From e5bca60eb98d76b32388a98418ab6fa3e0eff357 Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <me@liz.coffee>
Date: Thu, 1 May 2025 23:07:54 -0700
Subject: Fix real ip's from upstream proxies

---
 create.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'create.py')

diff --git a/create.py b/create.py
index bccdee2..258b998 100755
--- a/create.py
+++ b/create.py
@@ -148,7 +148,7 @@ class RoleGenerator:
                   - {{{{ {self.service}_base }}}}/volumes/data:/data
                 environment:
                   - TZ={{{{ timezone }}}}
-                  - DEPLOYMENT_TIME={{{{ now() }}}}
+                  - DEPLOYMENT_TIME={{{{ deployment_time }}}}
                 networks:
                   - proxy
                 healthcheck:
@@ -224,6 +224,11 @@ def create_nginx_conf(service_name: str):
         server {{
             listen 80;
             server_name {service_name}.liz.coffee;
+
+            real_ip_header X-Forwarded-For;
+            real_ip_recursive on;
+            set_real_ip_from {{{{ docker_network }}}};
+
             location / {{
                 proxy_pass https://{{{{ loadbalancer_ip }}}};
                 proxy_ssl_verify off;
@@ -231,7 +236,6 @@ def create_nginx_conf(service_name: str):
                 proxy_set_header Host $host;
                 proxy_set_header X-Real-IP $remote_addr;
                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-                proxy_set_header X-Forwarded-Proto $scheme;
                 proxy_set_header Upgrade $http_upgrade;
                 proxy_set_header Connection "upgrade";
             }}
-- 
cgit v1.2.3-70-g09d2