nextcloud: add X-Forwarded headers to revers proxy

status-im/infra-office#9 Signed-off-by: Jakub Sokołowski <[email protected]>
status-im · Mar 25, 2022 · 9509cfa · 9509cfa
1 parent 7252003
commit 9509cfa
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 3 deletions.
diff --git a/ansible/group_vars/nextcloud.yml b/ansible/group_vars/nextcloud.yml
@@ -89,11 +89,14 @@ nginx_sites:
     - | # config to enable HSTS(HTTP Strict Transport Security)
       add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
 
-      # Increase file upload limits to 20 MB
-    - client_max_body_size 20m
+    - | # Increase file upload limits to 20 MB
+      client_max_body_size 20m
 
     - location / {
         proxy_pass http://localhost:{{ nextcloud_app_cont_port }}/;
+        include /etc/nginx/proxy_params;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_http_version 1.1;
       }
 
   nextcloud_docs_http:

diff --git a/ansible/roles/nextcloud/defaults/main.yml b/ansible/roles/nextcloud/defaults/main.yml
@@ -10,9 +10,13 @@ nextcloud_trusted_domains:
   - '{{ nextcloud_domain }}'
   - '{{ nextcloud_docs_domain }}'
 nextcloud_trusted_proxies:
-  - '127.0.0.1'     # localhost
+  - '127.0.0.0/8'   # localhost
   - '10.0.0.0/8'    # VPN
   - '172.17.0.0/16' # Docker
+nextcloud_forwarded_for_headers:
+  - 'HTTP_X_REAL_IP'
+  - 'HTTP_FORWARDED_FOR'
+  - 'HTTP_FORWARDED_PROTO'
 # Admin
 nextcloud_admin_email: '[email protected]'
 nextcloud_admin_username: 'admin'

diff --git a/ansible/roles/nextcloud/templates/config.php.j2 b/ansible/roles/nextcloud/templates/config.php.j2
@@ -15,6 +15,7 @@ $CONFIG = [
   'overwriteprotocol' => 'https',
   'trusted_domains' => {{ nextcloud_trusted_domains | to_json }},
   'trusted_proxies' => {{ nextcloud_trusted_proxies | to_json }},
+  'forwarded_for_headers' => {{ nextcloud_forwarded_for_headers | to_json }},
   /* LOGS */
   'log_type' => 'file',
   'logfile' => '/data/nextcloud.log',