Allow custom forwarded for header
This commit is contained in:
Manuel de Brito Fontes
parent
6146bc4dc2
commit
c24e212aac
3 changed files with 21 additions and 7 deletions
|
|
@ -352,6 +352,10 @@ type Configuration struct {
|
|||
|
||||
// Sets the ipv6 addresses on which the server will accept requests.
|
||||
BindAddressIpv6 []string `json:"bind-address-ipv6,omitempty"`
|
||||
|
||||
// Sets the header field for identifying the originating IP address of a client
|
||||
// Default is X-Forwarded-For
|
||||
ForwardedForHeader string `json:"forwarded-for-header,omitempty"`
|
||||
}
|
||||
|
||||
// NewDefault returns the default nginx configuration
|
||||
|
|
@ -370,6 +374,7 @@ func NewDefault() Configuration {
|
|||
EnableDynamicTLSRecords: true,
|
||||
EnableUnderscoresInHeaders: false,
|
||||
ErrorLogLevel: errorLevel,
|
||||
ForwardedForHeader: "X-Forwarded-For",
|
||||
HTTP2MaxFieldSize: "4k",
|
||||
HTTP2MaxHeaderSize: "16k",
|
||||
HSTS: true,
|
||||
|
|
|
|||
|
|
@ -157,6 +157,7 @@ var (
|
|||
},
|
||||
"buildAuthSignURL": buildAuthSignURL,
|
||||
"isValidClientBodyBufferSize": isValidClientBodyBufferSize,
|
||||
"buildForwardedFor": buildForwardedFor,
|
||||
}
|
||||
)
|
||||
|
||||
|
|
@ -640,3 +641,14 @@ func getIngressInformation(i, p interface{}) *ingressInformation {
|
|||
|
||||
return info
|
||||
}
|
||||
|
||||
func buildForwardedFor(input interface{}) string {
|
||||
s, ok := input.(string)
|
||||
if !ok {
|
||||
glog.Errorf("expected an string type but %T was returned", input)
|
||||
}
|
||||
|
||||
ffh := strings.Replace(s, "-", "_", -1)
|
||||
ffh = strings.ToLower(ffh)
|
||||
return fmt.Sprintf("$http_%v", ffh)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ http {
|
|||
{{ if $cfg.UseProxyProtocol }}
|
||||
real_ip_header proxy_protocol;
|
||||
{{ else }}
|
||||
real_ip_header X-Forwarded-For;
|
||||
real_ip_header {{ $cfg.ForwardedForHeader }};
|
||||
{{ end }}
|
||||
|
||||
real_ip_recursive on;
|
||||
|
|
@ -154,17 +154,14 @@ http {
|
|||
'' $server_port;
|
||||
}
|
||||
|
||||
map {{ buildForwardedFor $cfg.ForwardedForHeader }} $the_real_ip {
|
||||
default {{ buildForwardedFor $cfg.ForwardedForHeader }};
|
||||
{{ if $cfg.UseProxyProtocol }}
|
||||
map $http_x_forwarded_for $the_real_ip {
|
||||
default $http_x_forwarded_for;
|
||||
'' $proxy_protocol_addr;
|
||||
}
|
||||
{{ else }}
|
||||
map $http_x_forwarded_for $the_real_ip {
|
||||
default $http_x_forwarded_for;
|
||||
'' $realip_remote_addr;
|
||||
}
|
||||
{{ end }}
|
||||
}
|
||||
|
||||
{{ if $all.IsSSLPassthroughEnabled }}
|
||||
# map port {{ $all.ListenPorts.SSLProxy }} to 443 for header X-Forwarded-Port
|
||||
|
|
|
|||
Loading…
Reference in a new issue