DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add config for X-Forwarded-For trust

Browse source 
Use the same config option for `set_real_ip_from` when not using proxy protocol. The default remains `0.0.0.0/0`, which is insecure if the ingress is publicly accessible. This at least provides a workaround for #200
This commit is contained in:
Payam Hekmat 2017-05-11 21:55:35 -05:00 committed by GitHub
parent 88ca7a555e
commit dd894f0f73
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
View file

@ -23,8 +23,8 @@ http {
set_real_ip_from {{ $cfg.ProxyRealIPCIDR }};
real_ip_header proxy_protocol;
{{ else }}
set_real_ip_from {{ $cfg.ProxyRealIPCIDR }};
real_ip_header X-Forwarded-For;
set_real_ip_from 0.0.0.0/0;
{{ end }}
real_ip_recursive on;