debfranca
/
ansible-roles
forked from ISTI-ansible-roles/ansible-roles
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

simplesaml virtualhost: set the real client ip address when behind a load balancer.

This commit is contained in:
Andrea Dell'Amico 2019-10-31 11:18:21 +01:00
parent e62d8b3ae6
commit 07e7139b79
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
library/roles/simplesaml/templates/nginx-virthost.conf
View File

@ -28,6 +28,14 @@ server {
include /etc/nginx/snippets/nginx-server-ssl.conf; include /etc/nginx/snippets/nginx-server-ssl.conf;
server_tokens off; server_tokens off;
{% if haproxy_ips is defined %}
# We are behind haproxy
{% for ip in haproxy_ips %}
set_real_ip_from {{ ip }};
{% endfor %}
real_ip_header X-Forwarded-For;
{% endif %}
# Add headers to serve security related headers # Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this # Before enabling Strict-Transport-Security headers please read into this
# topic first. # topic first.