From d66fedd262750a340d068ca456009def6376cbcc Mon Sep 17 00:00:00 2001 From: LorcanMcVeigh Date: Thu, 3 Sep 2020 10:15:37 +0100 Subject: [PATCH 1/4] Support real-ip in default server --- internal/configs/configmaps.go | 3 +++ internal/configs/version1/config.go | 3 +++ internal/configs/version1/nginx-plus.tmpl | 5 +++++ internal/configs/version1/nginx.tmpl | 6 ++++++ 4 files changed, 17 insertions(+) diff --git a/internal/configs/configmaps.go b/internal/configs/configmaps.go index a2433455ba..589545fca4 100644 --- a/internal/configs/configmaps.go +++ b/internal/configs/configmaps.go @@ -519,6 +519,9 @@ func GenerateNginxMainConfig(staticCfgParams *StaticConfigParams, config *Config ResolverIPV6: config.ResolverIPV6, ResolverTimeout: config.ResolverTimeout, ResolverValid: config.ResolverValid, + RealIPHeader: config.RealIPHeader, + RealIPRecursive: config.RealIPRecursive, + SetRealIPFrom: config.SetRealIPFrom, ServerNamesHashBucketSize: config.MainServerNamesHashBucketSize, ServerNamesHashMaxSize: config.MainServerNamesHashMaxSize, ServerTokens: config.ServerTokens, diff --git a/internal/configs/version1/config.go b/internal/configs/version1/config.go index 52231ac4d7..b41f52031d 100644 --- a/internal/configs/version1/config.go +++ b/internal/configs/version1/config.go @@ -166,6 +166,9 @@ type MainConfig struct { ResolverIPV6 bool ResolverTimeout string ResolverValid string + RealIPHeader string + RealIPRecursive bool + SetRealIPFrom []string ServerNamesHashBucketSize string ServerNamesHashMaxSize string ServerTokens string diff --git a/internal/configs/version1/nginx-plus.tmpl b/internal/configs/version1/nginx-plus.tmpl index 9d24fcf70b..c8ba763011 100644 --- a/internal/configs/version1/nginx-plus.tmpl +++ b/internal/configs/version1/nginx-plus.tmpl @@ -115,6 +115,11 @@ http { ssl_certificate /etc/nginx/secrets/default; ssl_certificate_key /etc/nginx/secrets/default; + {{range $setRealIPFrom := $.SetRealIPFrom}} + set_real_ip_from {{$setRealIPFrom}};{{end}} + {{if $.RealIPHeader}}real_ip_header {{$.RealIPHeader}};{{end}} + {{if $.RealIPRecursive}}real_ip_recursive on;{{end}} + server_name _; server_tokens "{{.ServerTokens}}"; {{if .DefaultServerAccessLogOff}} diff --git a/internal/configs/version1/nginx.tmpl b/internal/configs/version1/nginx.tmpl index d59ec49b31..599c9630e5 100644 --- a/internal/configs/version1/nginx.tmpl +++ b/internal/configs/version1/nginx.tmpl @@ -101,6 +101,12 @@ http { ssl_certificate /etc/nginx/secrets/default; ssl_certificate_key /etc/nginx/secrets/default; + # this is a change check + {{range $setRealIPFrom := .SetRealIPFrom}} + set_real_ip_from {{$setRealIPFrom}};{{end}} + {{if .RealIPHeader}}real_ip_header {{.RealIPHeader}};{{end}} + {{if .RealIPRecursive}}real_ip_recursive on;{{end}} + server_name _; server_tokens "{{.ServerTokens}}"; {{if .DefaultServerAccessLogOff}} From 638d51ccec4e15aa94dfef551b0d1ecabac06cef Mon Sep 17 00:00:00 2001 From: LorcanMcVeigh Date: Fri, 4 Sep 2020 11:44:59 +0100 Subject: [PATCH 2/4] Removed comment --- internal/configs/version1/nginx.tmpl | 1 - 1 file changed, 1 deletion(-) diff --git a/internal/configs/version1/nginx.tmpl b/internal/configs/version1/nginx.tmpl