Allow custom forwarded for header
This commit is contained in:
Manuel de Brito Fontes
parent
6146bc4dc2
commit
c24e212aac
3 changed files with 21 additions and 7 deletions
|
|
@ -352,6 +352,10 @@ type Configuration struct {
|
||||||
|
|
||||||
// Sets the ipv6 addresses on which the server will accept requests.
|
// Sets the ipv6 addresses on which the server will accept requests.
|
||||||
BindAddressIpv6 []string `json:"bind-address-ipv6,omitempty"`
|
BindAddressIpv6 []string `json:"bind-address-ipv6,omitempty"`
|
||||||
|
|
||||||
|
// Sets the header field for identifying the originating IP address of a client
|
||||||
|
// Default is X-Forwarded-For
|
||||||
|
ForwardedForHeader string `json:"forwarded-for-header,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewDefault returns the default nginx configuration
|
// NewDefault returns the default nginx configuration
|
||||||
|
|
@ -370,6 +374,7 @@ func NewDefault() Configuration {
|
||||||
EnableDynamicTLSRecords: true,
|
EnableDynamicTLSRecords: true,
|
||||||
EnableUnderscoresInHeaders: false,
|
EnableUnderscoresInHeaders: false,
|
||||||
ErrorLogLevel: errorLevel,
|
ErrorLogLevel: errorLevel,
|
||||||
|
ForwardedForHeader: "X-Forwarded-For",
|
||||||
HTTP2MaxFieldSize: "4k",
|
HTTP2MaxFieldSize: "4k",
|
||||||
HTTP2MaxHeaderSize: "16k",
|
HTTP2MaxHeaderSize: "16k",
|
||||||
HSTS: true,
|
HSTS: true,
|
||||||
|
|
|
||||||
|
|
@ -157,6 +157,7 @@ var (
|
||||||
},
|
},
|
||||||
"buildAuthSignURL": buildAuthSignURL,
|
"buildAuthSignURL": buildAuthSignURL,
|
||||||
"isValidClientBodyBufferSize": isValidClientBodyBufferSize,
|
"isValidClientBodyBufferSize": isValidClientBodyBufferSize,
|
||||||
|
"buildForwardedFor": buildForwardedFor,
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -640,3 +641,14 @@ func getIngressInformation(i, p interface{}) *ingressInformation {
|
||||||
|
|
||||||
return info
|
return info
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func buildForwardedFor(input interface{}) string {
|
||||||
|
s, ok := input.(string)
|
||||||
|
if !ok {
|
||||||
|
glog.Errorf("expected an string type but %T was returned", input)
|
||||||
|
}
|
||||||
|
|
||||||
|
ffh := strings.Replace(s, "-", "_", -1)
|
||||||
|
ffh = strings.ToLower(ffh)
|
||||||
|
return fmt.Sprintf("$http_%v", ffh)
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -29,7 +29,7 @@ http {
|
||||||
{{ if $cfg.UseProxyProtocol }}
|
{{ if $cfg.UseProxyProtocol }}
|
||||||
real_ip_header proxy_protocol;
|
real_ip_header proxy_protocol;
|
||||||
{{ else }}
|
{{ else }}
|
||||||
real_ip_header X-Forwarded-For;
|
real_ip_header {{ $cfg.ForwardedForHeader }};
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
||||||
real_ip_recursive on;
|
real_ip_recursive on;
|
||||||
|
|
@ -154,17 +154,14 @@ http {
|
||||||
'' $server_port;
|
'' $server_port;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
map {{ buildForwardedFor $cfg.ForwardedForHeader }} $the_real_ip {
|
||||||
|
default {{ buildForwardedFor $cfg.ForwardedForHeader }};
|
||||||
{{ if $cfg.UseProxyProtocol }}
|
{{ if $cfg.UseProxyProtocol }}
|
||||||
map $http_x_forwarded_for $the_real_ip {
|
|
||||||
default $http_x_forwarded_for;
|
|
||||||
'' $proxy_protocol_addr;
|
'' $proxy_protocol_addr;
|
||||||
}
|
|
||||||
{{ else }}
|
{{ else }}
|
||||||
map $http_x_forwarded_for $the_real_ip {
|
|
||||||
default $http_x_forwarded_for;
|
|
||||||
'' $realip_remote_addr;
|
'' $realip_remote_addr;
|
||||||
}
|
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
}
|
||||||
|
|
||||||
{{ if $all.IsSSLPassthroughEnabled }}
|
{{ if $all.IsSSLPassthroughEnabled }}
|
||||||
# map port {{ $all.ListenPorts.SSLProxy }} to 443 for header X-Forwarded-Port
|
# map port {{ $all.ListenPorts.SSLProxy }} to 443 for header X-Forwarded-Port
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue