Skip to content

Commit

Permalink
fix(*): fix x-forwarded-for and x-real-ip unavailable when use ssl pa…
Browse files Browse the repository at this point in the history
…ssthrough
  • Loading branch information
Pengfei Guo authored and Huanle Han committed Jan 5, 2021
1 parent 0ffc278 commit 5cecdd3
Showing 1 changed file with 15 additions and 10 deletions.
25 changes: 15 additions & 10 deletions rootfs/etc/nginx/template/nginx.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -132,11 +132,11 @@ http {

{{/* Enable the real_ip module only if we use either X-Forwarded headers or Proxy Protocol. */}}
{{/* we use the value of the real IP for the geo_ip module */}}
{{ if or (or $cfg.UseForwardedHeaders $cfg.UseProxyProtocol) $cfg.EnableRealIp }}
{{ if $cfg.UseProxyProtocol }}
real_ip_header proxy_protocol;
{{ else }}
{{ if or (or $cfg.UseForwardedHeaders (or .IsSSLPassthroughEnabled .Cfg.UseProxyProtocol)) $cfg.EnableRealIp }}
{{ if $cfg.UseForwardedHeaders }}
real_ip_header {{ $cfg.ForwardedForHeader }};
{{ else }}
real_ip_header proxy_protocol;
{{ end }}

real_ip_recursive on;
Expand Down Expand Up @@ -395,14 +395,19 @@ http {
{{ if and $cfg.UseForwardedHeaders $cfg.ComputeFullForwardedFor }}
# We can't use $proxy_add_x_forwarded_for because the realip module
# replaces the remote_addr too soon
map $http_x_forwarded_for $full_x_forwarded_for {
map "$realip_remote_addr:$server_port" $previous_ip {
{{ if $all.IsSSLPassthroughEnabled }}
"127.0.0.1:{{ $all.ListenPorts.SSLProxy }}" $proxy_protocol_addr;
{{ end }}
{{ if $all.Cfg.UseProxyProtocol }}
default "$http_x_forwarded_for, $proxy_protocol_addr";
'' "$proxy_protocol_addr";
default "$proxy_protocol_addr";
{{ else }}
default "$http_x_forwarded_for, $realip_remote_addr";
'' "$realip_remote_addr";
{{ end}}
default "$realip_remote_addr";
{{ end }}
}
map $http_x_forwarded_for $full_x_forwarded_for {
default "$http_x_forwarded_for, $previous_ip";
'' "$previous_ip";
}

{{ end }}
Expand Down

0 comments on commit 5cecdd3

Please sign in to comment.