overmind
/
matrix-docker-ansible-deploy
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
Fork 0
Code Issues 0 Releases 0 Wiki Activity
Browse Source

Do not overwrite X-Forwarded-For when reverse-proxying to Synapse 

We have a flow like this:
1. matrix.DOMAIN vhost (matrix-domain.conf)
2. matrix-synapse vhost (matrix-synapse.conf); or matrix-corporal container, if enabled
3. (optional) matrix-synapse vhost (matrix-synapse.conf), if matrix-corporal enabled
4. matrix-synapse container

We are setting `X-Forwarded-For` correctly in step #1, but were
overwriting it in step #2 with something inaccurate.

Not doing anything in step #2 is better than doing the wrong thing.
It's probably best if we append another reverse-proxy address there
though, although what we're doing now (with this patch) seems to yield
the correct result (when matrix-corporal is not enabled).

When matrix-corporal is enabled, we still seem to do the wrong thing for
some reason. It's something to be fixed later on.
pull/933/head
Slavi Pantaleev 5 years ago
parent
5516bc8896
commit
f0698ee641
1 changed files with 0 additions and 10 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +0
    -10
      roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2

+ 0
- 10
roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 View File

@@ -79,7 +79,6 @@ server {
location ~ {{ location }} {
proxy_pass http://generic_worker_upstream$request_uri;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
{% endfor %}
{% endif %}
@@ -90,7 +89,6 @@ server {
location ~ {{ location }} {
proxy_pass http://media_repository_upstream$request_uri;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;

client_body_buffer_size 25M;
client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M;
@@ -106,7 +104,6 @@ server {
location ~ {{ location }} {
proxy_pass http://user_dir_upstream$request_uri;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
{% endfor %}
{% endif %}
@@ -117,7 +114,6 @@ server {
location ~ {{ location }} {
proxy_pass http://frontend_proxy_upstream$request_uri;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
{% endfor %}
{% if matrix_nginx_proxy_synapse_presence_disabled %}
@@ -125,7 +121,6 @@ server {
location ~ ^/_matrix/client/(api/v1|r0|unstable)/presence/[^/]+/status {
proxy_pass http://frontend_proxy_upstream$request_uri;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
{% endif %}
{% endif %}
@@ -150,7 +145,6 @@ server {
{% endif %}

proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;

{% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %}
auth_basic "protected";
@@ -172,7 +166,6 @@ server {
{% endif %}

proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;

client_body_buffer_size 25M;
client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M;
@@ -199,7 +192,6 @@ server {
location ~ {{ location }} {
proxy_pass http://generic_worker_upstream$request_uri;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
{% endfor %}
{% endif %}
@@ -209,7 +201,6 @@ server {
location ~ {{ location }} {
proxy_pass http://media_repository_upstream$request_uri;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;

client_body_buffer_size 25M;
client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb }}M;
@@ -231,7 +222,6 @@ server {
{% endif %}

proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;

client_body_buffer_size 25M;
client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb }}M;


Write Preview
Loading…
Cancel
Save