[Nginx] Fix IPv6 subnet, only rewrite to HTTPS when request is not internal
andre.peters
parent
5527d6fb94
commit
70ac65d794
|
|
@ -7,11 +7,12 @@ map $http_x_forwarded_proto $client_req_scheme {
|
|||
https https;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
include /etc/nginx/conf.d/server_name.active;
|
||||
return 301 https://$host$request_uri;
|
||||
geo $non_internal {
|
||||
default 1;
|
||||
10.0.0.0/8 0;
|
||||
172.16.0.0/12 0;
|
||||
192.168.0.0/16 0;
|
||||
fc00::/7 0;
|
||||
}
|
||||
|
||||
server {
|
||||
|
|
@ -32,6 +33,10 @@ server {
|
|||
include /etc/nginx/conf.d/listen_plain.active;
|
||||
include /etc/nginx/conf.d/server_name.active;
|
||||
|
||||
if ($non_internal) {
|
||||
return 302 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
error_log /var/log/nginx/error.log;
|
||||
access_log /var/log/nginx/access.log;
|
||||
absolute_redirect off;
|
||||
|
|
@ -50,7 +55,7 @@ server {
|
|||
set_real_ip_from 10.0.0.0/8;
|
||||
set_real_ip_from 172.16.0.0/12;
|
||||
set_real_ip_from 192.168.0.0/16;
|
||||
set_real_ip_from fd00::/8;
|
||||
set_real_ip_from fc00::/7;
|
||||
real_ip_header X-Forwarded-For;
|
||||
real_ip_recursive on;
|
||||
|
||||
|
|
@ -232,7 +237,7 @@ server {
|
|||
set_real_ip_from 10.0.0.0/8;
|
||||
set_real_ip_from 172.16.0.0/12;
|
||||
set_real_ip_from 192.168.0.0/16;
|
||||
set_real_ip_from fd00::/8;
|
||||
set_real_ip_from fc00::/7;
|
||||
real_ip_header X-Forwarded-For;
|
||||
real_ip_recursive on;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue