From aa270925e96c51fd52f17b7087cd4adcfde98938 Mon Sep 17 00:00:00 2001
From: Jamie Curnow <jc@jc21.com>
Date: Thu, 3 Jan 2019 08:18:48 +1000
Subject: [PATCH] Additional nginx config for real ip determination

---
 rootfs/etc/nginx/conf.d/default.conf | 3 ---
 rootfs/etc/nginx/nginx.conf          | 9 +++++++++
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/rootfs/etc/nginx/conf.d/default.conf b/rootfs/etc/nginx/conf.d/default.conf
index 729b94a..490e286 100644
--- a/rootfs/etc/nginx/conf.d/default.conf
+++ b/rootfs/etc/nginx/conf.d/default.conf
@@ -1,6 +1,3 @@
-# Generated IP Ranges for safe real IP determination
-include conf.d/include/ip_ranges.conf;
-
 # Healthcheck Host which proxies to the Manager,
 # thus the healthcheck ensures both services are running
 server {
diff --git a/rootfs/etc/nginx/nginx.conf b/rootfs/etc/nginx/nginx.conf
index 14efa59..ad51c87 100644
--- a/rootfs/etc/nginx/nginx.conf
+++ b/rootfs/etc/nginx/nginx.conf
@@ -59,6 +59,15 @@ http {
     default http;
   }
 
+  # Real IP Determination
+  # Docker subnet:
+  set_real_ip_from 172.0.0.0/8;
+  # NPM generated CDN ip ranges:
+  include conf.d/include/ip_ranges.conf;
+  # always put the following 2 lines after ip subnets:
+  real_ip_header X-Forwarded-For;
+  real_ip_recursive on;
+
   # Files generated by NPM
   include /etc/nginx/conf.d/*.conf;
   include /data/nginx/proxy_host/*.conf;