From 6dc2e1b328e672ca6aa5388ce45eaea076abee21 Mon Sep 17 00:00:00 2001
From: Kyle Spearrin <kyle.spearrin@gmail.com>
Date: Fri, 26 Apr 2019 12:26:54 -0400
Subject: [PATCH] real ips config

---
 util/Setup/Configuration.cs          | 6 ++++++
 util/Setup/NginxConfigBuilder.cs     | 4 +++-
 util/Setup/Templates/NginxConfig.hbs | 6 ++++++
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/util/Setup/Configuration.cs b/util/Setup/Configuration.cs
index 525a61b4b..52b7d5feb 100644
--- a/util/Setup/Configuration.cs
+++ b/util/Setup/Configuration.cs
@@ -1,4 +1,5 @@
 using System;
+using System.Collections.Generic;
 using System.ComponentModel;
 using YamlDotNet.Serialization;
 
@@ -81,6 +82,11 @@ namespace Bit.Setup
             "Learn more: https://docs.docker.com/storage/volumes/")]
         public bool DatabaseDockerVolume { get; set; }
 
+        [Description("Defines \"real\" IPs in nginx.conf. Useful for defining proxy servers that forward the \n" +
+            "client IP address.\n" +
+            "Learn more: https://nginx.org/en/docs/http/ngx_http_realip_module.html")]
+        public List<string> RealIps { get; set; }
+
         [YamlIgnore]
         public string Domain
         {
diff --git a/util/Setup/NginxConfigBuilder.cs b/util/Setup/NginxConfigBuilder.cs
index 7db218d49..6f82e2eee 100644
--- a/util/Setup/NginxConfigBuilder.cs
+++ b/util/Setup/NginxConfigBuilder.cs
@@ -1,4 +1,4 @@
-using System;
+using System.Collections.Generic;
 using System.IO;
 
 namespace Bit.Setup
@@ -78,6 +78,7 @@ namespace Bit.Setup
                 Ssl = context.Config.Ssl;
                 Domain = context.Config.Domain;
                 Url = context.Config.Url;
+                RealIps = context.Config.RealIps;
 
                 if(Ssl)
                 {
@@ -129,6 +130,7 @@ namespace Bit.Setup
             public string SslCiphers { get; set; }
             public string SslProtocols { get; set; }
             public string ContentSecurityPolicy => string.Format(NginxConfigBuilder.ContentSecurityPolicy, Domain);
+            public List<string> RealIps { get; set; }
         }
     }
 }
diff --git a/util/Setup/Templates/NginxConfig.hbs b/util/Setup/Templates/NginxConfig.hbs
index f7fdb135b..dc9b689ec 100644
--- a/util/Setup/Templates/NginxConfig.hbs
+++ b/util/Setup/Templates/NginxConfig.hbs
@@ -49,6 +49,12 @@ server {
   include /etc/nginx/security-headers-ssl.conf;
 {{/if}}
   include /etc/nginx/security-headers.conf;
+{{#if RealIps}}
+
+{{#each RealIps}}
+  set_real_ip_from {{{Value}}}
+{{/each}}
+{{/if}}
 
   location / {
     proxy_pass http://web:5000/;