titanz/NGINX-Configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix X-Forwarded-For

Browse Source 
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2025-01-03 23:50:40 -07:00 committed by GitHub
parent 6f712a9282
commit d28691ceed
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
etc/nginx/snippets/proxy.conf
View File

@ -18,7 +18,13 @@ proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
# Enable X-Forwarded headers # Enable X-Forwarded headers
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
## Using $proxy_add_x_forwarded_for will append the $remote_addr to the end of the the IP lists
## If some clients sends a fake X-Forwarded-For, and the upstream server does not parses this
## correctly, it could result in security issues.
## We are not behind a reverse proxy, so just set it to $remote_addr should be good enough.
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-Ssl on;