7x31/nginxconfig.io
1
0
Fork 0
mirror of https://github.com/digitalocean/nginxconfig.io.git synced 2025-11-06 03:06:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add NGINX implementation of proxy_set_header Forwarded (#275)

Browse Source 
* add NGINX implementation of proxy_set_header Forwarded

* update copyright year

* Treat X-Forwarded-* same

* Comments
This commit is contained in:
Justin Goette
2021-05-29 08:12:50 -04:00
committed by GitHub
parent af75bd2e79
commit 6200e74842
9 changed files with 96 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/nginxconfig/generators/conf/nginx.conf.js
View File

@@ -196,6 +196,21 @@ export default (domains, global) => {
'default': 'upgrade',
'""': 'close',
}]);
// See https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/
config.http.push(['map $remote_addr $proxy_forwarded_elem', {
'# IPv4 addresses can be sent as-is': '',
'~^[0-9.]+$': '"for=$remote_addr"',
'# IPv6 addresses need to be bracketed and quoted': '',
'~^[0-9A-Fa-f:.]+$': '"for=\\"[$remote_addr]\\""',
'# Unix domain socket names cannot be represented in RFC 7239 syntax': '',
'default': '"for=unknown"',
}]);
config.http.push(['map $http_forwarded $proxy_add_forwarded', {
'# If the incoming Forwarded header is syntactically valid, append to it': '',
'': '"~^(,[ \\\\t]*)*([!#$%&\'*+.^_`|~0-9A-Za-z-]+=([!#$%&\'*+.^_`|~0-9A-Za-z-]+|\\"([\\\\t \\\\x21\\\\x23-\\\\x5B\\\\x5D-\\\\x7E\\\\x80-\\\\xFF]|\\\\\\\\[\\\\t \\\\x21-\\\\x7E\\\\x80-\\\\xFF])*\\"))?(;([!#$%&\'*+.^_`|~0-9A-Za-z-]+=([!#$%&\'*+.^_`|~0-9A-Za-z-]+|\\"([\\\\t \\\\x21\\\\x23-\\\\x5B\\\\x5D-\\\\x7E\\\\x80-\\\\xFF]|\\\\\\\\[\\\\t \\\\x21-\\\\x7E\\\\x80-\\\\xFF])*\\"))?)*([ \\\\t]*,([ \\\\t]*([!#$%&\'*+.^_`|~0-9A-Za-z-]+=([!#$%&\'*+.^_`|~0-9A-Za-z-]+|\\"([\\\\t \\\\x21\\\\x23-\\\\x5B\\\\x5D-\\\\x7E\\\\x80-\\\\xFF]|\\\\\\\\[\\\\t \\\\x21-\\\\x7E\\\\x80-\\\\xFF])*\\"))?(;([!#$%&\'*+.^_`|~0-9A-Za-z-]+=([!#$%&\'*+.^_`|~0-9A-Za-z-]+|\\"([\\\\t \\\\x21\\\\x23-\\\\x5B\\\\x5D-\\\\x7E\\\\x80-\\\\xFF]|\\\\\\\\[\\\\t \\\\x21-\\\\x7E\\\\x80-\\\\xFF])*\\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem"',
'# Otherwise, replace it': '',
'default': '"$proxy_forwarded_elem"',
}]);
}
// Configs!

19
src/nginxconfig/generators/conf/proxy.conf.js
View File

@@ -1,5 +1,5 @@
/*
Copyright 2020 DigitalOcean
Copyright 2021 DigitalOcean
This code is licensed under the MIT License.
You may obtain a copy of the License at
@@ -35,10 +35,19 @@ export default global => {
config['proxy_set_header Connection'] = '$connection_upgrade';
config['proxy_set_header Host'] = '$host';
config['proxy_set_header X-Real-IP'] = '$remote_addr';
config['proxy_set_header X-Forwarded-For'] = '$proxy_add_x_forwarded_for';
config['proxy_set_header X-Forwarded-Proto'] = '$scheme';
config['proxy_set_header X-Forwarded-Host'] = '$host';
config['proxy_set_header X-Forwarded-Port'] = '$server_port';
config['proxy_set_header Forwarded'] = '$proxy_add_forwarded';
if (global.reverseProxy.proxyCoexistenceXForwarded.computed == 'passOn') {
config['proxy_set_header X-Forwarded-For'] = '$proxy_add_x_forwarded_for';
config['proxy_set_header X-Forwarded-Proto'] = '$scheme';
config['proxy_set_header X-Forwarded-Host'] = '$host';
config['proxy_set_header X-Forwarded-Port'] = '$server_port';
} else {
config['proxy_set_header X-Forwarded-For'] = '""';
config['proxy_set_header X-Forwarded-Proto'] = '""';
config['proxy_set_header X-Forwarded-Host'] = '""';
config['proxy_set_header X-Forwarded-Port'] = '""';
}
config['# Proxy timeouts'] = '';
config['proxy_connect_timeout'] = global.reverseProxy.proxyConnectTimeout.computed;