openstack
/
openstack-ansible-os_keystone
Code Issues Proposed changes

Add ability to configure NGINX to show correct IP in logs 

At the moment, NGINX will be using the IP which initiated the
connection in the logs which could be misleading if you are using
it behind a load balancer.

This patch adds the ability to be able to configure the hosts
which can send the semi-standard X-Forwarded-For header in
order to show the right IP in the logs.

Change-Id: I9006dbb15837178cee7de869372c901040095e2b
This commit is contained in:
Mohammed Naser 2018-03-10 13:17:18 -05:00
parent 8fceb54c24
commit 5173d0f1fc
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
defaults/main.yml
View File

@ -487,3 +487,6 @@ keystone_uwsgi_init_overrides: {}
# - parameter: "Access-Control-Allow-Origin"
# value: "*"
keystone_extra_headers: []
# List of trusted IPs which can pass X-Forwarded-For
keystone_set_real_ip_from: []

5
templates/keystone_nginx.conf.j2
View File

@ -27,6 +27,11 @@ server {
add_header Content-Security-Policy "default-src 'self' https: wss:;";
add_header X-Frame-Options {{ keystone_x_frame_options | default ('DENY') }};
real_ip_header X-Forwarded-For;
{% for ip in keystone_set_real_ip_from %}
set_real_ip_from {{ ip }};
{%- endfor %}
location / {
try_files $uri @yourapplication;
}