mirror of
https://github.com/makeplane/plane.git
synced 2026-07-10 04:25:24 +02:00
X-Forward-For is not a real HTTP header — the standard is X-Forwarded-For. With the typo, Nginx never replaces $remote_addr with the actual client IP, so rate limiting and IP logging see the proxy IP instead of the real client. Affects all three nginx configs (web, admin, space).
37 lines
810 B
Nginx Configuration File
37 lines
810 B
Nginx Configuration File
worker_processes 4;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
http {
|
|
include mime.types;
|
|
|
|
default_type application/octet-stream;
|
|
|
|
set_real_ip_from 0.0.0.0/0;
|
|
real_ip_recursive on;
|
|
real_ip_header X-Forwarded-For;
|
|
limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s;
|
|
|
|
access_log /dev/stdout;
|
|
error_log /dev/stderr;
|
|
|
|
server {
|
|
listen 3000;
|
|
|
|
# Security headers
|
|
add_header X-Frame-Options "DENY" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
|
|
location / {
|
|
root /usr/share/nginx/html;
|
|
index index.html index.htm;
|
|
try_files $uri $uri/ /index.html;
|
|
}
|
|
}
|
|
}
|
|
|