paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Nginx] Fix IPv6 subnet, only rewrite to HTTPS when request is not internal

master
andre.peters 2018-02-01 13:36:01 +01:00
parent 5527d6fb94
commit 70ac65d794
1 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
data/conf/nginx/site.conf
View File

@ -7,11 +7,12 @@ map $http_x_forwarded_proto $client_req_scheme {
https https; https https;
} }
server { geo $non_internal {
listen 80 default_server; default 1;
listen [::]:80 default_server; 10.0.0.0/8 0;
include /etc/nginx/conf.d/server_name.active; 172.16.0.0/12 0;
return 301 https://$host$request_uri; 192.168.0.0/16 0;
fc00::/7 0;
} }
server { server {
@ -32,6 +33,10 @@ server {
include /etc/nginx/conf.d/listen_plain.active; include /etc/nginx/conf.d/listen_plain.active;
include /etc/nginx/conf.d/server_name.active; include /etc/nginx/conf.d/server_name.active;
if ($non_internal) {
return 302 https://$server_name$request_uri;
}
error_log /var/log/nginx/error.log; error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log; access_log /var/log/nginx/access.log;
absolute_redirect off; absolute_redirect off;
@ -50,7 +55,7 @@ server {
set_real_ip_from 10.0.0.0/8; set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12; set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16; set_real_ip_from 192.168.0.0/16;
set_real_ip_from fd00::/8; set_real_ip_from fc00::/7;
real_ip_header X-Forwarded-For; real_ip_header X-Forwarded-For;
real_ip_recursive on; real_ip_recursive on;
@ -232,7 +237,7 @@ server {
set_real_ip_from 10.0.0.0/8; set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12; set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16; set_real_ip_from 192.168.0.0/16;
set_real_ip_from fd00::/8; set_real_ip_from fc00::/7;
real_ip_header X-Forwarded-For; real_ip_header X-Forwarded-For;
real_ip_recursive on; real_ip_recursive on;