Update nginx config with proxy headers #121
Conversation
Add comments for users using argument USE_FORWARDED_HEADERS=1
README.md
Outdated
| @@ -322,6 +322,10 @@ server { | |||
| proxy_read_timeout 24h; | |||
| proxy_http_version 1.1; | |||
| proxy_set_header Connection ""; | |||
| ## Remove comments only if you use argument USE_FORWARDED_HEADERS=1 ## | |||
There was a problem hiding this comment.
It’s safe to always provide these headers, no need to comment them. So, the comment should be “Be sure to set USE_FORWRDED_HEADERS to 1 to allow the hub to use those headers”.
There was a problem hiding this comment.
Ok to change the comment with "Be sure to set USE_FORWARDED_HEADERS=1 to allow the hub to use those headers"
README.md
Outdated
| @@ -322,6 +322,10 @@ server { | |||
| proxy_read_timeout 24h; | |||
| proxy_http_version 1.1; | |||
| proxy_set_header Connection ""; | |||
| ## Remove comments only if you use argument USE_FORWARDED_HEADERS=1 ## | |||
| #proxy_set_header Host $host; | |||
There was a problem hiding this comment.
X-Forwarded-Host must be set to prevent a security vulnerability. There are no needs to override Host however.
README.md
Outdated
| @@ -322,6 +322,10 @@ server { | |||
| proxy_read_timeout 24h; | |||
| proxy_http_version 1.1; | |||
| proxy_set_header Connection ""; | |||
| ## Remove comments only if you use argument USE_FORWARDED_HEADERS=1 ## | |||
| #proxy_set_header Host $host; | |||
| #proxy_set_header X-Real-IP $remote_addr; | |||
There was a problem hiding this comment.
Setting this one is useless if X-Forwarded-For is set.
However X-Forwarded-Scheme must be set to prevent an attacker to hijack it.
There was a problem hiding this comment.
I withdraw that. Thanks for the feedback
To get the IP address of client connecting to the hub
|
It's not possible to remove the other headers from the NGINX's config. If the |
|
Thanks, I added the missing headers. |
README.md
Outdated
|
|
||
| ## Be sure to set USE_FORWARDED_HEADERS=1 to allow the hub to use those headers ## | ||
| proxy_set_header X-Forwarded-Host $host:$server_port; | ||
| proxy_set_header X-Forwarded-Server $host; |
There was a problem hiding this comment.
This one is not supported, but X-Forwarded-Proto is missing.
There was a problem hiding this comment.
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
* Fixed mistake on port to give SSL connection (443, not 80) * Added proxy-headers X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Proto
|
ok, I'm tired -_- |
|
Thanks @Pyrrah! |
Link w/ #120: Add comments for users using argument USE_FORWARDED_HEADERS=1