DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Improve NGINX template security

Browse source
This commit is contained in:
Ricardo Pchevuzinske Katz 2017-08-22 17:21:37 -03:00
parent ed3803cf58
commit 855be47ba8
No known key found for this signature in database
GPG key ID: 4B9D13C9A87CD165
1 changed files with 14 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
View file

@ -134,6 +134,7 @@ http {
'' close;
}
{{ if $cfg.UseProxyProtocol }}
# trust http_x_forwarded_proto headers correctly indicate ssl offloading
map $http_x_forwarded_proto $pass_access_scheme {
default $http_x_forwarded_proto;
@ -145,16 +146,24 @@ http {
'' $server_port;
}
{{ if $cfg.UseProxyProtocol }}
map $http_x_forwarded_for $the_real_ip {
default $http_x_forwarded_for;
'' $proxy_protocol_addr;
}
{{ else }}
map $http_x_forwarded_for $the_real_ip {
default $http_x_forwarded_for;
'' $realip_remote_addr;
map $http_x_forwarded_proto $pass_access_scheme {
default $scheme;
}
map $http_x_forwarded_port $pass_server_port {
default $server_port;
}
map $http_x_forwarded_for $the_real_ip {
default $remote_addr;
}
{{ end }}
{{ if $all.IsSSLPassthroughEnabled }}
@ -259,7 +268,7 @@ http {
{{ end }}
upstream {{ $upstream.Name }} {
# Load balance algorithm; empty for round robin, which is the default
{{/* Load balance algorithm; empty for round robin, which is the default */}}
{{ if ne $cfg.LoadBalanceAlgorithm "round_robin" }}
{{ $cfg.LoadBalanceAlgorithm }};
{{ end }}