diff --git a/src/nginxconfig/generators/conf/nginx.conf.js b/src/nginxconfig/generators/conf/nginx.conf.js index d5b4dfe..e16a55e 100644 --- a/src/nginxconfig/generators/conf/nginx.conf.js +++ b/src/nginxconfig/generators/conf/nginx.conf.js @@ -196,6 +196,15 @@ export default (domains, global) => { 'default': 'upgrade', '""': 'close', }]); + config.http.push(['map $remote_addr $proxy_forwarded_elem', { + '~^[0-9.]+$': '"for=$remote_addr"', + '~^[0-9A-Fa-f:.]+$': '"for=\\"[$remote_addr]\\""', + 'default': '"for=unknown"', + }]); + config.http.push(['map $http_forwarded $proxy_add_forwarded', { + '': '"~^(,[ \\\\t]*)*([!#$%&\'*+.^_`|~0-9A-Za-z-]+=([!#$%&\'*+.^_`|~0-9A-Za-z-]+|\\"([\\\\t \\\\x21\\\\x23-\\\\x5B\\\\x5D-\\\\x7E\\\\x80-\\\\xFF]|\\\\\\\\[\\\\t \\\\x21-\\\\x7E\\\\x80-\\\\xFF])*\\"))?(;([!#$%&\'*+.^_`|~0-9A-Za-z-]+=([!#$%&\'*+.^_`|~0-9A-Za-z-]+|\\"([\\\\t \\\\x21\\\\x23-\\\\x5B\\\\x5D-\\\\x7E\\\\x80-\\\\xFF]|\\\\\\\\[\\\\t \\\\x21-\\\\x7E\\\\x80-\\\\xFF])*\\"))?)*([ \\\\t]*,([ \\\\t]*([!#$%&\'*+.^_`|~0-9A-Za-z-]+=([!#$%&\'*+.^_`|~0-9A-Za-z-]+|\\"([\\\\t \\\\x21\\\\x23-\\\\x5B\\\\x5D-\\\\x7E\\\\x80-\\\\xFF]|\\\\\\\\[\\\\t \\\\x21-\\\\x7E\\\\x80-\\\\xFF])*\\"))?(;([!#$%&\'*+.^_`|~0-9A-Za-z-]+=([!#$%&\'*+.^_`|~0-9A-Za-z-]+|\\"([\\\\t \\\\x21\\\\x23-\\\\x5B\\\\x5D-\\\\x7E\\\\x80-\\\\xFF]|\\\\\\\\[\\\\t \\\\x21-\\\\x7E\\\\x80-\\\\xFF])*\\"))?)*)?)*$" "$http_forwarded, $proxy_forwarded_elem"', + 'default': '"$proxy_forwarded_elem"', + }]); } // Configs! diff --git a/src/nginxconfig/generators/conf/proxy.conf.js b/src/nginxconfig/generators/conf/proxy.conf.js index b89bf03..dcedc53 100644 --- a/src/nginxconfig/generators/conf/proxy.conf.js +++ b/src/nginxconfig/generators/conf/proxy.conf.js @@ -35,7 +35,12 @@ export default global => { config['proxy_set_header Connection'] = '$connection_upgrade'; config['proxy_set_header Host'] = '$host'; config['proxy_set_header X-Real-IP'] = '$remote_addr'; - config['proxy_set_header X-Forwarded-For'] = '$proxy_add_x_forwarded_for'; + config['proxy_set_header Forwarded'] = '$proxy_add_forwarded'; + if (global.reverseProxy.proxyCoexistenceXForwarded.computed == 'passOn') { + config['proxy_set_header X-Forwarded-For'] = '$proxy_add_x_forwarded_for'; + } else { + config['proxy_set_header X-Forwarded-For'] = '""'; + } config['proxy_set_header X-Forwarded-Proto'] = '$scheme'; config['proxy_set_header X-Forwarded-Host'] = '$host'; config['proxy_set_header X-Forwarded-Port'] = '$server_port'; diff --git a/src/nginxconfig/i18n/en/templates/global_sections/reverse_proxy.js b/src/nginxconfig/i18n/en/templates/global_sections/reverse_proxy.js index 612a9aa..f686484 100644 --- a/src/nginxconfig/i18n/en/templates/global_sections/reverse_proxy.js +++ b/src/nginxconfig/i18n/en/templates/global_sections/reverse_proxy.js @@ -26,7 +26,11 @@ THE SOFTWARE. import common from '../../common'; +const legacyXForwarded = 'Legacy X-Forwarded-* headers'; + export default { reverseProxyMustBeEnabledOnOneSite: `${common.reverseProxy} must be enabled on at least one site to configure global ${common.reverseProxyLower} settings.`, seconds: 'seconds', + passOn: `${legacyXForwarded} passed on`, + remove: `${legacyXForwarded} actively removed`, }; diff --git a/src/nginxconfig/i18n/fr/templates/global_sections/reverse_proxy.js b/src/nginxconfig/i18n/fr/templates/global_sections/reverse_proxy.js index da73c32..e249207 100644 --- a/src/nginxconfig/i18n/fr/templates/global_sections/reverse_proxy.js +++ b/src/nginxconfig/i18n/fr/templates/global_sections/reverse_proxy.js @@ -26,7 +26,11 @@ THE SOFTWARE. import common from '../../common'; +const legacyXForwarded = 'Legacy X-Forwarded-* headers'; // TODO: translate + export default { reverseProxyMustBeEnabledOnOneSite: `Le ${common.reverseProxyLower} doit être activé sur au moins un site pour configurer les paramètres globaux du ${common.reverseProxyLower}.