From 895c01a377f04df73311d6014334a60ef3dec2ea Mon Sep 17 00:00:00 2001 From: Roshan Piyush Date: Thu, 2 May 2024 13:08:15 +0530 Subject: [PATCH] Preserve X-Forwarded-For --- services/web/nginx.conf.template | 8 ++++++++ services/web/nginx.ssl.conf.template | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/services/web/nginx.conf.template b/services/web/nginx.conf.template index 317ac343..2d266d96 100644 --- a/services/web/nginx.conf.template +++ b/services/web/nginx.conf.template @@ -22,6 +22,7 @@ server { proxy_pass ${HTTP_PROTOCOL}://${COMMUNITY_SERVICE}; proxy_set_header Host ${COMMUNITY_SERVICE}; proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for sub_filter_types application/json text/html; sub_filter "://${COMMUNITY_SERVICE}" "://$http_host"; sub_filter_once off; @@ -39,6 +40,7 @@ server { proxy_pass ${HTTP_PROTOCOL}://${IDENTITY_SERVICE}; proxy_set_header Host ${IDENTITY_SERVICE}; proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for } location /workshop/ { @@ -53,6 +55,7 @@ server { proxy_pass ${HTTP_PROTOCOL}://${WORKSHOP_SERVICE}; proxy_set_header Host ${WORKSHOP_SERVICE}; proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for sub_filter_types application/json text/html; sub_filter "${HTTP_PROTOCOL}://${WORKSHOP_SERVICE}" "$scheme://$http_host"; sub_filter_once off; @@ -70,6 +73,7 @@ server { proxy_pass ${HTTP_PROTOCOL}://${CHATBOT_SERVICE}; proxy_set_header Host ${CHATBOT_SERVICE}; proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for sub_filter_types application/json text/html; sub_filter "://${CHATBOT_SERVICE}" "://$http_host"; sub_filter_once off; @@ -112,6 +116,7 @@ server { proxy_pass ${HTTP_PROTOCOL}://${COMMUNITY_SERVICE}; proxy_set_header Host ${COMMUNITY_SERVICE}; proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for sub_filter_types application/json text/html; sub_filter "://${COMMUNITY_SERVICE}" "://$http_host"; sub_filter_once off; @@ -129,6 +134,7 @@ server { proxy_pass ${HTTP_PROTOCOL}://${IDENTITY_SERVICE}; proxy_set_header Host ${IDENTITY_SERVICE}; proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for } location /workshop/ { @@ -143,6 +149,7 @@ server { proxy_pass ${HTTP_PROTOCOL}://${WORKSHOP_SERVICE}; proxy_set_header Host ${WORKSHOP_SERVICE}; proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for sub_filter_types application/json text/html; sub_filter "${HTTP_PROTOCOL}://${WORKSHOP_SERVICE}" "$scheme://$http_host"; sub_filter_once off; @@ -160,6 +167,7 @@ server { proxy_pass ${HTTP_PROTOCOL}://${CHATBOT_SERVICE}; proxy_set_header Host ${CHATBOT_SERVICE}; proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for sub_filter_types application/json text/html; sub_filter "${HTTP_PROTOCOL}://${CHATBOT_SERVICE}" "$scheme://$http_host"; sub_filter_once off; diff --git a/services/web/nginx.ssl.conf.template b/services/web/nginx.ssl.conf.template index f7aedb4a..8cf72670 100644 --- a/services/web/nginx.ssl.conf.template +++ b/services/web/nginx.ssl.conf.template @@ -21,6 +21,7 @@ server { proxy_pass ${HTTP_PROTOCOL}://${COMMUNITY_SERVICE}; proxy_set_header Host ${COMMUNITY_SERVICE}; proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for sub_filter_types application/json text/html; sub_filter "${HTTP_PROTOCOL}://${COMMUNITY_SERVICE}" "$scheme://$http_host"; sub_filter_once off; @@ -40,6 +41,7 @@ server { proxy_pass ${HTTP_PROTOCOL}://${IDENTITY_SERVICE}; proxy_set_header Host ${IDENTITY_SERVICE}; proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for proxy_ssl_verify off; proxy_ssl_trusted_certificate /app/certs/server.crt; } @@ -56,6 +58,7 @@ server { proxy_pass ${HTTP_PROTOCOL}://${WORKSHOP_SERVICE}; proxy_set_header Host ${WORKSHOP_SERVICE}; proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for sub_filter_types application/json text/html; sub_filter "${HTTP_PROTOCOL}://${WORKSHOP_SERVICE}" "$scheme://$http_host"; sub_filter_once off; @@ -75,6 +78,7 @@ server { proxy_pass ${HTTP_PROTOCOL}://${CHATBOT_SERVICE}; proxy_set_header Host ${CHATBOT_SERVICE}; proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for sub_filter_types application/json text/html; sub_filter "${HTTP_PROTOCOL}://${CHATBOT_SERVICE}" "$scheme://$http_host"; sub_filter_once off; @@ -121,6 +125,7 @@ server { proxy_pass ${HTTP_PROTOCOL}://${COMMUNITY_SERVICE}; proxy_set_header Host ${COMMUNITY_SERVICE}; proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for sub_filter_types application/json text/html; sub_filter "${HTTP_PROTOCOL}://${COMMUNITY_SERVICE}" "$scheme://$http_host"; sub_filter_once off; @@ -138,6 +143,7 @@ server { proxy_pass ${HTTP_PROTOCOL}://${IDENTITY_SERVICE}; proxy_set_header Host ${IDENTITY_SERVICE}; proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for } location /workshop/ { @@ -152,6 +158,7 @@ server { proxy_pass ${HTTP_PROTOCOL}://${WORKSHOP_SERVICE}; proxy_set_header Host ${WORKSHOP_SERVICE}; proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for sub_filter_types application/json text/html; sub_filter "${HTTP_PROTOCOL}://${WORKSHOP_SERVICE}" "$scheme://$http_host"; sub_filter_once off; @@ -169,6 +176,7 @@ server { proxy_pass ${HTTP_PROTOCOL}://${CHATBOT_SERVICE}; proxy_set_header Host ${CHATBOT_SERVICE}; proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for sub_filter_types application/json text/html; sub_filter "://${CHATBOT_SERVICE}" "://$http_host"; sub_filter_once off;