Improve NGINX template security

kubernetes · Aug 22, 2017 · f49e756 · f49e756
1 parent 855be47
commit f49e756
Showing 1 changed file with 1 addition and 3 deletions.
diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
@@ -28,14 +28,12 @@ http {
     {{/* we use the value of the header X-Forwarded-For to be able to use the geo_ip module */}}
     {{ if $cfg.UseProxyProtocol }}
     real_ip_header      proxy_protocol;
-    {{ else }}
-    real_ip_header      X-Forwarded-For;
-    {{ end }}
 
     real_ip_recursive   on;
     {{ range $trusted_ip := $cfg.ProxyRealIPCIDR }}
     set_real_ip_from    {{ $trusted_ip }};
     {{ end }}
+    {{ end }}
 
     {{/* databases used to determine the country depending on the client IP address */}}
     {{/* http://nginx.org/en/docs/http/ngx_http_geoip_module.html */}}