index 599c9630e5..1371804af8 100644 --- a/internal/configs/version1/nginx.tmpl +++ b/internal/configs/version1/nginx.tmpl @@ -101,7 +101,6 @@ http { ssl_certificate /etc/nginx/secrets/default; ssl_certificate_key /etc/nginx/secrets/default; - # this is a change check {{range $setRealIPFrom := .SetRealIPFrom}} set_real_ip_from {{$setRealIPFrom}};{{end}} {{if .RealIPHeader}}real_ip_header {{.RealIPHeader}};{{end}} From 7395fe80e39aec223036287bfbc5e6e44a7fce09 Mon Sep 17 00:00:00 2001 From: LorcanMcVeigh Date: Fri, 4 Sep 2020 12:45:30 +0100 Subject: [PATCH 3/4] Changed whitespace --- internal/configs/version1/nginx-plus.tmpl | 6 +++--- internal/configs/version1/nginx.tmpl | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/internal/configs/version1/nginx-plus.tmpl b/internal/configs/version1/nginx-plus.tmpl index c8ba763011..87ffc3ca8e 100644 --- a/internal/configs/version1/nginx-plus.tmpl +++ b/internal/configs/version1/nginx-plus.tmpl @@ -116,9 +116,9 @@ http { ssl_certificate_key /etc/nginx/secrets/default; {{range $setRealIPFrom := $.SetRealIPFrom}} - set_real_ip_from {{$setRealIPFrom}};{{end}} - {{if $.RealIPHeader}}real_ip_header {{$.RealIPHeader}};{{end}} - {{if $.RealIPRecursive}}real_ip_recursive on;{{end}} + set_real_ip_from {{$setRealIPFrom}};{{end}} + {{if $.RealIPHeader}}real_ip_header {{$.RealIPHeader}};{{end}} + {{if $.RealIPRecursive}}real_ip_recursive on;{{end}} server_name _; server_tokens "{{.ServerTokens}}"; diff --git a/internal/configs/version1/nginx.tmpl b/internal/configs/version1/nginx.tmpl index 1371804af8..c4ac7c3e80 100644 --- a/internal/configs/version1/nginx.tmpl +++ b/internal/configs/version1/nginx.tmpl @@ -102,9 +102,9 @@ http { ssl_certificate_key /etc/nginx/secrets/default; {{range $setRealIPFrom := .SetRealIPFrom}} - set_real_ip_from {{$setRealIPFrom}};{{end}} - {{if .RealIPHeader}}real_ip_header {{.RealIPHeader}};{{end}} - {{if .RealIPRecursive}}real_ip_recursive on;{{end}} + set_real_ip_from {{$setRealIPFrom}};{{end}} + {{if .RealIPHeader}}real_ip_header {{.RealIPHeader}};{{end}} + {{if .RealIPRecursive}}real_ip_recursive on;{{end}} server_name _; server_tokens "{{.ServerTokens}}"; From 5016196dfd8837179b9195cfba654ad23e08b6d8 Mon Sep 17 00:00:00 2001 From: LorcanMcVeigh Date: Mon, 7 Sep 2020 11:40:18 +0100 Subject: [PATCH 4/4] Feedback --- internal/configs/version1/nginx-plus.tmpl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/configs/version1/nginx-plus.tmpl b/internal/configs/version1/nginx-plus.tmpl index 87ffc3ca8e..40a9aab7f8 100644 --- a/internal/configs/version1/nginx-plus.tmpl +++ b/internal/configs/version1/nginx-plus.tmpl @@ -115,10 +115,10 @@ http { ssl_certificate /etc/nginx/secrets/default; ssl_certificate_key /etc/nginx/secrets/default; - {{range $setRealIPFrom := $.SetRealIPFrom}} + {{range $setRealIPFrom := .SetRealIPFrom}} set_real_ip_from {{$setRealIPFrom}};{{end}} - {{if $.RealIPHeader}}real_ip_header {{$.RealIPHeader}};{{end}} - {{if $.RealIPRecursive}}real_ip_recursive on;{{end}} + {{if .RealIPHeader}}real_ip_header {{.RealIPHeader}};{{end}} + {{if .RealIPRecursive}}real_ip_recursive on;{{end}} server_name _; server_tokens "{{.ServerTokens}}";