From 561932b7d91d2e2ab7d0ab54bdccc714d30379cc Mon Sep 17 00:00:00 2001
From: Jeffrey Phillips Freeman <the@jeffreyfreeman.me>
Date: Fri, 30 Oct 2020 20:47:39 -0400
Subject: [PATCH] Changed settings so the client ip is passed through the
 proxy.

---
 swarm-proxy-letsencrypt/app/letsencrypt_service | 7 ++++++-
 swarm-proxy/https-routing.conf.tmpl             | 3 ++-
 swarm-proxy/swarm-proxy.conf.tmpl               | 6 ++++++
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/swarm-proxy-letsencrypt/app/letsencrypt_service b/swarm-proxy-letsencrypt/app/letsencrypt_service
index ec47680..c46aa85 100755
--- a/swarm-proxy-letsencrypt/app/letsencrypt_service
+++ b/swarm-proxy-letsencrypt/app/letsencrypt_service
@@ -331,7 +331,7 @@ function update_certs {
 server {
   server_name ${LE_HOST};
 
-  listen 444 ssl http2 ;
+  listen 444 ssl http2 proxy_protocol;
   ssl_session_timeout 5m;
   ssl_session_cache shared:SSL:50m;
   ssl_session_tickets off;
@@ -351,6 +351,11 @@ server {
     include /etc/nginx/loc.d/${LE_HOST}-all-*;
     include /etc/nginx/loc.d/default*;
 
+    proxy_set_header Host            \$host;
+    proxy_set_header X-Real-IP       \$proxy_protocol_addr;
+    proxy_set_header X-Forwarded-For \$proxy_protocol_addr;
+    proxy_set_header X-Forwarded-Proto https;
+
     proxy_pass http://${LE_HOST}_upstream;
   }
 }
diff --git a/swarm-proxy/https-routing.conf.tmpl b/swarm-proxy/https-routing.conf.tmpl
index 7346d61..387c5de 100644
--- a/swarm-proxy/https-routing.conf.tmpl
+++ b/swarm-proxy/https-routing.conf.tmpl
@@ -15,10 +15,11 @@ stream {
         server 127.0.0.1:444;
     }
 
+    proxy_protocol on;
+
     server {
         listen 443;
         proxy_pass $name;
         ssl_preread on;
     }
 }
-
diff --git a/swarm-proxy/swarm-proxy.conf.tmpl b/swarm-proxy/swarm-proxy.conf.tmpl
index cbf11e1..e11090a 100644
--- a/swarm-proxy/swarm-proxy.conf.tmpl
+++ b/swarm-proxy/swarm-proxy.conf.tmpl
@@ -14,6 +14,12 @@ server {
     include /etc/nginx/loc.d/${LE_HOST}-http-*;
     include /etc/nginx/loc.d/${LE_HOST}-all-*;
     include /etc/nginx/loc.d/default*;
+
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto http;
+
     proxy_pass http://${HOST}_upstream;
   }
 }
-- 
GitLab