diff --git a/nginx/templates/config.jinja b/nginx/templates/config.jinja index e416166..a351020 100644 --- a/nginx/templates/config.jinja +++ b/nginx/templates/config.jinja @@ -23,6 +23,13 @@ events { } http { + {% if 'set_real_ips' in nginx -%} + {% for ip in nginx.get('set_real_ips', {}).get('from_ips', []) -%} + set_real_ip_from {{ ip }}; + {% endfor -%} + real_ip_header {{ nginx.get('set_real_ips', {}).get('real_ip_header', 'X-Forwarded-For') }}; + + {% endif -%} include /etc/nginx/mime.types; default_type {{ nginx.get('default_type', 'application/octet-stream') }}; log_format main '$scheme://$host:$server_port$uri$is_args$args $remote_addr:$remote_user "$request" $request_time $request_length:$bytes_sent $status "$http_referer" "$http_user_agent" "$http_x_forwarded_for"'; diff --git a/pillar.example b/pillar.example index c7f117b..a0c8aaa 100644 --- a/pillar.example +++ b/pillar.example @@ -4,6 +4,10 @@ nginx: user_auth_enabled: True with_luajit: False with_openresty: True + set_real_ips: # NOTE: to use this, nginx must have http_realip module enabled + from_ips: + - 10.10.10.0/24 + real_ip_header: X-Forwarded-For modules: headers-more: source: http://github.com/agentzh/headers-more-nginx-module/tarball/v0.21