DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compute a real X-Forwarded-For

Browse source
This commit is contained in:
Max Laverse 2017-10-06 14:52:26 +02:00
parent 1f269d4e4d
commit cea3c7eb1b
1 changed files with 10 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -195,6 +195,13 @@ http {
'' $host; '' $host;
} }
# We can't use $proxy_add_x_forwarded_for because the realip module
# replaces the remote_addr to soon
map $http_x_forwarded_for $the_real_x_forwarded_for {
default "$http_x_forwarded_for, $realip_remote_addr";
'' "$realip_remote_addr";
}
server_name_in_redirect off; server_name_in_redirect off;
port_in_redirect off; port_in_redirect off;
@ -592,7 +599,7 @@ stream {
ssl_certificate {{ $server.SSLCertificate }}; ssl_certificate {{ $server.SSLCertificate }};
ssl_certificate_key {{ $server.SSLCertificate }}; ssl_certificate_key {{ $server.SSLCertificate }};
{{ if not (empty $server.SSLFullChainCertificate)}} {{ if not (empty $server.SSLFullChainCertificate)}}
ssl_trusted_certificate {{ $server.SSLFullChainCertificate }}; ssl_trusted_certificate {{ $server.SSLFullChainCertificate }};
ssl_stapling on; ssl_stapling on;
ssl_stapling_verify on; ssl_stapling_verify on;
{{ end }} {{ end }}
@ -616,7 +623,7 @@ stream {
{{ if not (empty $server.ServerSnippet) }} {{ if not (empty $server.ServerSnippet) }}
{{ $server.ServerSnippet }} {{ $server.ServerSnippet }}
{{ end }} {{ end }}
{{ range $location := $server.Locations }} {{ range $location := $server.Locations }}
{{ $path := buildLocation $location }} {{ $path := buildLocation $location }}
{{ $authPath := buildAuthLocation $location }} {{ $authPath := buildAuthLocation $location }}
@ -749,7 +756,7 @@ stream {
proxy_set_header Connection $connection_upgrade; proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Real-IP $the_real_ip; proxy_set_header X-Real-IP $the_real_ip;
proxy_set_header X-Forwarded-For $the_real_ip; proxy_set_header X-Forwarded-For $the_real_x_forwarded_for;
proxy_set_header X-Forwarded-Host $best_http_host; proxy_set_header X-Forwarded-Host $best_http_host;
proxy_set_header X-Forwarded-Port $pass_port; proxy_set_header X-Forwarded-Port $pass_port;
proxy_set_header X-Forwarded-Proto $pass_access_scheme; proxy_set_header X-Forwarded-Proto $pass_access_scheme;