Access log - Default format is not consistent with documentation (missing "X-Forwarded-For" header)

[sylmarch]

Is this a request for help? : No, it's a bug report.

What keywords did you search in NGINX Ingress controller issues before filing this one? :

• access log format

---

Is this a BUG REPORT or FEATURE REQUEST? : BUG REPORT

NGINX Ingress controller version: 0.10.2

Kubernetes version :

Server Version: version.Info{Major:"1", Minor:"8+", GitVersion:"v1.8.3-rancher3", GitCommit:"772c4c54e1f4ae7fc6f63a8e1ecd9fe616268e16", GitTreeState:"clean", BuildDate:"2017-11-27T19:51:43Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}

Environment:

• Cloud provider or hardware configuration: bare metal
• OS (e.g. from /etc/os-release): CentOS 7
• Kernel (e.g. uname -a):
• Install tools: Rancher 1.6
• Others:

What happened:
Access log format is not consistent with the documentation.

According to the documentation (ingress-nginx/docs/user-guide/log-format.md), the information between the first brackets should be "[$proxy_add_x_forwarded_for]" but it is "[$the_real_ip]".

Thus, some information are lost when the Ingress Controller is behind another reverse proxy.

What you expected to happen:
According to the documentation (ingress-nginx/docs/user-guide/log-format.md), the information between the first brackets should be "[$proxy_add_x_forwarded_for]".

How to reproduce it:
Look at the generated nginx.conf file:

bash-4.4$ kubectl exec $(kubectl get po -n ingress-nginx | grep nginx-ingress-controller | awk '{print $1}') -n ingress-nginx -- cat /etc/nginx/nginx.conf | grep 'log_format upstreaminfo'
    log_format upstreaminfo '$the_real_ip - [$the_real_ip] - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status';

I expected that the returned line whould be:

    log_format upstreaminfo '$the_real_ip - [$proxy_add_x_forwarded_for] - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status';

Anything else we need to know:
I think the fix should be done in the file ingress-nginx/internal/ingress/controller/config/config.go, changing the line :

	logFormatUpstream = `%v - [$the_real_ip] - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status`

by

	logFormatUpstream = `%v - [$proxy_add_x_forwarded_for] - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status`

[sylmarch]

If the fix is applied, log-format-upstream entry in "Configuration options" table should be updated too on this page (ingress-nginx/docs/user-guide/configmap.md), i.e:

%v - [$the_real_ip] - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status

should be replaced by:

%v - [$proxy_add_x_forwarded_for] - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_length $request_time [$proxy_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status