From f8db34649f1722471ca2554dc9f9036d318c055a Mon Sep 17 00:00:00 2001 From: Jesper Kristensen Date: Tue, 16 Apr 2024 12:44:20 +0200 Subject: [PATCH 1/2] 1185: Ensured real ip is logged in nginx --- infrastructure/itkdev/etc/confd/templates/nginx.conf.tmpl | 6 +++++- .../os2display/etc/confd/templates/nginx.conf.tmpl | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/infrastructure/itkdev/etc/confd/templates/nginx.conf.tmpl b/infrastructure/itkdev/etc/confd/templates/nginx.conf.tmpl index a3961034..7b978c7c 100644 --- a/infrastructure/itkdev/etc/confd/templates/nginx.conf.tmpl +++ b/infrastructure/itkdev/etc/confd/templates/nginx.conf.tmpl @@ -34,7 +34,11 @@ http { include /etc/nginx/mime.types; default_type application/octet-stream; - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + set_real_ip_from 172.16.0.0/8; + real_ip_recursive on; + real_ip_header X-Forwarded-For; + + log_format main '$http_x_real_ip - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; diff --git a/infrastructure/os2display/etc/confd/templates/nginx.conf.tmpl b/infrastructure/os2display/etc/confd/templates/nginx.conf.tmpl index a3961034..7b978c7c 100644 --- a/infrastructure/os2display/etc/confd/templates/nginx.conf.tmpl +++ b/infrastructure/os2display/etc/confd/templates/nginx.conf.tmpl @@ -34,7 +34,11 @@ http { include /etc/nginx/mime.types; default_type application/octet-stream; - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + set_real_ip_from 172.16.0.0/8; + real_ip_recursive on; + real_ip_header X-Forwarded-For; + + log_format main '$http_x_real_ip - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; From dee8f0af76d013404f4e93b1bb6eca376b7bfe12 Mon Sep 17 00:00:00 2001 From: Troels Ugilt Jensen <6103205+tuj@users.noreply.github.com> Date: Fri, 19 Apr 2024 14:37:45 +0200 Subject: [PATCH 2/2] 1185: Updated changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 310b32cd..8683bf16 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,8 @@ All notable changes to this project will be documented in this file. - [#123](https://github.com/os2display/display-client/pull/123) + - Ensured real ip is logged in nginx. +- [#124](https://github.com/os2display/display-client/pull/124) - Changed to apply max-age 7d to all files and added cache busting to config.json and release.json. - Added "loginCheckTimeout", "configFetchInterval", "refreshTokenTimeout", "releaseTimestampIntervalTimeout" to config.json. - Simplified config.json.