Add additional environment variables to better support reverse proxies (

#335) * Add additional environment variables to better support ISLE deployments behind reverse proxies * Update README.md
Islandora-Devops · May 31, 2024 · a4c0d84 · a4c0d84
1 parent 1543708
commit a4c0d84
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 0 deletions.
diff --git a/nginx/Dockerfile b/nginx/Dockerfile
@@ -71,8 +71,11 @@ ENV \
     NGINX_PROXY_READ_TIMEOUT=60s \
     NGINX_PROXY_SEND_TIMEOUT=60s \
     NGINX_REAL_IP_HEADER=X-Forwarded-For \
+    NGINX_REAL_IP_RECURSIVE=off \
     NGINX_SEND_TIMEOUT=60s \
     NGINX_SET_REAL_IP_FROM=172.0.0.0/8 \
+    NGINX_SET_REAL_IP_FROM2=172.0.0.0/8 \
+    NGINX_SET_REAL_IP_FROM3=172.0.0.0/8 \
     NGINX_WORKER_CONNECTIONS=1024 \
     NGINX_WORKER_PROCESSES=auto \
     PHP_DEFAULT_SOCKET_TIMEOUT=60 \

diff --git a/nginx/README.md b/nginx/README.md
@@ -36,8 +36,11 @@ Requires `islandora/base` docker image to build. Please refer to the
 | NGINX_PROXY_READ_TIMEOUT      | 60s             | Timeout for reading a response from the proxied server                                |
 | NGINX_PROXY_SEND_TIMEOUT      | 60s             | Timeout for transmitting a request to the proxied server                              |
 | NGINX_REAL_IP_HEADER          | X-Forwarded-For | Request header field whose value will be used to replace the client address.          |
+| NGINX_REAL_IP_RECURSIVE       | off             | See https://nginx.org/en/docs/http/ngx_http_realip_module.html         |
 | NGINX_SEND_TIMEOUT            | 60s             | Timeout for transmitting a response to the client                                     |
 | NGINX_SET_REAL_IP_FROM        | 172.0.0.0/8     | Trusted addresses that are known to send correct replacement addresses                |
+| NGINX_SET_REAL_IP_FROM2       | 172.0.0.0/8     | Trusted addresses that are known to send correct replacement addresses                |
+| NGINX_SET_REAL_IP_FROM3       | 172.0.0.0/8     | Trusted addresses that are known to send correct replacement addresses                |
 | NGINX_WORKER_CONNECTIONS      | 1024            | The maximum number of simultaneous connections that can be opened by a worker process |
 | NGINX_WORKER_PROCESSES        | auto            | Set number of worker processes automatically based on number of CPU cores             |
 

diff --git a/nginx/rootfs/etc/confd/templates/nginx.conf.tmpl b/nginx/rootfs/etc/confd/templates/nginx.conf.tmpl
@@ -155,7 +155,10 @@ http {
 
         # Sets the client IP to print in logs
         real_ip_header {{ getenv "NGINX_REAL_IP_HEADER" }};
+        real_ip_recursive {{ getenv "NGINX_REAL_IP_RECURSIVE" }};
         set_real_ip_from {{ getenv "NGINX_SET_REAL_IP_FROM" }};
+        set_real_ip_from {{ getenv "NGINX_SET_REAL_IP_FROM2" }};
+        set_real_ip_from {{ getenv "NGINX_SET_REAL_IP_FROM3" }};
 
         # Includes virtual hosts configs.
         include /etc/nginx/http.d/*.conf;