Fix health checks not working behind load balancers (!26055) · Merge requests · GitLab.org / GitLab FOSS

Stan Hu requested to merge sh-revert-rack-request-health-checks into master Mar 12, 2019

The change in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/24199 caused requests coming from a load balancer to arrive as 127.0.0.1 instead of the actual IP.

Rack::Request#ip behaves slightly differently different than ActionDispatch::Request#remote_ip: the former will return the first X-Forwarded-For IP if all of the IPs are trusted proxies, while the second one filters out all proxies and falls back to REMOTE_ADDR, which is 127.0.0.1.

For now, we can revert back to using Rack::Request because these middlewares don't manipulate parameters. The actual fix problem involves fixing Rails: https://github.com/rails/rails/issues/28436.

In the future, we might consider using the HTTP_X_REAL_IP header as Sentry does: https://github.com/getsentry/raven-ruby/pull/546/files

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/58573

Edited Mar 12, 2019 by Stan Hu

Fix health checks not working behind load balancers

Merge request reports