1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-24 12:35:25 +01:00

nginx preserve upstream header values, fix ip (#2847)

This commit is contained in:
Kyle Spearrin 2023-04-13 10:58:03 -04:00 committed by GitHub
parent 8509930722
commit 4673e3bbc9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 30 additions and 11 deletions

View File

@ -1,9 +1,21 @@
proxy_redirect off;
proxy_set_header Host $host;
map $http_host $upstream_host {
default "$host";
~. "$http_host";
}
proxy_set_header Host $upstream_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
map $http_x_forwarded_proto $upstream_scheme {
default "$scheme";
~. "$http_x_forwarded_proto";
}
proxy_set_header X-Url-Scheme $upstream_scheme;
proxy_set_header X-Forwarded-Proto $upstream_scheme;
client_max_body_size 505m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;

View File

@ -29,7 +29,6 @@ public static class CoreHelpers
private static readonly DateTime _max = new DateTime(9999, 1, 1, 0, 0, 0, DateTimeKind.Utc);
private static readonly Random _random = new Random();
private static readonly string CloudFlareConnectingIp = "CF-Connecting-IP";
private static readonly string RealIp = "X-Real-IP";
/// <summary>
/// Generate sequential Guid for Sql Server.
@ -560,10 +559,6 @@ public static class CoreHelpers
{
return httpContext.Request.Headers[CloudFlareConnectingIp].ToString();
}
if (globalSettings.SelfHosted && httpContext.Request.Headers.ContainsKey(RealIp))
{
return httpContext.Request.Headers[RealIp].ToString();
}
return httpContext.Connection?.RemoteIpAddress?.ToString();
}

View File

@ -1,9 +1,21 @@
proxy_redirect off;
proxy_set_header Host $host;
map $http_host $upstream_host {
default "$host";
~. "$http_host";
}
proxy_set_header Host $upstream_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
map $http_x_forwarded_proto $upstream_scheme {
default "$scheme";
~. "$http_x_forwarded_proto";
}
proxy_set_header X-Url-Scheme $upstream_scheme;
proxy_set_header X-Forwarded-Proto $upstream_scheme;
client_max_body_size 505m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;