6 files changed, 26 insertions, 6 deletions

diff --git a/playbooks/roles/outbound/templates/proxy/nginx/conf.d/bin.conf b/playbooks/roles/outbound/templates/proxy/nginx/conf.d/bin.conf
index 3c5682d..db2f957 100644
--- a/playbooks/roles/outbound/templates/proxy/nginx/conf.d/bin.conf
+++ b/playbooks/roles/outbound/templates/proxy/nginx/conf.d/bin.conf
@@ -3,6 +3,10 @@ server {
     server_name bin.liz.coffee;
     client_max_body_size 200M;
 
+    real_ip_header X-Forwarded-For;
+    real_ip_recursive on;
+    set_real_ip_from {{ docker_network }};
+
     location / {
         proxy_pass https://{{ loadbalancer_ip }};
         proxy_ssl_verify off;
@@ -10,7 +14,6 @@ server {
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
     }
diff --git a/playbooks/roles/outbound/templates/proxy/nginx/conf.d/idm.conf b/playbooks/roles/outbound/templates/proxy/nginx/conf.d/idm.conf
index c85ebcf..95477b0 100644
--- a/playbooks/roles/outbound/templates/proxy/nginx/conf.d/idm.conf
+++ b/playbooks/roles/outbound/templates/proxy/nginx/conf.d/idm.conf
@@ -2,12 +2,15 @@ server {
     listen 80;
     server_name idm.liz.coffee;
 
+    real_ip_header X-Forwarded-For;
+    real_ip_recursive on;
+    set_real_ip_from {{ docker_network }};
+
     location / {
         proxy_pass https://{{ loadbalancer_ip }};
         proxy_ssl_verify off;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
     }
 }
diff --git a/playbooks/roles/outbound/templates/proxy/nginx/conf.d/kanban.conf b/playbooks/roles/outbound/templates/proxy/nginx/conf.d/kanban.conf
index b668310..e8c9458 100644
--- a/playbooks/roles/outbound/templates/proxy/nginx/conf.d/kanban.conf
+++ b/playbooks/roles/outbound/templates/proxy/nginx/conf.d/kanban.conf
@@ -2,12 +2,15 @@ server {
     listen 80;
     server_name kanban.liz.coffee;
 
+    real_ip_header X-Forwarded-For;
+    real_ip_recursive on;
+    set_real_ip_from {{ docker_network }};
+
     location / {
         proxy_pass https://{{ loadbalancer_ip }};
         proxy_ssl_verify off;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
     }
 }
diff --git a/playbooks/roles/outbound/templates/proxy/nginx/conf.d/mail.conf b/playbooks/roles/outbound/templates/proxy/nginx/conf.d/mail.conf
index c810f5a..11e2145 100644
--- a/playbooks/roles/outbound/templates/proxy/nginx/conf.d/mail.conf
+++ b/playbooks/roles/outbound/templates/proxy/nginx/conf.d/mail.conf
@@ -1,6 +1,11 @@
 server {
     listen 80;
     server_name mail.liz.coffee;
+
+    real_ip_header X-Forwarded-For;
+    real_ip_recursive on;
+    set_real_ip_from {{ docker_network }};
+
     location / {
         proxy_pass https://{{ loadbalancer_ip }};
         proxy_ssl_verify off;
@@ -8,7 +13,6 @@ server {
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
     }
diff --git a/playbooks/roles/outbound/templates/proxy/nginx/conf.d/notes.conf b/playbooks/roles/outbound/templates/proxy/nginx/conf.d/notes.conf
index f7937dd..c38b948 100644
--- a/playbooks/roles/outbound/templates/proxy/nginx/conf.d/notes.conf
+++ b/playbooks/roles/outbound/templates/proxy/nginx/conf.d/notes.conf
@@ -2,12 +2,15 @@ server {
     listen 80;
     server_name notes.liz.coffee;
 
+    real_ip_header X-Forwarded-For;
+    real_ip_recursive on;
+    set_real_ip_from {{ docker_network }};
+
     location / {
         proxy_pass https://{{ loadbalancer_ip }};
         proxy_ssl_verify off;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
     }
 }
diff --git a/playbooks/roles/outbound/templates/proxy/nginx/conf.d/src.conf b/playbooks/roles/outbound/templates/proxy/nginx/conf.d/src.conf
index ad24e23..b786eac 100644
--- a/playbooks/roles/outbound/templates/proxy/nginx/conf.d/src.conf
+++ b/playbooks/roles/outbound/templates/proxy/nginx/conf.d/src.conf
@@ -1,6 +1,11 @@
 server {
     listen 80;
     server_name src.liz.coffee;
+
+    real_ip_header X-Forwarded-For;
+    real_ip_recursive on;
+    set_real_ip_from {{ docker_network }};
+
     location / {
         proxy_pass https://{{ loadbalancer_ip }};
         proxy_ssl_verify off;
@@ -8,7 +13,6 @@ server {
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
     }