Do not overwrite X-Forwarded-For when reverse-proxying to Synapse
We have a flow like this: 1. matrix.DOMAIN vhost (matrix-domain.conf) 2. matrix-synapse vhost (matrix-synapse.conf); or matrix-corporal container, if enabled 3. (optional) matrix-synapse vhost (matrix-synapse.conf), if matrix-corporal enabled 4. matrix-synapse container We are setting `X-Forwarded-For` correctly in step #1, but were overwriting it in step #2 with something inaccurate. Not doing anything in step #2 is better than doing the wrong thing. It's probably best if we append another reverse-proxy address there though, although what we're doing now (with this patch) seems to yield the correct result (when matrix-corporal is not enabled). When matrix-corporal is enabled, we still seem to do the wrong thing for some reason. It's something to be fixed later on.
This commit is contained in:
parent
5516bc8896
commit
f0698ee641
@ -79,7 +79,6 @@ server {
|
||||
location ~ {{ location }} {
|
||||
proxy_pass http://generic_worker_upstream$request_uri;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
@ -90,7 +89,6 @@ server {
|
||||
location ~ {{ location }} {
|
||||
proxy_pass http://media_repository_upstream$request_uri;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
||||
client_body_buffer_size 25M;
|
||||
client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M;
|
||||
@ -106,7 +104,6 @@ server {
|
||||
location ~ {{ location }} {
|
||||
proxy_pass http://user_dir_upstream$request_uri;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
@ -117,7 +114,6 @@ server {
|
||||
location ~ {{ location }} {
|
||||
proxy_pass http://frontend_proxy_upstream$request_uri;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
}
|
||||
{% endfor %}
|
||||
{% if matrix_nginx_proxy_synapse_presence_disabled %}
|
||||
@ -125,7 +121,6 @@ server {
|
||||
location ~ ^/_matrix/client/(api/v1|r0|unstable)/presence/[^/]+/status {
|
||||
proxy_pass http://frontend_proxy_upstream$request_uri;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
@ -150,7 +145,6 @@ server {
|
||||
{% endif %}
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
||||
{% if matrix_nginx_proxy_proxy_synapse_metrics_basic_auth_enabled %}
|
||||
auth_basic "protected";
|
||||
@ -172,7 +166,6 @@ server {
|
||||
{% endif %}
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
||||
client_body_buffer_size 25M;
|
||||
client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_client_api_client_max_body_size_mb }}M;
|
||||
@ -199,7 +192,6 @@ server {
|
||||
location ~ {{ location }} {
|
||||
proxy_pass http://generic_worker_upstream$request_uri;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
@ -209,7 +201,6 @@ server {
|
||||
location ~ {{ location }} {
|
||||
proxy_pass http://media_repository_upstream$request_uri;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
||||
client_body_buffer_size 25M;
|
||||
client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb }}M;
|
||||
@ -231,7 +222,6 @@ server {
|
||||
{% endif %}
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
||||
client_body_buffer_size 25M;
|
||||
client_max_body_size {{ matrix_nginx_proxy_proxy_matrix_federation_api_client_max_body_size_mb }}M;
|
||||
|
Loading…
Reference in New Issue
Block a user