Added Gitlab internal nginx extra variables to fix real-ip headers

novateams · Jul 31, 2024 · 449189c · 449189c
1 parent eb387a1
commit 449189c
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/nova/core/roles/gitlab/defaults/main.yml b/nova/core/roles/gitlab/defaults/main.yml
@@ -48,6 +48,12 @@ gitlab_ldap_user_dn: CN=gitlab.service,OU=Service Accounts,DC=example,DC=com
 gitlab_ldap_domain_groups_ou: OU=Gitlab,OU=Groups,DC=example,DC=com
 gitlab_ldap_verify_certificates: true
 
+## gitlab internal nginx
+gitlab_nginx_real_ip_trusted_addresses:
+  - 172.18.0.0/16
+  - fd42::/64
+gitlab_nginx_real_ip_header: X-Real-IP
+
 ### supporting defaults
 gitlab_docker_network: local-network
 gitlab_container_name: gitlab

diff --git a/nova/core/roles/gitlab/templates/gitlab.rb b/nova/core/roles/gitlab/templates/gitlab.rb
@@ -29,10 +29,9 @@
 nginx['redirect_http_to_https'] = false
 nginx['hsts_max_age'] = 0
 nginx['proxy_protocol'] = false
-# nginx['real_ip_trusted_addresses'] = [ '127.0.0.1/8', '0.0.0.0/0', '::1', '::/0' ]
-# nginx['real_ip_trusted_addresses'] = [ '172.0.0.0/8','10.42.0.0/16', '10.17.0.0/16', '10.18.0.0/16', 'fd42::/64', 'fd69::/64' ]
 
-nginx['real_ip_header'] = 'X-Forwarded-For'
+nginx['real_ip_trusted_addresses'] = {{ gitlab_nginx_real_ip_trusted_addresses }}
+nginx['real_ip_header'] = '{{ gitlab_nginx_real_ip_header }}'
 nginx['real_ip_recursive'] = 'on'
 
 ### gitlab smtp https://docs.gitlab.com/omnibus/settings/smtp.html