Shiloh/frappe_docker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Change: Allow for configuring the realip module for nginx to pass the proper IP/Scheme to frappe.

Browse Source
This commit is contained in:
Steven 'Xaroth' Noorbergen 2021-02-17 12:25:41 +01:00 committed by Steven Noorbergen
parent 4bbc8c41cf
commit c2b63661be
2 changed files with 33 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
build/common/nginx-default.conf.template
View File

@ -6,6 +6,12 @@ upstream socketio-server {
server ${FRAPPE_SOCKETIO}:${SOCKETIO_PORT} fail_timeout=0; server ${FRAPPE_SOCKETIO}:${SOCKETIO_PORT} fail_timeout=0;
} }
# Parse the X-Forwarded-Proto header - if set - defaulting to $scheme.
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $scheme;
https https;
}
server { server {
listen 80; listen 80;
server_name $http_host; server_name $http_host;
@ -16,6 +22,12 @@ server {
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
# Define ${UPSTREAM_REAL_IP_ADDRESS} as our trusted upstream address, so we will be using
# its ${UPSTREAM_REAL_IP_HEADER} address as our remote address
set_real_ip_from ${UPSTREAM_REAL_IP_ADDRESS};
real_ip_header ${UPSTREAM_REAL_IP_HEADER};
real_ip_recursive ${UPSTREAM_REAL_IP_RECURSIVE};
location /assets { location /assets {
try_files $uri =404; try_files $uri =404;
} }
@ -27,10 +39,12 @@ server {
location /socket.io { location /socket.io {
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
proxy_set_header X-Frappe-Site-Name $host; proxy_set_header X-Frappe-Site-Name $host;
proxy_set_header Origin $scheme://$http_host; proxy_set_header Origin $proxy_x_forwarded_proto://$http_host;
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
proxy_pass http://socketio-server; proxy_pass http://socketio-server;
@ -50,8 +64,8 @@ server {
} }
location @webserver { location @webserver {
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Frappe-Site-Name $host; proxy_set_header X-Frappe-Site-Name $host;
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
proxy_set_header X-Use-X-Accel-Redirect True; proxy_set_header X-Use-X-Accel-Redirect True;

17
build/frappe-nginx/docker-entrypoint.sh
View File

@ -35,11 +35,26 @@ if [[ -z "$HTTP_TIMEOUT" ]]; then
export HTTP_TIMEOUT=120 export HTTP_TIMEOUT=120
fi fi
if [[ -z "$UPSTREAM_REAL_IP_ADDRESS" ]]; then
export UPSTREAM_REAL_IP_ADDRESS=127.0.0.1
fi
if [[ -z "$UPSTREAM_REAL_IP_RECURSIVE" ]]; then
export UPSTREAM_REAL_IP_RECURSIVE=off
fi
if [[ -z "$UPSTREAM_REAL_IP_HEADER" ]]; then
export UPSTREAM_REAL_IP_HEADER="X-Forwarded-For"
fi
envsubst '${FRAPPE_PY} envsubst '${FRAPPE_PY}
${FRAPPE_PY_PORT} ${FRAPPE_PY_PORT}
${FRAPPE_SOCKETIO} ${FRAPPE_SOCKETIO}
${SOCKETIO_PORT} ${SOCKETIO_PORT}
${HTTP_TIMEOUT}' \ ${HTTP_TIMEOUT}
${UPSTREAM_REAL_IP_ADDRESS}
${UPSTREAM_REAL_IP_RECURSIVE}
${UPSTREAM_REAL_IP_HEADER}' \
< /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf
echo "Waiting for frappe-python to be available on $FRAPPE_PY port $FRAPPE_PY_PORT" echo "Waiting for frappe-python to be available on $FRAPPE_PY port $FRAPPE_PY_PORT"