Added correct resolving for source IP addresses in case of HTTP proxies

2025-08-09 16:45:05 +02:00 · 2025-07-04 17:54:57 +03:00
parent d6f0ef5997
commit 20d11ee6d6
67 changed files with 475 additions and 0 deletions
--- a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx.conf
+++ b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx.conf
@ -2,6 +2,9 @@ server {
    listen 8080;
    listen [::]:8080;

+    {WEB_REAL_IP_FROM}
+    {WEB_REAL_IP_HEADER}
+
    server_name     zabbix;
    index           {HTTP_INDEX_FILE};

--- a/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx_ssl.conf
+++ b/Dockerfiles/web-nginx-mysql/rhel/conf/etc/zabbix/nginx_ssl.conf
@ -2,6 +2,9 @@ server {
    listen 8443 ssl http2;
    listen [::]:8443 ssl http2;

+    {WEB_REAL_IP_FROM}
+    {WEB_REAL_IP_HEADER}
+
    server_name     zabbix;
    server_name_in_redirect off;

--- a/Dockerfiles/web-nginx-mysql/rhel/docker-entrypoint.sh
+++ b/Dockerfiles/web-nginx-mysql/rhel/docker-entrypoint.sh
@ -35,6 +35,15 @@ NGINX_SSL_CONFIG_DIR="/etc/ssl/nginx"
 # PHP-FPM configuration file
 PHP_CONFIG_FILE="/etc/php-fpm.d/zabbix.conf"

+escape_spec_char() {
+    local var_value=$1
+
+    var_value="${var_value//\\/\\\\}"
+    var_value="${var_value//./\\.}"
+
+    echo "$var_value"
+}
+
 # usage: file_env VAR [DEFAULT]
 # as example: file_env 'MYSQL_PASSWORD' 'zabbix'
 #    (will allow for "$MYSQL_PASSWORD_FILE" to fill in the value of "$MYSQL_PASSWORD" from a file)
@ -229,6 +238,27 @@ prepare_web_server() {
    sed -i \
        -e "s/{EXPOSE_WEB_SERVER_INFO}/${EXPOSE_WEB_SERVER_INFO}/g" \
    "$NGINX_CONF_FILE"
+
+    [ ! -z "${WEB_REAL_IP_FROM}" ] && WEB_REAL_IP_FROM="set_real_ip_from ${WEB_REAL_IP_FROM};"
+    WEB_REAL_IP_FROM=$(escape_spec_char "$WEB_REAL_IP_FROM")
+    [ ! -z "${WEB_REAL_IP_HEADER}" ] && WEB_REAL_IP_HEADER="real_ip_header ${WEB_REAL_IP_HEADER};"
+    WEB_REAL_IP_HEADER=$(escape_spec_char "$WEB_REAL_IP_HEADER")
+
+    sed -i \
+        -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \
+    "$ZABBIX_CONF_DIR/nginx.conf"
+
+    sed -i \
+        -e "s/{WEB_REAL_IP_FROM}/${WEB_REAL_IP_FROM}/g" \
+    "$ZABBIX_CONF_DIR/nginx_ssl.conf"
+
+    sed -i \
+        -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \
+    "$ZABBIX_CONF_DIR/nginx.conf"
+
+    sed -i \
+        -e "s/{WEB_REAL_IP_HEADER}/${WEB_REAL_IP_HEADER}/g" \
+    "$ZABBIX_CONF_DIR/nginx_ssl.conf"
 }

 prepare_zbx_php_config() {