DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove the_real_ip variable

Browse source
This commit is contained in:
Manuel Alejandro de Brito Fontes 2019-09-12 20:01:33 -03:00
parent fe4f178db1
commit 9af574a234
No known key found for this signature in database
GPG key ID: 786136016A8BA02A
6 changed files with 22 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

43
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -162,20 +162,20 @@ http {
# https://github.com/leev/ngx_http_geoip2_module#example-usage
geoip2 /etc/nginx/geoip/GeoLite2-City.mmdb {
$geoip2_city_country_code source=$the_real_ip country iso_code;
$geoip2_city_country_name source=$the_real_ip country names en;
$geoip2_city source=$the_real_ip city names en;
$geoip2_postal_code source=$the_real_ip postal code;
$geoip2_dma_code source=$the_real_ip location metro_code;
$geoip2_latitude source=$the_real_ip location latitude;
$geoip2_longitude source=$the_real_ip location longitude;
$geoip2_time_zone source=$the_real_ip location time_zone;
$geoip2_region_code source=$the_real_ip subdivisions 0 iso_code;
$geoip2_region_name source=$the_real_ip subdivisions 0 names en;
$geoip2_city_country_code source=$remote_addr country iso_code;
$geoip2_city_country_name source=$remote_addr country names en;
$geoip2_city source=$remote_addr city names en;
$geoip2_postal_code source=$remote_addr postal code;
$geoip2_dma_code source=$remote_addr location metro_code;
$geoip2_latitude source=$remote_addr location latitude;
$geoip2_longitude source=$remote_addr location longitude;
$geoip2_time_zone source=$remote_addr location time_zone;
$geoip2_region_code source=$remote_addr subdivisions 0 iso_code;
$geoip2_region_name source=$remote_addr subdivisions 0 names en;
}
geoip2 /etc/nginx/geoip/GeoLite2-ASN.mmdb {
$geoip2_asn source=$the_real_ip autonomous_system_number;
$geoip2_asn source=$remote_addr autonomous_system_number;
}
{{ end }}
@ -306,17 +306,6 @@ http {
{{ end }}
}
# The following is a sneaky way to do "set $the_real_ip $remote_addr"
# Needed because using set is not allowed outside server blocks.
map '' $the_real_ip {
{{ if $cfg.UseProxyProtocol }}
# Get IP address from Proxy Protocol
default $proxy_protocol_addr;
{{ else }}
default $remote_addr;
{{ end }}
}
# Reverse proxies can detect if a client provides a X-Request-ID header, and pass it on to the backend server.
# If no such header is provided, it can provide a random value.
map $http_x_request_id $req_id {
@ -435,7 +424,7 @@ http {
{{ range $rl := (filterRateLimits $servers ) }}
# Ratelimit {{ $rl.Name }}
geo $the_real_ip $whitelist_{{ $rl.ID }} {
geo $remote_addr $whitelist_{{ $rl.ID }} {
default 0;
{{ range $ip := $rl.Whitelist }}
{{ $ip }} 1;{{ end }}
@ -904,11 +893,11 @@ stream {
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Original-Method $request_method;
proxy_set_header X-Sent-From "nginx-ingress-controller";
proxy_set_header X-Real-IP $the_real_ip;
proxy_set_header X-Real-IP $remote_addr;
{{ if and $all.Cfg.UseForwardedHeaders $all.Cfg.ComputeFullForwardedFor }}
proxy_set_header X-Forwarded-For $full_x_forwarded_for;
{{ else }}
proxy_set_header X-Forwarded-For $the_real_ip;
proxy_set_header X-Forwarded-For $remote_addr;
{{ end }}
{{ if $externalAuth.RequestRedirect }}
@ -1196,11 +1185,11 @@ stream {
{{ end }}
{{ $proxySetHeader }} X-Request-ID $req_id;
{{ $proxySetHeader }} X-Real-IP $the_real_ip;
{{ $proxySetHeader }} X-Real-IP $remote_addr;
{{ if and $all.Cfg.UseForwardedHeaders $all.Cfg.ComputeFullForwardedFor }}
{{ $proxySetHeader }} X-Forwarded-For $full_x_forwarded_for;
{{ else }}
{{ $proxySetHeader }} X-Forwarded-For $the_real_ip;
{{ $proxySetHeader }} X-Forwarded-For $remote_addr;
{{ end }}
{{ $proxySetHeader }} X-Forwarded-Host $best_http_host;
{{ $proxySetHeader }} X-Forwarded-Port $pass_port;