From 3616bcc9cfdc480cc1d5f7cb17ad2b7088c034cf Mon Sep 17 00:00:00 2001 From: Kent Shultz Date: Fri, 30 May 2014 10:28:54 -0700 Subject: [PATCH 1/6] add support for realip --- nginx/templates/config.jinja | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/nginx/templates/config.jinja b/nginx/templates/config.jinja index 693be56..de564d4 100644 --- a/nginx/templates/config.jinja +++ b/nginx/templates/config.jinja @@ -13,6 +13,14 @@ events { } http { + {% if 'set_real_ips' in nginx -%} + {% for ip in nginx.get('set_real_ips', {}).get('ips', []) -%} + set_real_ip_from {{ ip }}; + {% endfor -%} + real_ip_header {{ nginx.get('set_real_ips', {}).get('real_ip_header', 'X-Forwarded-For') }}; + + {% endif -%} + include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$scheme://$host:$server_port$uri$is_args$args $remote_addr:$remote_user "$request" $request_time $request_length:$bytes_sent $status "$http_referer" "$http_user_agent" "$http_x_forwarded_for"'; From 4f0aa05b6f57e93c7e75591e0c196ff542f72919 Mon Sep 17 00:00:00 2001 From: Kent Shultz Date: Fri, 30 May 2014 10:30:08 -0700 Subject: [PATCH 2/6] whitespace cleanup --- nginx/templates/config.jinja | 1 - 1 file changed, 1 deletion(-) diff --git a/nginx/templates/config.jinja b/nginx/templates/config.jinja index de564d4..a8cc4f1 100644 --- a/nginx/templates/config.jinja +++ b/nginx/templates/config.jinja @@ -20,7 +20,6 @@ http { real_ip_header {{ nginx.get('set_real_ips', {}).get('real_ip_header', 'X-Forwarded-For') }}; {% endif -%} - include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$scheme://$host:$server_port$uri$is_args$args $remote_addr:$remote_user "$request" $request_time $request_length:$bytes_sent $status "$http_referer" "$http_user_agent" "$http_x_forwarded_for"'; From def291d210b32a2c1212da27514d9fdafec1f1bd Mon Sep 17 00:00:00 2001 From: Kent Shultz Date: Fri, 30 May 2014 11:02:46 -0700 Subject: [PATCH 3/6] check for realip module --- nginx/templates/config.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx/templates/config.jinja b/nginx/templates/config.jinja index a8cc4f1..6ddc652 100644 --- a/nginx/templates/config.jinja +++ b/nginx/templates/config.jinja @@ -13,7 +13,7 @@ events { } http { - {% if 'set_real_ips' in nginx -%} + {% if 'set_real_ips' in nginx and salt['cmdmod.retcode']('nginx -V 2>&1 | grep http_realip_module') == 0 -%} {% for ip in nginx.get('set_real_ips', {}).get('ips', []) -%} set_real_ip_from {{ ip }}; {% endfor -%} From 26f606e63481d87586fb71b0eb982dbb0d581852 Mon Sep 17 00:00:00 2001 From: Kent Shultz Date: Fri, 30 May 2014 11:05:31 -0700 Subject: [PATCH 4/6] fix name of cmd call --- nginx/templates/config.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx/templates/config.jinja b/nginx/templates/config.jinja index 6ddc652..0b21441 100644 --- a/nginx/templates/config.jinja +++ b/nginx/templates/config.jinja @@ -13,7 +13,7 @@ events { } http { - {% if 'set_real_ips' in nginx and salt['cmdmod.retcode']('nginx -V 2>&1 | grep http_realip_module') == 0 -%} + {% if 'set_real_ips' in nginx and salt['cmd.retcode']('nginx -V 2>&1 | grep http_realip_module') == 0 -%} {% for ip in nginx.get('set_real_ips', {}).get('ips', []) -%} set_real_ip_from {{ ip }}; {% endfor -%} From c2b896ea529a96fbc087e6e9c3db9a954ee46f3f Mon Sep 17 00:00:00 2001 From: Kent Shultz Date: Mon, 2 Jun 2014 16:00:09 -0700 Subject: [PATCH 5/6] remove nginx -V check; add pillar example --- nginx/templates/config.jinja | 2 +- pillar.example | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/nginx/templates/config.jinja b/nginx/templates/config.jinja index 0b21441..a8cc4f1 100644 --- a/nginx/templates/config.jinja +++ b/nginx/templates/config.jinja @@ -13,7 +13,7 @@ events { } http { - {% if 'set_real_ips' in nginx and salt['cmd.retcode']('nginx -V 2>&1 | grep http_realip_module') == 0 -%} + {% if 'set_real_ips' in nginx -%} {% for ip in nginx.get('set_real_ips', {}).get('ips', []) -%} set_real_ip_from {{ ip }}; {% endfor -%} diff --git a/pillar.example b/pillar.example index 05019aa..6477648 100644 --- a/pillar.example +++ b/pillar.example @@ -3,6 +3,10 @@ nginx: use_upstart: True with_luajit: False with_openresty: True + set_real_ips: # NOTE: to use this, nginx must have http_realip module enabled + ips: + - 10.10.10.0/24 + real_ip_header: X-Forwarded-For modules: headers-more: source: http://github.com/agentzh/headers-more-nginx-module/tarball/v0.21 From a978ac74fc2d97bb0a8b5d36b8ab6da193e65845 Mon Sep 17 00:00:00 2001 From: Kent Shultz Date: Mon, 2 Jun 2014 16:03:04 -0700 Subject: [PATCH 6/6] change attribute name for better readability --- nginx/templates/config.jinja | 2 +- pillar.example | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx/templates/config.jinja b/nginx/templates/config.jinja index a8cc4f1..fe9340f 100644 --- a/nginx/templates/config.jinja +++ b/nginx/templates/config.jinja @@ -14,7 +14,7 @@ events { http { {% if 'set_real_ips' in nginx -%} - {% for ip in nginx.get('set_real_ips', {}).get('ips', []) -%} + {% for ip in nginx.get('set_real_ips', {}).get('from_ips', []) -%} set_real_ip_from {{ ip }}; {% endfor -%} real_ip_header {{ nginx.get('set_real_ips', {}).get('real_ip_header', 'X-Forwarded-For') }}; diff --git a/pillar.example b/pillar.example index 6477648..c1d8e7a 100644 --- a/pillar.example +++ b/pillar.example @@ -4,7 +4,7 @@ nginx: with_luajit: False with_openresty: True set_real_ips: # NOTE: to use this, nginx must have http_realip module enabled - ips: + from_ips: - 10.10.10.0/24 real_ip_header: X-Forwarded-For modules: