Thanks very much, @riking! Yes, it’s the load balancer that seems to be my issue. I think ingress is OK (and now I have some idea that there is a difference). I switched to the setup that you show and am getting the same results as I was with a somewhat more complicated configuration. I guess one next step would be to figure out tcpdump and see what’s in those headers. . .
EDIT: It looks like it should work. Here’s what I see:
GET /thisisatest HTTP/1.1
User-Agent: Wget/1.19.4 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: community.example.com
X-Cloud-Trace-Context: 72c9f7219e6b541cad01153c52fb92c5/13509441707361831434
Via: 1.1 google
X-Forwarded-For: MY-IP-ADDRESS, INGRESS-IP
X-Forwarded-Proto: http
Connection: Keep-Alive
I have a set_real_ip_from with the ingress IP (and IP numbers are getting logged properly).