Merge pull request #204 from os2display/hotfix/ip-logging

1185: Ensured real ip is logged in nginx

Author: tuj

CHANGELOG.md

@@ -4,6 +4,8 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 
+- [#204](https://github.com/os2display/display-api-service/pull/204)
+  - Ensured real ip is logged in nginx.
 - [#200](https://github.com/os2display/display-api-service/pull/200)
   - Updated oidc internal documentation.
 - [#205](https://github.com/os2display/display-api-service/pull/205)

infrastructure/itkdev/nginx/etc/confd/templates/nginx.conf.tmpl

@@ -37,7 +37,11 @@ http {
     include       /etc/nginx/mime.types;
     default_type  application/octet-stream;
 
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+    set_real_ip_from 172.16.0.0/8;
+    real_ip_recursive on;
+    real_ip_header X-Forwarded-For;
+
+    log_format  main  '$http_x_real_ip - $remote_user [$time_local] "$request" '
                       '$status $body_bytes_sent "$http_referer" '
                       '"$http_user_agent" "$http_x_forwarded_for"';
 

infrastructure/os2display/nginx/etc/confd/templates/nginx.conf.tmpl

@@ -37,10 +37,13 @@ http {
     include       /etc/nginx/mime.types;
     default_type  application/octet-stream;
 
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+    set_real_ip_from 172.16.0.0/8;
+    real_ip_recursive on;
+    real_ip_header X-Forwarded-For;
+
+    log_format  main  '$http_x_real_ip - $remote_user [$time_local] "$request" '
                       '$status $body_bytes_sent "$http_referer" '
                       '"$http_user_agent" "$http_x_forwarded_for"';
-
     error_log /dev/stderr;
     access_log /dev/stdout main;