Fix real ip's from upstream proxies

author: Elizabeth Hunt <me@liz.coffee> 2025-05-01 23:07:54 -0700
committer: Elizabeth Hunt <me@liz.coffee> 2025-05-01 23:07:54 -0700
commit: e5bca60eb98d76b32388a98418ab6fa3e0eff357 (patch)
tree: 72c7bbb4f8eadb5a8885c2f23acebafca77eb8f7 /playbooks/roles/outbound/templates/proxy/nginx/conf.d/src.conf
parent: 83aef76c5a74269a2d15ff80722adc90b002acc1 (diff)
download: infra-e5bca60eb98d76b32388a98418ab6fa3e0eff357.tar.gz
infra-e5bca60eb98d76b32388a98418ab6fa3e0eff357.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/playbooks/roles/outbound/templates/proxy/nginx/conf.d/src.conf b/playbooks/roles/outbound/templates/proxy/nginx/conf.d/src.conf
index ad24e23..b786eac 100644
--- a/playbooks/roles/outbound/templates/proxy/nginx/conf.d/src.conf
+++ b/playbooks/roles/outbound/templates/proxy/nginx/conf.d/src.conf
@@ -1,6 +1,11 @@
 server {
     listen 80;
     server_name src.liz.coffee;
+
+    real_ip_header X-Forwarded-For;
+    real_ip_recursive on;
+    set_real_ip_from {{ docker_network }};
+
     location / {
         proxy_pass https://{{ loadbalancer_ip }};
         proxy_ssl_verify off;
@@ -8,7 +13,6 @@ server {
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
     }
author	Elizabeth Hunt <me@liz.coffee>	2025-05-01 23:07:54 -0700
committer	Elizabeth Hunt <me@liz.coffee>	2025-05-01 23:07:54 -0700
commit	e5bca60eb98d76b32388a98418ab6fa3e0eff357 (patch)
tree	72c7bbb4f8eadb5a8885c2f23acebafca77eb8f7 /playbooks/roles/outbound/templates/proxy/nginx/conf.d/src.conf
parent	83aef76c5a74269a2d15ff80722adc90b002acc1 (diff)
download	infra-e5bca60eb98d76b32388a98418ab6fa3e0eff357.tar.gz infra-e5bca60eb98d76b32388a98418ab6fa3e0eff357.zip