Make matrix-nginx-proxy's X-Forwarded-For header customizable
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1393
This commit is contained in:
parent
24a0d965bf
commit
3a9fe48deb
@ -111,6 +111,9 @@ matrix_coturn_enabled: false
|
|||||||
|
|
||||||
# Trust the reverse proxy to send the correct `X-Forwarded-Proto` header as it is handling the SSL connection.
|
# Trust the reverse proxy to send the correct `X-Forwarded-Proto` header as it is handling the SSL connection.
|
||||||
matrix_nginx_proxy_trust_forwarded_proto: true
|
matrix_nginx_proxy_trust_forwarded_proto: true
|
||||||
|
|
||||||
|
# Trust and use the other reverse proxy's `X-Forwarded-For` header.
|
||||||
|
matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for'
|
||||||
```
|
```
|
||||||
|
|
||||||
With this, nginx would still be in use, but it would not bother with anything SSL related or with taking up public ports.
|
With this, nginx would still be in use, but it would not bother with anything SSL related or with taking up public ports.
|
||||||
|
@ -382,6 +382,11 @@ matrix_nginx_proxy_ssl_prefer_server_ciphers: "{{ matrix_nginx_proxy_ssl_presets
|
|||||||
# To see the full list for suportes ciphers run `openssl ciphers` on your server
|
# To see the full list for suportes ciphers run `openssl ciphers` on your server
|
||||||
matrix_nginx_proxy_ssl_ciphers: "{{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['ciphers'] }}"
|
matrix_nginx_proxy_ssl_ciphers: "{{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['ciphers'] }}"
|
||||||
|
|
||||||
|
# Specifies what to use for the X-Forwarded-For variable.
|
||||||
|
# If you're fronting the nginx reverse-proxy with additional reverse-proxy servers,
|
||||||
|
# you may wish to set this to '$proxy_add_x_forwarded_for' instead.
|
||||||
|
matrix_nginx_proxy_x_forwarded_for: '$remote_addr'
|
||||||
|
|
||||||
# Controls whether the self-check feature should validate SSL certificates.
|
# Controls whether the self-check feature should validate SSL certificates.
|
||||||
matrix_nginx_proxy_self_check_validate_certificates: true
|
matrix_nginx_proxy_self_check_validate_certificates: true
|
||||||
|
|
||||||
|
@ -27,7 +27,7 @@
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
|
||||||
}
|
}
|
||||||
{% endmacro %}
|
{% endmacro %}
|
||||||
|
|
||||||
|
@ -35,7 +35,7 @@
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
|
||||||
}
|
}
|
||||||
{% endmacro %}
|
{% endmacro %}
|
||||||
|
|
||||||
|
@ -33,7 +33,7 @@
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
|
||||||
}
|
}
|
||||||
{% endmacro %}
|
{% endmacro %}
|
||||||
|
|
||||||
|
@ -30,7 +30,7 @@
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
|
||||||
}
|
}
|
||||||
{% endmacro %}
|
{% endmacro %}
|
||||||
|
|
||||||
|
@ -58,7 +58,7 @@
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
|
||||||
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
|
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
|
||||||
}
|
}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
@ -76,7 +76,7 @@
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
|
||||||
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
|
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
|
||||||
}
|
}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
@ -94,7 +94,7 @@
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
|
||||||
}
|
}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
@ -111,7 +111,7 @@
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
|
||||||
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
|
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
|
||||||
}
|
}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
@ -136,7 +136,7 @@
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
|
||||||
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
|
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
|
||||||
|
|
||||||
client_body_buffer_size 25M;
|
client_body_buffer_size 25M;
|
||||||
@ -284,7 +284,7 @@ server {
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
|
||||||
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
|
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
|
||||||
|
|
||||||
client_body_buffer_size 25M;
|
client_body_buffer_size 25M;
|
||||||
|
@ -37,7 +37,7 @@
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
|
||||||
}
|
}
|
||||||
{% endmacro %}
|
{% endmacro %}
|
||||||
|
|
||||||
|
@ -30,7 +30,7 @@
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
|
||||||
}
|
}
|
||||||
|
|
||||||
# colibri (JVB) websockets
|
# colibri (JVB) websockets
|
||||||
@ -45,7 +45,7 @@
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "upgrade";
|
proxy_set_header Connection "upgrade";
|
||||||
|
|
||||||
@ -70,7 +70,7 @@
|
|||||||
proxy_read_timeout 900s;
|
proxy_read_timeout 900s;
|
||||||
proxy_set_header Connection "upgrade";
|
proxy_set_header Connection "upgrade";
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
|
||||||
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
|
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
|
||||||
tcp_nodelay on;
|
tcp_nodelay on;
|
||||||
}
|
}
|
||||||
|
@ -28,7 +28,7 @@
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
|
||||||
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
|
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
|
||||||
}
|
}
|
||||||
{% endmacro %}
|
{% endmacro %}
|
||||||
|
Loading…
Reference in New Issue
Block a user