DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Improve NGINX template security

Browse source
This commit is contained in:
Ricardo Pchevuzinske Katz 2017-08-22 17:28:51 -03:00
parent 855be47ba8
commit f49e756d47
No known key found for this signature in database
GPG key ID: 4B9D13C9A87CD165
1 changed files with 1 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
View file

@ -28,14 +28,12 @@ http {
{{/* we use the value of the header X-Forwarded-For to be able to use the geo_ip module */}}
{{ if $cfg.UseProxyProtocol }}
real_ip_header proxy_protocol;
{{ else }}
real_ip_header X-Forwarded-For;
{{ end }}
real_ip_recursive on;
{{ range $trusted_ip := $cfg.ProxyRealIPCIDR }}
set_real_ip_from {{ $trusted_ip }};
{{ end }}
{{ end }}
{{/* databases used to determine the country depending on the client IP address */}}
{{/* http://nginx.org/en/docs/http/ngx_http_geoip_module.html */}}