diff --git a/deploy/https_nginx.conf b/deploy/https_nginx.conf index 8fb02bd1..44775a01 100644 --- a/deploy/https_nginx.conf +++ b/deploy/https_nginx.conf @@ -29,20 +29,44 @@ http { location /api/v2/profiles { proxy_pass http://webapp; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; } location ~ ^/api/v(1|2)/health_check$ { proxy_pass http://webapp; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; } location /api/v1/logs { proxy_pass http://agents-logs-backend; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; } location / { auth_basic "Username and password is required"; auth_basic_user_file /etc/nginx/.htpasswd; proxy_pass http://webapp; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; # limit_req zone=ratelimit; } } diff --git a/src/gprofiler/run.sh b/src/gprofiler/run.sh index a10918fe..d1e9ea89 100755 --- a/src/gprofiler/run.sh +++ b/src/gprofiler/run.sh @@ -48,6 +48,7 @@ gunicorn_cmd_line=" --workers=${GUNICORN_PROCESS_COUNT} \ --max-requests-jitter=1000 \ --timeout=300 \ --preload \ + --forwarded-allow-ips='*' \ --log-level=${GUNICORN_LOG_LEVEL} \ --pid=${gunicorn_pid_file}"