@@ -47,7 +47,12 @@ http {
4747
4848 client_max_body_size {{ or ( .deis_router_bodySize) "1m" }} ;
4949
50- log_format upstreaminfo '[$time_local] - $remote_addr - $remote_user - $status - "$request" - $bytes_sent - "$http_referer" - "$http_user_agent" - "$server_name" - $upstream_addr - $http_host - $upstream_response_time - $request_time' ;
50+ {{ $useProxyProtocol := or ( .deis_router_proxyProtocol) "false" }}{{ if ne $useProxyProtocol "false" }}
51+ set_real_ip_from {{ or ( .deis_router_proxyRealIpCidr) "10.0.0.0/8" }} ;
52+ real_ip_header proxy_protocol ;
53+ {{ end }}
54+
55+ log_format upstreaminfo '[$time_local] - {{ if .deis_router_proxyProtocol }}$proxy_protocol_addr{{ else }}$remote_addr{{ end }} - $remote_user - $status - "$request" - $bytes_sent - "$http_referer" - "$http_user_agent" - "$server_name" - $upstream_addr - $http_host - $upstream_response_time - $request_time' ;
5156
5257 # send logs to STDOUT so they can be seen using 'docker logs'
5358 access_log /opt/nginx/logs/access.log upstreaminfo;
@@ -82,7 +87,11 @@ http {
8287 {{ if eq $useFirewall "true" }} include /opt/nginx/firewall/active-mode.rules; {{ end }}
8388 proxy_buffering off;
8489 proxy_set_header Host $host ;
90+ {{ if ne $useProxyProtocol "false" }}
91+ proxy_set_header X-Forwarded-For $proxy_protocol_addr ;
92+ {{ else }}
8593 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
94+ {{ end }}
8695 proxy_redirect off;
8796 proxy_connect_timeout {{ or ( .deis_router_controller_timeout_connect) "10s" }} ;
8897 proxy_send_timeout {{ or ( .deis_router_controller_timeout_send) "20m" }} ;
@@ -126,7 +135,11 @@ http {
126135 {{ if eq $useFirewall "true" }} include /opt/nginx/firewall/active-mode.rules; {{ end }}
127136 proxy_buffering off;
128137 proxy_set_header Host $host ;
138+ {{ if ne $useProxyProtocol "false" }}
139+ proxy_set_header X-Forwarded-For $proxy_protocol_addr ;
140+ {{ else }}
129141 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
142+ {{ end }}
130143 proxy_redirect off;
131144 proxy_connect_timeout 10s ;
132145 proxy_send_timeout {{ $defaultTimeout }} s;
@@ -168,8 +181,8 @@ http {
168181 {{ if index $root ( printf "deis_certs_%s_cert" ( Replace ( Base $domain .Key) "-" "_" -1)) }}
169182 server_name_in_redirect off;
170183 port_in_redirect off;
171- listen 80 ;
172- listen 443 ssl spdy;
184+ listen 80 {{ if ne $useProxyProtocol "false" }} proxy_protocol {{ end }} ;
185+ listen 443 ssl spdy{{ if ne $useProxyProtocol "false" }} proxy_protocol {{ end }} ;
173186 ssl_certificate /etc/ssl /deis/certs/{{ Base $domain .Key }} .cert;
174187 ssl_certificate_key /etc/ssl /deis/keys/{{ Base $domain .Key }} .key;
175188 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
@@ -194,7 +207,11 @@ http {
194207 }
195208 proxy_set_header X-Forwarded-Port $access_port ;
196209 proxy_set_header X-Forwarded-Proto $access_scheme ;
210+ {{ if ne $useProxyProtocol "false" }}
211+ proxy_set_header X-Forwarded-For $proxy_protocol_addr ;
212+ {{ else }}
197213 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
214+ {{ end }}
198215 proxy_set_header X-Forwarded-Ssl $access_ssl ;
199216 proxy_redirect off;
200217 proxy_connect_timeout 30s ;
@@ -244,7 +261,11 @@ http {
244261 }
245262 proxy_set_header X-Forwarded-Port $access_port ;
246263 proxy_set_header X-Forwarded-Proto $access_scheme ;
264+ {{ if ne $useProxyProtocol "false" }}
265+ proxy_set_header X-Forwarded-For $proxy_protocol_addr ;
266+ {{ else }}
247267 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
268+ {{ end }}
248269 proxy_set_header X-Forwarded-Ssl $access_ssl ;
249270 proxy_redirect off;
250271 proxy_connect_timeout 30s ;
@@ -278,7 +299,7 @@ http {
278299
279300 # healthcheck
280301 server {
281- listen 80 default_server;
302+ listen 80 default_server{{ if .deis_router_proxyProtocol }} proxy_protocol {{ end }} ;
282303 location /health-check {
283304 default_type 'text/plain' ;
284305 access_log off;
0 commit comments