Unverified Commit fb1a0182 authored by Alex Jarmoszuk's avatar Alex Jarmoszuk
Browse files

Added the ability to see Real IPs if Nginx is running under another proxy (such as Traefik).

parent 2e0a8307
......@@ -175,6 +175,11 @@ Default value :
Use this kind of environment variable to define custom error page depending on the HTTP error code. Replace XXX with HTTP code.
For example : `ERROR_404=/404.html` means the /404.html page will be displayed when 404 code is generated. The path is relative to the root web folder.
`PROXY_REAL_IP`
Values : *yes* | *no*
Default value : *no*
Use this kind of environment variable to define whether you're using Nginx inside another proxy, this means you will see "X-Forwarded-For" instead of regular "Remote-Addr" IPs inside your logs. Modsecurity will also then work correctly.
## HTTPS
`AUTO_LETS_ENCRYPT`
Values : *yes* | *no*
......
......@@ -62,7 +62,8 @@ http {
server_tokens %SERVER_TOKENS%;
# write logs to local syslogd
access_log syslog:server=unix:/dev/log,nohostname,facility=local0 combined;
%PROXY_REAL_IP%
access_log syslog:server=unix:/dev/log,nohostname,facility=local0 %LOG_TYPE%;
error_log syslog:server=unix:/dev/log,nohostname,facility=local0,severity=warn;
# lua path
......
log_format proxy '$http_x_real_ip - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
......@@ -131,6 +131,7 @@ USE_LIMIT_REQ="${USE_LIMIT_REQ-yes}"
LIMIT_REQ_RATE="${LIMIT_REQ_RATE-20r/s}"
LIMIT_REQ_BURST="${LIMIT_REQ_BURST-40}"
LIMIT_REQ_CACHE="${LIMIT_REQ_CACHE-10m}"
PROXY_REAL_IP="${PROXY_REAL_IP-no}"
# install additional modules if needed
if [ "$ADDITIONAL_MODULES" != "" ] ; then
......@@ -354,6 +355,14 @@ if [ "$USE_MODSECURITY" = "yes" ] ; then
else
replace_in_file "/etc/nginx/nginx.conf" "%USE_MODSECURITY%" ""
fi
if [ "$PROXY_REAL_IP" = "yes" ] ; then
replace_in_file "/etc/nginx/server.conf" "%PROXY_REAL_IP%" "include /etc/nginx/proxy-real-ip.conf;"
replace_in_file "/etc/nginx/server.conf" "%LOG_TYPE%" "proxy"
else
replace_in_file "/etc/nginx/server.conf" "%PROXY_REAL_IP%" ""
replace_in_file "/etc/nginx/server.conf" "%LOG_TYPE%" "combined"
fi
ERRORS=""
for var in $(env) ; do
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment