From afd18c6f395539b853a0c07fea8711a324f3b3b7 Mon Sep 17 00:00:00 2001
From: Tobias Genannt <tobias.genannt@gmail.com>
Date: Tue, 5 Nov 2024 12:52:50 +0100
Subject: [PATCH] Fixes #1331: Added 'forwarded' section Unit config

Simplifies the listener configuration by using a wildcard for the IP and
adds a forwarded section that trusts all proxies on RFC1918 networks.
---
 docker/nginx-unit.json | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/docker/nginx-unit.json b/docker/nginx-unit.json
index fc33a2c..76415f5 100644
--- a/docker/nginx-unit.json
+++ b/docker/nginx-unit.json
@@ -1,16 +1,20 @@
 {
   "listeners": {
-    "0.0.0.0:8080": {
-      "pass": "routes/main"
+    "*:8080": {
+      "pass": "routes/main",
+      "forwarded": {
+        "client_ip": "X-Forwarded-For",
+        "protocol": "X-Forwarded-Proto",
+        "source": ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
+      }
     },
-    "[::]:8080": {
-      "pass": "routes/main"
-    },
-    "0.0.0.0:8081": {
-      "pass": "routes/status"
-    },
-    "[::]:8081": {
-      "pass": "routes/status"
+    "*:8081": {
+      "pass": "routes/status",
+      "forwarded": {
+        "client_ip": "X-Forwarded-For",
+        "protocol": "X-Forwarded-Proto",
+        "source": ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
+      }
     }
   },
   "routes": {