Merge pull request #690 from aledbf/avoid-empty-secret

Fix IP in logs for https traffic
2017-05-12 10:44:20 -03:00 · 2017-05-12 10:44:20 -03:00 · 12d2c4f689
commit 12d2c4f689
parent 88ca7a555e a537d2d0fa
9 changed files with 54 additions and 34 deletions
--- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
+++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
@ -85,6 +85,9 @@ http {

    server_tokens {{ if $cfg.ShowServerTokens }}on{{ else }}off{{ end }};

+    # disable warnings
+    uninitialized_variable_warn off;
+
    log_format upstreaminfo '{{ buildLogFormatUpstream $cfg }}';

    {{/* map urls that should not appear in access.log */}}
@ -127,6 +130,16 @@ http {
       ''                $server_port;
    }

+    map $pass_access_scheme $the_x_forwarded_for {
+       default           $remote_addr;
+       https             $proxy_protocol_addr;
+    }
+
+    map $pass_access_scheme $the_real_ip {
+       default           $remote_addr;
+       https             $proxy_protocol_addr;
+    }
+
    # map port 442 to 443 for header X-Forwarded-Port
    map $pass_server_port $pass_port {
        442              443;
@ -352,7 +365,8 @@ http {
            proxy_set_header                        Upgrade           $http_upgrade;
            proxy_set_header                        Connection        $connection_upgrade;

-            proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
+            proxy_set_header X-Real-IP              $the_real_ip;
+            proxy_set_header X-Forwarded-For        $the_x_forwarded_for;
            proxy_set_header X-Forwarded-Host       $best_http_host;
            proxy_set_header X-Forwarded-Port       $pass_port;
            proxy_set_header X-Forwarded-Proto      $pass_access_scheme;