real ips config

util/Setup/Configuration.cs

@@ -1,4 +1,5 @@
 using System;
+using System.Collections.Generic;
 using System.ComponentModel;
 using YamlDotNet.Serialization;
 
@@ -81,6 +82,11 @@ namespace Bit.Setup
             "Learn more: https://docs.docker.com/storage/volumes/")]
         public bool DatabaseDockerVolume { get; set; }
 
+        [Description("Defines \"real\" IPs in nginx.conf. Useful for defining proxy servers that forward the \n" +
+            "client IP address.\n" +
+            "Learn more: https://nginx.org/en/docs/http/ngx_http_realip_module.html")]
+        public List<string> RealIps { get; set; }
+
         [YamlIgnore]
         public string Domain
         {

util/Setup/NginxConfigBuilder.cs

@@ -1,4 +1,4 @@
-using System;
+using System.Collections.Generic;
 using System.IO;
 
 namespace Bit.Setup
@@ -78,6 +78,7 @@ namespace Bit.Setup
                 Ssl = context.Config.Ssl;
                 Domain = context.Config.Domain;
                 Url = context.Config.Url;
+                RealIps = context.Config.RealIps;
 
                 if(Ssl)
                 {
@@ -129,6 +130,7 @@ namespace Bit.Setup
             public string SslCiphers { get; set; }
             public string SslProtocols { get; set; }
             public string ContentSecurityPolicy => string.Format(NginxConfigBuilder.ContentSecurityPolicy, Domain);
+            public List<string> RealIps { get; set; }
         }
     }
 }

util/Setup/Templates/NginxConfig.hbs

@@ -49,6 +49,12 @@ server {
   include /etc/nginx/security-headers-ssl.conf;
 {{/if}}
   include /etc/nginx/security-headers.conf;
+{{#if RealIps}}
+
+{{#each RealIps}}
+  set_real_ip_from {{{Value}}}
+{{/each}}
+{{/if}}
 
   location / {
     proxy_pass http://web:5000/;