Fix real ip's from upstream proxies

author: Elizabeth Hunt <me@liz.coffee> 2025-05-01 23:07:54 -0700
committer: Elizabeth Hunt <me@liz.coffee> 2025-05-01 23:07:54 -0700
commit: e5bca60eb98d76b32388a98418ab6fa3e0eff357 (patch)
tree: 72c7bbb4f8eadb5a8885c2f23acebafca77eb8f7 /playbooks/roles/outbound/templates/proxy/nginx/conf.d/notes.conf
parent: 83aef76c5a74269a2d15ff80722adc90b002acc1 (diff)
download: infra-e5bca60eb98d76b32388a98418ab6fa3e0eff357.tar.gz
infra-e5bca60eb98d76b32388a98418ab6fa3e0eff357.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/playbooks/roles/outbound/templates/proxy/nginx/conf.d/notes.conf b/playbooks/roles/outbound/templates/proxy/nginx/conf.d/notes.conf
index f7937dd..c38b948 100644
--- a/playbooks/roles/outbound/templates/proxy/nginx/conf.d/notes.conf
+++ b/playbooks/roles/outbound/templates/proxy/nginx/conf.d/notes.conf
@@ -2,12 +2,15 @@ server {
     listen 80;
     server_name notes.liz.coffee;
 
+    real_ip_header X-Forwarded-For;
+    real_ip_recursive on;
+    set_real_ip_from {{ docker_network }};
+
     location / {
         proxy_pass https://{{ loadbalancer_ip }};
         proxy_ssl_verify off;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
     }
 }
author	Elizabeth Hunt <me@liz.coffee>	2025-05-01 23:07:54 -0700
committer	Elizabeth Hunt <me@liz.coffee>	2025-05-01 23:07:54 -0700
commit	e5bca60eb98d76b32388a98418ab6fa3e0eff357 (patch)
tree	72c7bbb4f8eadb5a8885c2f23acebafca77eb8f7 /playbooks/roles/outbound/templates/proxy/nginx/conf.d/notes.conf
parent	83aef76c5a74269a2d15ff80722adc90b002acc1 (diff)
download	infra-e5bca60eb98d76b32388a98418ab6fa3e0eff357.tar.gz infra-e5bca60eb98d76b32388a98418ab6fa3e0eff357.zip