From 131fc871b7b41b5c91f86754edbb0dcac1de65e1 Mon Sep 17 00:00:00 2001 From: yuri Date: Thu, 28 Sep 2023 04:57:17 +0200 Subject: [PATCH] Set real IP from local proxy --- config/hosts/web-public-2/virtualHosts/anisync.grzb.de.nix | 3 +++ config/hosts/web-public-2/virtualHosts/element.nekover.se.nix | 3 +++ config/hosts/web-public-2/virtualHosts/gameserver.grzb.de.nix | 3 +++ config/hosts/web-public-2/virtualHosts/git.grzb.de.nix | 3 +++ config/hosts/web-public-2/virtualHosts/mewtube.nekover.se.nix | 4 ++++ config/hosts/web-public-2/virtualHosts/nekover.se.nix | 4 ++++ config/hosts/web-public-2/virtualHosts/social.nekover.se.nix | 3 +++ 7 files changed, 23 insertions(+) diff --git a/config/hosts/web-public-2/virtualHosts/anisync.grzb.de.nix b/config/hosts/web-public-2/virtualHosts/anisync.grzb.de.nix index b628ef7..381294e 100644 --- a/config/hosts/web-public-2/virtualHosts/anisync.grzb.de.nix +++ b/config/hosts/web-public-2/virtualHosts/anisync.grzb.de.nix @@ -21,6 +21,9 @@ }; extraConfig = '' add_header X-Content-Type-Options nosniff; + + set_real_ip_from 127.0.0.1; + real_ip_header proxy_protocol; ''; }; } diff --git a/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix b/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix index 9e6bbf9..8e9b555 100644 --- a/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix +++ b/config/hosts/web-public-2/virtualHosts/element.nekover.se.nix @@ -78,6 +78,9 @@ in # redirect server error pages to the static page /50x.html error_page 500 502 503 504 /50x.html; + + set_real_ip_from 127.0.0.1; + real_ip_header proxy_protocol; ''; }; } diff --git a/config/hosts/web-public-2/virtualHosts/gameserver.grzb.de.nix b/config/hosts/web-public-2/virtualHosts/gameserver.grzb.de.nix index 5070a0b..4efedd4 100644 --- a/config/hosts/web-public-2/virtualHosts/gameserver.grzb.de.nix +++ b/config/hosts/web-public-2/virtualHosts/gameserver.grzb.de.nix @@ -26,6 +26,9 @@ extraConfig = '' client_max_body_size 1024m; add_header X-Content-Type-Options nosniff; + + set_real_ip_from 127.0.0.1; + real_ip_header proxy_protocol; ''; }; } diff --git a/config/hosts/web-public-2/virtualHosts/git.grzb.de.nix b/config/hosts/web-public-2/virtualHosts/git.grzb.de.nix index fb156d8..03b1a96 100644 --- a/config/hosts/web-public-2/virtualHosts/git.grzb.de.nix +++ b/config/hosts/web-public-2/virtualHosts/git.grzb.de.nix @@ -28,6 +28,9 @@ client_max_body_size 1024m; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; + + set_real_ip_from 127.0.0.1; + real_ip_header proxy_protocol; ''; }; } diff --git a/config/hosts/web-public-2/virtualHosts/mewtube.nekover.se.nix b/config/hosts/web-public-2/virtualHosts/mewtube.nekover.se.nix index fbc64fa..3a297e8 100644 --- a/config/hosts/web-public-2/virtualHosts/mewtube.nekover.se.nix +++ b/config/hosts/web-public-2/virtualHosts/mewtube.nekover.se.nix @@ -18,5 +18,9 @@ locations."/" = { proxyPass = "http://cloudtube.vs.grzb.de:10412"; }; + extraConfig = '' + set_real_ip_from 127.0.0.1; + real_ip_header proxy_protocol; + ''; }; } diff --git a/config/hosts/web-public-2/virtualHosts/nekover.se.nix b/config/hosts/web-public-2/virtualHosts/nekover.se.nix index 743135d..7ea6e2c 100644 --- a/config/hosts/web-public-2/virtualHosts/nekover.se.nix +++ b/config/hosts/web-public-2/virtualHosts/nekover.se.nix @@ -28,5 +28,9 @@ add_header Access-Control-Allow-Origin *; ''; }; + extraConfig = '' + set_real_ip_from 127.0.0.1; + real_ip_header proxy_protocol; + ''; }; } diff --git a/config/hosts/web-public-2/virtualHosts/social.nekover.se.nix b/config/hosts/web-public-2/virtualHosts/social.nekover.se.nix index 2c44a16..174e360 100644 --- a/config/hosts/web-public-2/virtualHosts/social.nekover.se.nix +++ b/config/hosts/web-public-2/virtualHosts/social.nekover.se.nix @@ -21,6 +21,9 @@ }; extraConfig = '' client_max_body_size 80m; + + set_real_ip_from 127.0.0.1; + real_ip_header proxy_protocol; ''; }; }