Make matrix-nginx-proxy's X-Forwarded-For header customizable

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1393
development
Slavi Pantaleev 3 years ago
parent 24a0d965bf
commit 3a9fe48deb

@ -111,6 +111,9 @@ matrix_coturn_enabled: false
# Trust the reverse proxy to send the correct `X-Forwarded-Proto` header as it is handling the SSL connection. # Trust the reverse proxy to send the correct `X-Forwarded-Proto` header as it is handling the SSL connection.
matrix_nginx_proxy_trust_forwarded_proto: true matrix_nginx_proxy_trust_forwarded_proto: true
# Trust and use the other reverse proxy's `X-Forwarded-For` header.
matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for'
``` ```
With this, nginx would still be in use, but it would not bother with anything SSL related or with taking up public ports. With this, nginx would still be in use, but it would not bother with anything SSL related or with taking up public ports.

@ -382,6 +382,11 @@ matrix_nginx_proxy_ssl_prefer_server_ciphers: "{{ matrix_nginx_proxy_ssl_presets
# To see the full list for suportes ciphers run `openssl ciphers` on your server # To see the full list for suportes ciphers run `openssl ciphers` on your server
matrix_nginx_proxy_ssl_ciphers: "{{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['ciphers'] }}" matrix_nginx_proxy_ssl_ciphers: "{{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['ciphers'] }}"
# Specifies what to use for the X-Forwarded-For variable.
# If you're fronting the nginx reverse-proxy with additional reverse-proxy servers,
# you may wish to set this to '$proxy_add_x_forwarded_for' instead.
matrix_nginx_proxy_x_forwarded_for: '$remote_addr'
# Controls whether the self-check feature should validate SSL certificates. # Controls whether the self-check feature should validate SSL certificates.
matrix_nginx_proxy_self_check_validate_certificates: true matrix_nginx_proxy_self_check_validate_certificates: true

@ -27,7 +27,7 @@
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
} }
{% endmacro %} {% endmacro %}

@ -35,7 +35,7 @@
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
} }
{% endmacro %} {% endmacro %}

@ -33,7 +33,7 @@
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
} }
{% endmacro %} {% endmacro %}

@ -30,7 +30,7 @@
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
} }
{% endmacro %} {% endmacro %}

@ -58,7 +58,7 @@
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
} }
{% endif %} {% endif %}
@ -76,7 +76,7 @@
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
} }
{% endif %} {% endif %}
@ -94,7 +94,7 @@
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
} }
{% endif %} {% endif %}
@ -111,7 +111,7 @@
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
} }
{% endif %} {% endif %}
@ -136,7 +136,7 @@
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
client_body_buffer_size 25M; client_body_buffer_size 25M;
@ -284,7 +284,7 @@ server {
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
client_body_buffer_size 25M; client_body_buffer_size 25M;

@ -37,7 +37,7 @@
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
} }
{% endmacro %} {% endmacro %}

@ -30,7 +30,7 @@
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
} }
# colibri (JVB) websockets # colibri (JVB) websockets
@ -45,7 +45,7 @@
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
@ -70,7 +70,7 @@
proxy_read_timeout 900s; proxy_read_timeout 900s;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
tcp_nodelay on; tcp_nodelay on;
} }

@ -28,7 +28,7 @@
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
} }
{% endmacro %} {% endmacro %}

Loading…
Cancel
Save