SchultesDev/nginx-php-fpm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adds support for Real_ip in logs closes #106

Browse Source
This commit is contained in:
Ric Harvey
2017-02-10 10:05:52 +00:00
parent 0b30a3a545
commit cbf763305b
4 changed files with 38 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
README.md
View File

@@ -106,6 +106,17 @@ sudo docker run -d -e 'GIT_NAME=full_name' -e 'GIT_USERNAME=git_username' -e 'GI
### Custom Nginx Config files
Sometimes you need a custom config file for nginx to achieve this read the [Nginx config guide](https://github.com/ngineered/nginx-php-fpm/blob/master/docs/nginx_configs.md)
## REAL IP / X-Forwarded-For Headers
If you operate your container behind a load balancer, an ELB on AWS for example, you need to configure nginx to get the real IP and not the load balancer IP in the logs by using the X-Forwarded-For. We've provided some handy flags to let you do this. You need to set both of these to get this to work:
```
-e "REAL_IP_HEADER=1"
-e "REAL_IP_FROM=Your_CIDR"
```
For example:
```
docker run -d -e "REAL_IP_HEADER=1" -e "REAL_IP_FROM=10.1.0.0/16" richarvey/nginx-php-fpm:latest
```
### Scripting and Templating
Please see the [Scripting and templating guide](https://github.com/ngineered/nginx-php-fpm/blob/master/docs/scripting_templating.md) for more details.

5
conf/nginx-site-ssl.conf
View File

@@ -19,10 +19,13 @@ server {
sendfile off;
# Add stdout logging
error_log /dev/stdout info;
access_log /dev/stdout;
# Add option for x-forward-for (real ip when behind elb)
#real_ip_header X-Forwarded-For;
#set_real_ip_from 172.16.0.0/12;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to index.html

5
conf/nginx-site.conf
View File

@@ -12,10 +12,13 @@ server {
sendfile off;
# Add stdout logging
error_log /dev/stdout info;
access_log /dev/stdout;
# Add option for x-forward-for (real ip when behind elb)
#real_ip_header X-Forwarded-For;
#set_real_ip_from 172.16.0.0/12;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to index.html

19
scripts/start.sh
View File

@@ -85,6 +85,25 @@ else
sed -i "s/expose_php = On/expose_php = Off/g" /usr/local/etc/php-fpm.conf
fi
# Pass real-ip to logs when behind ELB, etc
if [[ "$REAL_IP_HEADER" == "1" ]] ; then
sed -i "s/#real_ip_header X-Forwarded-For;/real_ip_header X-Forwarded-For;/" /etc/nginx/sites-available/default.conf
sed -i "s/#set_real_ip_from/set_real_ip_from/" /etc/nginx/sites-available/default.conf
if [ ! -z "$REAL_IP_FROM" ]; then
sed -i "s#172.16.0.0/12#$REAL_IP_FROM#" /etc/nginx/sites-available/default.conf
fi
fi
# Do the same for SSL sites
if [ -f /etc/nginx/sites-available/default-ssl.conf ]; then
if [[ "$REAL_IP_HEADER" == "1" ]] ; then
sed -i "s/#real_ip_header X-Forwarded-For;/real_ip_header X-Forwarded-For;/" /etc/nginx/sites-available/default-ssl.conf
sed -i "s/#set_real_ip_from/set_real_ip_from/" /etc/nginx/sites-available/default-ssl.conf
if [ ! -z "$REAL_IP_FROM" ]; then
sed -i "s#172.16.0.0/12#$REAL_IP_FROM#" /etc/nginx/sites-available/default-ssl.conf
fi
fi
fi
# Increase the memory_limit
if [ ! -z "$PHP_MEM_LIMIT" ]; then
sed -i "s/memory_limit = 128M/memory_limit = ${PHP_MEM_LIMIT}M/g" /usr/local/etc/php/conf.d/docker-vars.ini