From e5bca60eb98d76b32388a98418ab6fa3e0eff357 Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <me@liz.coffee>
Date: Thu, 1 May 2025 23:07:54 -0700
Subject: Fix real ip's from upstream proxies

---
 playbooks/roles/outbound/templates/proxy/nginx/conf.d/src.conf | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'playbooks/roles/outbound/templates/proxy/nginx/conf.d/src.conf')

diff --git a/playbooks/roles/outbound/templates/proxy/nginx/conf.d/src.conf b/playbooks/roles/outbound/templates/proxy/nginx/conf.d/src.conf
index ad24e23..b786eac 100644
--- a/playbooks/roles/outbound/templates/proxy/nginx/conf.d/src.conf
+++ b/playbooks/roles/outbound/templates/proxy/nginx/conf.d/src.conf
@@ -1,6 +1,11 @@
 server {
     listen 80;
     server_name src.liz.coffee;
+
+    real_ip_header X-Forwarded-For;
+    real_ip_recursive on;
+    set_real_ip_from {{ docker_network }};
+
     location / {
         proxy_pass https://{{ loadbalancer_ip }};
         proxy_ssl_verify off;
@@ -8,7 +13,6 @@ server {
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
     }
-- 
cgit v1.2.3-70-g09d2