7x31/mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Nginx] Fix IPv6 subnet, only rewrite to HTTPS when request is not internal

Browse Source
This commit is contained in:
andre.peters
2018-02-01 13:36:01 +01:00
parent 5527d6fb94
commit 70ac65d794
1 changed files with 12 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
data/conf/nginx/site.conf
View File

@@ -7,11 +7,12 @@ map $http_x_forwarded_proto $client_req_scheme {
https https;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
include /etc/nginx/conf.d/server_name.active;
return 301 https://$host$request_uri;
geo $non_internal {
default 1;
10.0.0.0/8 0;
172.16.0.0/12 0;
192.168.0.0/16 0;
fc00::/7 0;
}
server {
@@ -32,6 +33,10 @@ server {
include /etc/nginx/conf.d/listen_plain.active;
include /etc/nginx/conf.d/server_name.active;
if ($non_internal) {
return 302 https://$server_name$request_uri;
}
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
absolute_redirect off;
@@ -50,7 +55,7 @@ server {
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
set_real_ip_from fd00::/8;
set_real_ip_from fc00::/7;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
@@ -232,7 +237,7 @@ server {
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
set_real_ip_from fd00::/8;
set_real_ip_from fc00::/7;
real_ip_header X-Forwarded-For;
real_ip_recursive on;