mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2026-05-04 03:10:43 +02:00
Christian Heusel
19 lines
708 B
Django/Jinja
19 lines
708 B
Django/Jinja
# Here we define which hosts we expect to receive proxied traffic from.
|
|
# If we receive traffic from one of these, we'll trust their real client IP as set by the PROXY protocol.
|
|
# Without this, we'd end up rate limiting our upstream proxies.
|
|
# See also https://nginx.org/en/docs/http/ngx_http_realip_module.html
|
|
|
|
{% if nginx_proxy_protocol_upstream_host or nginx_proxy_vendor %}
|
|
real_ip_header proxy_protocol;
|
|
{% endif %}
|
|
|
|
{% if nginx_proxy_protocol_upstream_host %}
|
|
set_real_ip_from {{ nginx_proxy_protocol_upstream_host }};
|
|
{% endif %}
|
|
|
|
{% if nginx_proxy_vendor %}
|
|
{% for proxy_ip_addr in vault_proxy_vendor_trusted_ips[nginx_proxy_vendor] %}
|
|
set_real_ip_from {{ proxy_ip_addr }};
|
|
{% endfor %}
|
|
{% endif %}
|