diff --git a/swarm-proxy-letsencrypt/app/letsencrypt_service b/swarm-proxy-letsencrypt/app/letsencrypt_service
index ec4768014466bd880229fd8a9532ab55c2690d81..c46aa85b8e6d24b7ccd0fcf25a0423e23014043f 100755
--- a/swarm-proxy-letsencrypt/app/letsencrypt_service
+++ b/swarm-proxy-letsencrypt/app/letsencrypt_service
@@ -331,7 +331,7 @@ function update_certs {
server {
server_name ${LE_HOST};
- listen 444 ssl http2 ;
+ listen 444 ssl http2 proxy_protocol;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
@@ -351,6 +351,11 @@ server {
include /etc/nginx/loc.d/${LE_HOST}-all-*;
include /etc/nginx/loc.d/default*;
+ proxy_set_header Host \$host;
+ proxy_set_header X-Real-IP \$proxy_protocol_addr;
+ proxy_set_header X-Forwarded-For \$proxy_protocol_addr;
+ proxy_set_header X-Forwarded-Proto https;
+
proxy_pass http://${LE_HOST}_upstream;
}
}
diff --git a/swarm-proxy/https-routing.conf.tmpl b/swarm-proxy/https-routing.conf.tmpl
index 7346d61a6a38d07238a27e210a5b75f18e380729..387c5def99ed6e504a95bd8582994e9a28332d8f 100644
--- a/swarm-proxy/https-routing.conf.tmpl
+++ b/swarm-proxy/https-routing.conf.tmpl
@@ -15,10 +15,11 @@ stream {
server 127.0.0.1:444;
}
+ proxy_protocol on;
+
server {
listen 443;
proxy_pass $name;
ssl_preread on;
}
}
-
diff --git a/swarm-proxy/swarm-proxy.conf.tmpl b/swarm-proxy/swarm-proxy.conf.tmpl
index cbf11e1c4c6732505af0ec5bb81931da63ca9d40..e11090a1d10114315730067520d0a074d7e2aae2 100644
--- a/swarm-proxy/swarm-proxy.conf.tmpl
+++ b/swarm-proxy/swarm-proxy.conf.tmpl
@@ -14,6 +14,12 @@ server {
include /etc/nginx/loc.d/${LE_HOST}-http-*;
include /etc/nginx/loc.d/${LE_HOST}-all-*;
include /etc/nginx/loc.d/default*;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto http;
+
proxy_pass http://${HOST}_upstream;
}
}