diff --git a/README.md b/README.md index 4a2b5943e..1b319157f 100644 --- a/README.md +++ b/README.md @@ -866,6 +866,7 @@ Below is the complete list of available options that can be used to customize yo | `NGINX_PROXY_BUFFERING` | Enable `proxy_buffering`. Defaults to `off`. | | `NGINX_ACCEL_BUFFERING` | Enable `X-Accel-Buffering` header. Default to `no` | | `NGINX_X_FORWARDED_PROTO` | Advanced configuration option for the `proxy_set_header X-Forwarded-Proto` setting in the gitlab nginx vHost configuration. Defaults to `https` when `GITLAB_HTTPS` is `true`, else defaults to `$scheme`. | +| `NGINX_RETAIN_IP_HEADER` | set to `true` if docker container runs behind a reverse proxy (like CDN), nginx will retain HTTP header `X-Real-IP` and `X-Forwarded-For`. `false` by default. | | `REDIS_HOST` | The hostname of the redis server. Defaults to `localhost` | | `REDIS_PORT` | The connection port of the redis server. Defaults to `6379`. | | `REDIS_DB_NUMBER` | The redis database number. Defaults to '0'. | diff --git a/assets/runtime/env-defaults b/assets/runtime/env-defaults index ec8940b77..6592e5e4b 100644 --- a/assets/runtime/env-defaults +++ b/assets/runtime/env-defaults @@ -161,6 +161,7 @@ NGINX_SERVER_NAMES_HASH_BUCKET_SIZE=${NGINX_SERVER_NAMES_HASH_BUCKET_SIZE:-32}; NGINX_WORKERS=${NGINX_WORKERS:-1} NGINX_ACCEL_BUFFERING=${NGINX_ACCEL_BUFFERING:-no} NGINX_PROXY_BUFFERING=${NGINX_PROXY_BUFFERING:-off} +NGINX_RETAIN_IP_HEADER=${NGINX_RETAIN_IP_HEADER:-false} case ${GITLAB_HTTPS} in true) NGINX_X_FORWARDED_PROTO=${NGINX_X_FORWARDED_PROTO:-https} ;; *) NGINX_X_FORWARDED_PROTO=${NGINX_X_FORWARDED_PROTO:-\$scheme} ;; diff --git a/assets/runtime/functions b/assets/runtime/functions index ac2bab4c3..0e808093f 100644 --- a/assets/runtime/functions +++ b/assets/runtime/functions @@ -902,6 +902,15 @@ nginx_configure_gitlab_ipv6() { fi } +nginx_configure_gitlab_retain_ip_header() { + if [[ ${NGINX_RETAIN_IP_HEADER} == true ]]; then + sed -i \ + -e "/X-Real-IP/d" \ + -e "/X-Forwarded-For/d" \ + ${GITLAB_NGINX_CONFIG} + fi +} + nginx_configure_gitlab() { echo "Configuring nginx::gitlab..." update_template ${GITLAB_NGINX_CONFIG} \ @@ -916,6 +925,7 @@ nginx_configure_gitlab() { nginx_configure_gitlab_ssl nginx_configure_gitlab_hsts nginx_configure_gitlab_ipv6 + nginx_configure_gitlab_retain_ip_header } nginx_configure_gitlab_ci() {