feat: automatically use X-Forwarded-For from built-in nginx

In the SSL setup the X-Forwarded-For header is created by the built-in nginx server so Weblate should use it unless configured otherwise. See WeblateOrg/weblate#13325
WeblateOrg · Dec 19, 2024 · 4bdd608 · 4bdd608
1 parent aa93d27
commit 4bdd608
Showing 1 changed file with 11 additions and 6 deletions.
diff --git a/start b/start
@@ -260,12 +260,7 @@ if [ "$1" = "runserver" ] ; then
     mkdir -p /run/celery
     rm -f /run/celery/beat.pid
 
-    # Generate nginx configuration
-    if [ -f /app/data/ssl/privkey.pem ] ; then
-        template=/etc/nginx/ssl.tpl
-    else
-        template=/etc/nginx/default.tpl
-    fi
+    # Parse upstream X-Forwarded-For
     case "$WEBLATE_IP_PROXY_HEADER" in
         HTTP_X_FORWARDED_FOR)
             WEBLATE_REALIP="
@@ -277,6 +272,16 @@ set_real_ip_from 0.0.0.0/0;
             WEBLATE_REALIP=""
             ;;
     esac
+    # Generate nginx configuration
+    if [ -f /app/data/ssl/privkey.pem ] ; then
+        template=/etc/nginx/ssl.tpl
+        if [ -z "$WEBLATE_IP_PROXY_HEADER" ] ; then
+            # Use X-Forwarded-For from the built-in nginx
+            export WEBLATE_IP_PROXY_HEADER=HTTP_X_FORWARDED_FOR
+        fi
+    else
+        template=/etc/nginx/default.tpl
+    fi
 
     export WEBLATE_REALIP
     mkdir -p /tmp/nginx