Kubernetes, Cloudflare and Matomo

Featured image

I use Matomo to track who visits this blog and my website1. This was running on my old VPS and transferred over to my Kubernetes setup.

In the process of doing that I enabled Cloudflare caching for my analytics host name. Evidently I didn’t have this enabled before because as soon as I did all the visits to the site2 were reporting Cloudflare IP addresses instead of the user’s real IP.

I managed to find the Matomo docs for how to configure which header to use for tracking a user’s real IP and which headers Cloudflare sends through. However, I didn’t feel like modifying php.ini files (call it PTSD) and from the Cloudflare docs they should be sending through the X-Forwarded-For header anyway.

I was going to start dumping headers from my nginx ingress controller when I discovered that by default, X-Forwarded-* headers are not passed through by the ingress controller.

Enabling the use-forwarded-headers option in the nginx configMap fixed the issue.

apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-configuration
  namespace: ingress
  labels:
    app: ingress-nginx
data:
  enable-underscores-in-headers: 'true'
  ignore-invalid-headers: 'false'
  use-forwarded-headers: 'true'

I’m still loving how a quick kubectl apply can push changes into production so quickly—using a properly configured CD pipeline of course.


  1. Spoiler alert, no one’s visiting those sites other than Apple reviewers checking my privacy policy. ↩︎

  2. Me. ↩︎