Skip to content

Commit

Permalink
always set x-client-ip from frontend (#545)
Browse files Browse the repository at this point in the history
This condition was in place to support the proxy nonsense we had going that was removed in #543, we can go ahead and always set this now that our frontend is handling tls
  • Loading branch information
ewdurbin authored Dec 18, 2024
1 parent 511dc1d commit 9cb4eb9
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion salt/haproxy/config/haproxy.cfg.jinja
Original file line number Diff line number Diff line change
Expand Up @@ -140,10 +140,10 @@ frontend main
# Deny requests that are not served from this host
http-request deny if !our_domains !letsencrypt-well-known-acl

http-request set-header X-Client-IP %[src]
# Tell the backend servers whether this request is being served via TLS or
# not. This should pretty much *always* be yes since we unconditionally
# redirect to HTTPS in HAProxy.
http-request set-header X-Client-IP %[src] if !is_tls
http-request set-header X-Forwarded-Proto https if is_tls
http-request set-header X-Forwarded-Proto http if !is_tls

Expand Down

0 comments on commit 9cb4eb9

Please sign in to comment.