`, seconds: 'secondes', + passOn: `${legacyXForwarded} passed on`, // TODO: translate + remove: `${legacyXForwarded} actively removed`, // TODO: translate }; diff --git a/src/nginxconfig/i18n/pt-br/templates/global_sections/reverse_proxy.js b/src/nginxconfig/i18n/pt-br/templates/global_sections/reverse_proxy.js index 1c4765d..fb94042 100644 --- a/src/nginxconfig/i18n/pt-br/templates/global_sections/reverse_proxy.js +++ b/src/nginxconfig/i18n/pt-br/templates/global_sections/reverse_proxy.js @@ -26,7 +26,11 @@ THE SOFTWARE. import common from '../../common'; +const legacyXForwarded = 'Legacy X-Forwarded-* headers'; // TODO: translate + export default { reverseProxyMustBeEnabledOnOneSite: `O ${common.reverseProxy} deve estar habilitado em pelo menos um site para definir as configurações globais do ${common.reverseProxyLower}.`, seconds: 'segundos', + passOn: `${legacyXForwarded} passed on`, // TODO: translate + remove: `${legacyXForwarded} actively removed`, // TODO: translate }; diff --git a/src/nginxconfig/i18n/ru/templates/global_sections/reverse_proxy.js b/src/nginxconfig/i18n/ru/templates/global_sections/reverse_proxy.js index 5a0b79d..e227e2c 100644 --- a/src/nginxconfig/i18n/ru/templates/global_sections/reverse_proxy.js +++ b/src/nginxconfig/i18n/ru/templates/global_sections/reverse_proxy.js @@ -26,7 +26,11 @@ THE SOFTWARE. import common from '../../common'; +const legacyXForwarded = 'Legacy X-Forwarded-* headers'; // TODO: translate + export default { reverseProxyMustBeEnabledOnOneSite: `${common.reverseProxy} должен быть включен как минимум на одном сайте, чтобы сконфигурировать глобальные настройки ${common.reverseProxyLower}.`, seconds: 'секунд', + passOn: `${legacyXForwarded} passed on`, // TODO: translate + remove: `${legacyXForwarded} actively removed`, // TODO: translate }; diff --git a/src/nginxconfig/i18n/zh-cn/templates/global_sections/reverse_proxy.js b/src/nginxconfig/i18n/zh-cn/templates/global_sections/reverse_proxy.js index 1481d75..2bfacbd 100644 --- a/src/nginxconfig/i18n/zh-cn/templates/global_sections/reverse_proxy.js +++ b/src/nginxconfig/i18n/zh-cn/templates/global_sections/reverse_proxy.js @@ -26,7 +26,11 @@ THE SOFTWARE. import common from '../../common'; +const legacyXForwarded = 'Legacy X-Forwarded-* headers'; // TODO: translate + export default { reverseProxyMustBeEnabledOnOneSite: `必须在至少一个站点上启用${common.reverseProxy}才能配置全局${common.reverseProxy}设置。`, seconds: '秒', + passOn: `${legacyXForwarded} passed on`, // TODO: translate + remove: `${legacyXForwarded} actively removed`, // TODO: translate }; diff --git a/src/nginxconfig/i18n/zh-tw/templates/global_sections/reverse_proxy.js b/src/nginxconfig/i18n/zh-tw/templates/global_sections/reverse_proxy.js index 85c9681..d239bce 100644 --- a/src/nginxconfig/i18n/zh-tw/templates/global_sections/reverse_proxy.js +++ b/src/nginxconfig/i18n/zh-tw/templates/global_sections/reverse_proxy.js @@ -26,7 +26,11 @@ THE SOFTWARE. import common from '../../common'; +const legacyXForwarded = 'Legacy X-Forwarded-* headers'; // TODO: translate + export default { reverseProxyMustBeEnabledOnOneSite: `必須在至少一個網站上啟用${common.reverseProxy}才能配寘全域${common.reverseProxy}設定。`, seconds: '秒', + passOn: `${legacyXForwarded} passed on`, // TODO: translate + remove: `${legacyXForwarded} actively removed`, // TODO: translate }; diff --git a/src/nginxconfig/templates/global_sections/reverse_proxy.vue b/src/nginxconfig/templates/global_sections/reverse_proxy.vue index 637c5a7..3f60095 100644 --- a/src/nginxconfig/templates/global_sections/reverse_proxy.vue +++ b/src/nginxconfig/templates/global_sections/reverse_proxy.vue @@ -113,11 +113,34 @@ THE SOFTWARE. + +
+
+ +
+
+
+
+
+
+ + + {{ $t(name) }} + +
+
+
+
+
+