dennii/Termix
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases 22 Wiki Activity

v1.7.2 #364

Merged
LukeGus merged 8 commits from dev-1.7.2 into main 2025-10-06 15:11:26 +00:00
Conversation 2 Commits 8 Files Changed 14 +6
2 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit a728ff227e - Show all commits

3
docker/nginx-https.conf
View File

@@ -10,6 +10,9 @@ http {
keepalive_timeout 65;
client_header_timeout 300s;
set_real_ip_from 127.0.0.1;
real_ip_header X-Forwarded-For;
gemini-code-assist[bot] commented 2025-10-06 15:13:58 +00:00 (Migrated from github.com)
Review
Copy Link

medium

The set_real_ip_from 127.0.0.1; directive is quite restrictive. If this NGINX instance is running inside a Docker container and is fronted by another proxy (e.g., another container in the same Docker network), the request will likely come from an internal Docker IP, not 127.0.0.1. This would result in the real client IP not being correctly identified.

To make this more robust, consider trusting the common Docker network ranges. This will cover most containerized and local proxy setups. You might want to adjust the CIDR blocks based on your specific Docker network configuration.

    set_real_ip_from 172.16.0.0/12; # Default Docker network range
    set_real_ip_from 192.168.0.0/16; # Common local network range
    set_real_ip_from 10.0.0.0/8; # Another private network range
    set_real_ip_from 127.0.0.1;
    real_ip_header X-Forwarded-For;
![medium](https://www.gstatic.com/codereviewagent/medium-priority.svg) The `set_real_ip_from 127.0.0.1;` directive is quite restrictive. If this NGINX instance is running inside a Docker container and is fronted by another proxy (e.g., another container in the same Docker network), the request will likely come from an internal Docker IP, not `127.0.0.1`. This would result in the real client IP not being correctly identified. To make this more robust, consider trusting the common Docker network ranges. This will cover most containerized and local proxy setups. You might want to adjust the CIDR blocks based on your specific Docker network configuration. ``` set_real_ip_from 172.16.0.0/12; # Default Docker network range set_real_ip_from 192.168.0.0/16; # Common local network range set_real_ip_from 10.0.0.0/8; # Another private network range set_real_ip_from 127.0.0.1; real_ip_header X-Forwarded-For; ```
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers off;

3
docker/nginx.conf
View File

@@ -10,6 +10,9 @@ http {
keepalive_timeout 65;
client_header_timeout 300s;
set_real_ip_from 127.0.0.1;
real_ip_header X-Forwarded-For;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers off;