From f192748bf9e61b3dce8f43668f947022f1ba04fc Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Mon, 19 Oct 2020 11:40:50 +1000 Subject: [PATCH] Use x-real-ip header for the real-ip module --- .../etc/nginx/conf.d/include/ip_ranges.conf | 198 +----------------- docker/rootfs/etc/nginx/nginx.conf | 2 +- 2 files changed, 3 insertions(+), 197 deletions(-) diff --git a/docker/rootfs/etc/nginx/conf.d/include/ip_ranges.conf b/docker/rootfs/etc/nginx/conf.d/include/ip_ranges.conf index 2542b7f..3424932 100644 --- a/docker/rootfs/etc/nginx/conf.d/include/ip_ranges.conf +++ b/docker/rootfs/etc/nginx/conf.d/include/ip_ranges.conf @@ -1,196 +1,2 @@ - -set_real_ip_from 144.220.0.0/16; - -set_real_ip_from 52.124.128.0/17; - -set_real_ip_from 54.230.0.0/16; - -set_real_ip_from 54.239.128.0/18; - -set_real_ip_from 52.82.128.0/19; - -set_real_ip_from 99.84.0.0/16; - -set_real_ip_from 204.246.172.0/24; - -set_real_ip_from 205.251.192.0/19; - -set_real_ip_from 54.239.192.0/19; - -set_real_ip_from 70.132.0.0/18; - -set_real_ip_from 13.32.0.0/15; - -set_real_ip_from 13.224.0.0/14; - -set_real_ip_from 13.35.0.0/16; - -set_real_ip_from 204.246.164.0/22; - -set_real_ip_from 204.246.168.0/22; - -set_real_ip_from 71.152.0.0/17; - -set_real_ip_from 216.137.32.0/19; - -set_real_ip_from 205.251.249.0/24; - -set_real_ip_from 99.86.0.0/16; - -set_real_ip_from 52.46.0.0/18; - -set_real_ip_from 52.84.0.0/15; - -set_real_ip_from 204.246.173.0/24; - -set_real_ip_from 130.176.0.0/16; - -set_real_ip_from 64.252.64.0/18; - -set_real_ip_from 204.246.174.0/23; - -set_real_ip_from 64.252.128.0/18; - -set_real_ip_from 205.251.254.0/24; - -set_real_ip_from 143.204.0.0/16; - -set_real_ip_from 205.251.252.0/23; - -set_real_ip_from 204.246.176.0/20; - -set_real_ip_from 13.249.0.0/16; - -set_real_ip_from 54.240.128.0/18; - -set_real_ip_from 205.251.250.0/23; - -set_real_ip_from 52.222.128.0/17; - -set_real_ip_from 54.182.0.0/16; - -set_real_ip_from 54.192.0.0/16; - -set_real_ip_from 13.124.199.0/24; - -set_real_ip_from 34.226.14.0/24; - -set_real_ip_from 52.15.127.128/26; - -set_real_ip_from 35.158.136.0/24; - -set_real_ip_from 52.57.254.0/24; - -set_real_ip_from 18.216.170.128/25; - -set_real_ip_from 13.52.204.0/23; - -set_real_ip_from 13.54.63.128/26; - -set_real_ip_from 13.59.250.0/26; - -set_real_ip_from 13.210.67.128/26; - -set_real_ip_from 35.167.191.128/26; - -set_real_ip_from 52.47.139.0/24; - -set_real_ip_from 52.199.127.192/26; - -set_real_ip_from 52.212.248.0/26; - -set_real_ip_from 52.66.194.128/26; - -set_real_ip_from 13.113.203.0/24; - -set_real_ip_from 99.79.168.0/23; - -set_real_ip_from 34.195.252.0/24; - -set_real_ip_from 35.162.63.192/26; - -set_real_ip_from 34.223.12.224/27; - -set_real_ip_from 52.56.127.0/25; - -set_real_ip_from 34.223.80.192/26; - -set_real_ip_from 13.228.69.0/24; - -set_real_ip_from 34.216.51.0/25; - -set_real_ip_from 3.231.2.0/25; - -set_real_ip_from 54.233.255.128/26; - -set_real_ip_from 18.200.212.0/23; - -set_real_ip_from 52.52.191.128/26; - -set_real_ip_from 3.234.232.224/27; - -set_real_ip_from 52.78.247.128/26; - -set_real_ip_from 52.220.191.0/26; - -set_real_ip_from 34.232.163.208/29; - -set_real_ip_from 2600:9000:eee::/48; - -set_real_ip_from 2600:9000:4000::/36; - -set_real_ip_from 2600:9000:3000::/36; - -set_real_ip_from 2600:9000:f000::/36; - -set_real_ip_from 2600:9000:fff::/48; - -set_real_ip_from 2600:9000:2000::/36; - -set_real_ip_from 2600:9000:1000::/36; - -set_real_ip_from 2600:9000:ddd::/48; - -set_real_ip_from 2600:9000:5300::/40; - -set_real_ip_from 173.245.48.0/20; - -set_real_ip_from 103.21.244.0/22; - -set_real_ip_from 103.22.200.0/22; - -set_real_ip_from 103.31.4.0/22; - -set_real_ip_from 141.101.64.0/18; - -set_real_ip_from 108.162.192.0/18; - -set_real_ip_from 190.93.240.0/20; - -set_real_ip_from 188.114.96.0/20; - -set_real_ip_from 197.234.240.0/22; - -set_real_ip_from 198.41.128.0/17; - -set_real_ip_from 162.158.0.0/15; - -set_real_ip_from 104.16.0.0/12; - -set_real_ip_from 172.64.0.0/13; - -set_real_ip_from 131.0.72.0/22; - -set_real_ip_from 2400:cb00::/32; - -set_real_ip_from 2606:4700::/32; - -set_real_ip_from 2803:f800::/32; - -set_real_ip_from 2405:b500::/32; - -set_real_ip_from 2405:8100::/32; - -set_real_ip_from 2a06:98c0::/29; - -set_real_ip_from 2c0f:f248::/32; +# This should be left blank is it is populated programatically +# by the application backend. diff --git a/docker/rootfs/etc/nginx/nginx.conf b/docker/rootfs/etc/nginx/nginx.conf index 23335e5..ed58a5f 100644 --- a/docker/rootfs/etc/nginx/nginx.conf +++ b/docker/rootfs/etc/nginx/nginx.conf @@ -66,7 +66,7 @@ http { # NPM generated CDN ip ranges: include conf.d/include/ip_ranges.conf; # always put the following 2 lines after ip subnets: - real_ip_header X-Forwarded-For; + real_ip_header X-Real-IP; real_ip_recursive on; # Files generated by NPM