Make matrix-nginx-proxy's X-Forwarded-For header customizable

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1393
This commit is contained in:
Slavi Pantaleev 2021-11-24 11:32:06 +02:00
parent 24a0d965bf
commit 3a9fe48deb
10 changed files with 23 additions and 15 deletions

View file

@ -111,6 +111,9 @@ matrix_coturn_enabled: false
# Trust the reverse proxy to send the correct `X-Forwarded-Proto` header as it is handling the SSL connection. # Trust the reverse proxy to send the correct `X-Forwarded-Proto` header as it is handling the SSL connection.
matrix_nginx_proxy_trust_forwarded_proto: true matrix_nginx_proxy_trust_forwarded_proto: true
# Trust and use the other reverse proxy's `X-Forwarded-For` header.
matrix_nginx_proxy_x_forwarded_for: '$proxy_add_x_forwarded_for'
``` ```
With this, nginx would still be in use, but it would not bother with anything SSL related or with taking up public ports. With this, nginx would still be in use, but it would not bother with anything SSL related or with taking up public ports.

View file

@ -382,6 +382,11 @@ matrix_nginx_proxy_ssl_prefer_server_ciphers: "{{ matrix_nginx_proxy_ssl_presets
# To see the full list for suportes ciphers run `openssl ciphers` on your server # To see the full list for suportes ciphers run `openssl ciphers` on your server
matrix_nginx_proxy_ssl_ciphers: "{{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['ciphers'] }}" matrix_nginx_proxy_ssl_ciphers: "{{ matrix_nginx_proxy_ssl_presets[matrix_nginx_proxy_ssl_preset]['ciphers'] }}"
# Specifies what to use for the X-Forwarded-For variable.
# If you're fronting the nginx reverse-proxy with additional reverse-proxy servers,
# you may wish to set this to '$proxy_add_x_forwarded_for' instead.
matrix_nginx_proxy_x_forwarded_for: '$remote_addr'
# Controls whether the self-check feature should validate SSL certificates. # Controls whether the self-check feature should validate SSL certificates.
matrix_nginx_proxy_self_check_validate_certificates: true matrix_nginx_proxy_self_check_validate_certificates: true

View file

@ -27,7 +27,7 @@
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
} }
{% endmacro %} {% endmacro %}

View file

@ -35,7 +35,7 @@
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
} }
{% endmacro %} {% endmacro %}

View file

@ -33,7 +33,7 @@
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
} }
{% endmacro %} {% endmacro %}

View file

@ -30,7 +30,7 @@
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
} }
{% endmacro %} {% endmacro %}

View file

@ -58,7 +58,7 @@
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
} }
{% endif %} {% endif %}
@ -76,7 +76,7 @@
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
} }
{% endif %} {% endif %}
@ -94,7 +94,7 @@
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
} }
{% endif %} {% endif %}
@ -111,7 +111,7 @@
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
} }
{% endif %} {% endif %}
@ -136,7 +136,7 @@
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
client_body_buffer_size 25M; client_body_buffer_size 25M;
@ -284,7 +284,7 @@ server {
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
client_body_buffer_size 25M; client_body_buffer_size 25M;

View file

@ -37,7 +37,7 @@
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
} }
{% endmacro %} {% endmacro %}

View file

@ -30,7 +30,7 @@
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
} }
# colibri (JVB) websockets # colibri (JVB) websockets
@ -45,7 +45,7 @@
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
@ -70,7 +70,7 @@
proxy_read_timeout 900s; proxy_read_timeout 900s;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
tcp_nodelay on; tcp_nodelay on;
} }

View file

@ -28,7 +28,7 @@
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For {{ matrix_nginx_proxy_x_forwarded_for }};
proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }}; proxy_set_header X-Forwarded-Proto {{ matrix_nginx_proxy_x_forwarded_proto_value }};
} }
{% endmacro %} {% endmacro %}