;
+        $geoip2_latitude source=$remote_addr location latitude;
+        $geoip2_longitude source=$remote_addr location longitude;
+        $geoip2_time_zone source=$remote_addr location time_zone;
+        $geoip2_region_code source=$remote_addr subdivisions 0 iso_code;
+        $geoip2_region_name source=$remote_addr subdivisions 0 names en;
     }
 
     geoip2 /etc/nginx/geoip/GeoLite2-ASN.mmdb {
-        $geoip2_asn source=$the_real_ip autonomous_system_number;
+        $geoip2_asn source=$remote_addr autonomous_system_number;
     }
     {{ end }}
 
@@ -306,17 +306,6 @@ http {
         {{ end }}
     }
 
-    # The following is a sneaky way to do "set $the_real_ip $remote_addr"
-    # Needed because using set is not allowed outside server blocks.
-    map '' $the_real_ip {
-    {{ if $cfg.UseProxyProtocol }}
-        # Get IP address from Proxy Protocol
-        default          $proxy_protocol_addr;
-    {{ else }}
-        default          $remote_addr;
-    {{ end }}
-    }
-
     # Reverse proxies can detect if a client provides a X-Request-ID header, and pass it on to the backend server.
     # If no such header is provided, it can provide a random value.
     map $http_x_request_id $req_id {
@@ -435,7 +424,7 @@ http {
 
     {{ range $rl := (filterRateLimits $servers ) }}
     # Ratelimit {{ $rl.Name }}
-    geo $the_real_ip $whitelist_{{ $rl.ID }} {
+    geo $remote_addr $whitelist_{{ $rl.ID }} {
         default 0;
         {{ range $ip := $rl.Whitelist }}
         {{ $ip }} 1;{{ end }}
@@ -904,11 +893,11 @@ stream {
             proxy_set_header            X-Original-URL          $scheme://$http_host$request_uri;
             proxy_set_header            X-Original-Method       $request_method;
             proxy_set_header            X-Sent-From             "nginx-ingress-controller";
-            proxy_set_header            X-Real-IP               $the_real_ip;
+            proxy_set_header            X-Real-IP               $remote_addr;
             {{ if and $all.Cfg.UseForwardedHeaders $all.Cfg.ComputeFullForwardedFor }}
             proxy_set_header            X-Forwarded-For        $full_x_forwarded_for;
             {{ else }}
-            proxy_set_header            X-Forwarded-For        $the_real_ip;
+            proxy_set_header            X-Forwarded-For        $remote_addr;
             {{ end }}
 
             {{ if $externalAuth.RequestRedirect }}
@@ -1196,11 +1185,11 @@ stream {
             {{ end }}
 
             {{ $proxySetHeader }} X-Request-ID           $req_id;
-            {{ $proxySetHeader }} X-Real-IP              $the_real_ip;
+            {{ $proxySetHeader }} X-Real-IP              $remote_addr;
             {{ if and $all.Cfg.UseForwardedHeaders $all.Cfg.ComputeFullForwardedFor }}
             {{ $proxySetHeader }} X-Forwarded-For        $full_x_forwarded_for;
             {{ else }}
-            {{ $proxySetHeader }} X-Forwarded-For        $the_real_ip;
+            {{ $proxySetHeader }} X-Forwarded-For        $remote_addr;
             {{ end }}
             {{ $proxySetHeader }} X-Forwarded-Host       $best_http_host;
             {{ $proxySetHeader }} X-Forwarded-Port       $pass_port;

diff --git a/test/data/config.json b/test/data/config.json
@@ -46,7 +46,7 @@
 		"useHttp2": true,
 		"proxyStreamTimeout": "600s",
 		"workerProcesses": 1,
-		"limitConnZoneVariable": "$the_real_ip"
+		"limitConnZoneVariable": "$remote_addr"
 	},
 	"customErrors": true,
 	"defResolver": "",