Skip to content

Commit c5623a1

Browse files
mbuechnermbuechner
committed
Update Nginx configuration for improved real IP handling and cache bypass settings
1 parent f3bd1bc commit c5623a1

2 files changed

Lines changed: 13 additions & 8 deletions

File tree

config/nginx/nginx.conf

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -121,7 +121,7 @@ http {
121121
text/x-component
122122
text/x-cross-domain-policy;
123123

124-
real_ip_header X-Real-IP;
124+
real_ip_header X-Forwarded-For;
125125
real_ip_recursive on;
126126

127127
set_real_ip_from 127.0.0.1;
@@ -135,9 +135,14 @@ http {
135135
limit_req_status 429;
136136
limit_conn_status 429;
137137

138-
limit_req_zone $binary_remote_addr zone=drupal_rps:20m rate=20r/s;
139-
limit_req_zone $binary_remote_addr zone=drupal_heavy:20m rate=3r/s;
140-
limit_conn_zone $binary_remote_addr zone=perip_conn:20m;
138+
map $http_x_forwarded_for $limit_client_ip {
139+
default $remote_addr;
140+
~^(?<first>[^,\s]+) $first;
141+
}
142+
143+
limit_req_zone $limit_client_ip zone=drupal_rps:20m rate=20r/s;
144+
limit_req_zone $limit_client_ip zone=drupal_heavy:20m rate=3r/s;
145+
limit_conn_zone $limit_client_ip zone=perip_conn:20m;
141146

142147
fastcgi_cache_path /var/cache/nginx/fastcgi_cache levels=1:2 keys_zone=drupal_microcache:50m inactive=60m max_size=500m;
143148

config/nginx/preset.conf

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -109,8 +109,8 @@ location @drupal {
109109
fastcgi_cache_key "$scheme$request_method$host$request_uri";
110110
fastcgi_cache_valid 200 301 302 10s;
111111
fastcgi_cache_valid 404 1s;
112-
fastcgi_cache_bypass $drupal_cache_bypass_method $drupal_cache_bypass_cookie $http_authorization $query_string;
113-
fastcgi_no_cache $drupal_cache_bypass_method $drupal_cache_bypass_cookie $http_authorization $query_string;
112+
fastcgi_cache_bypass $drupal_cache_bypass_method $drupal_cache_bypass_cookie $http_authorization;
113+
fastcgi_no_cache $drupal_cache_bypass_method $drupal_cache_bypass_cookie $http_authorization;
114114
add_header X-Cache $upstream_cache_status always;
115115

116116
include fastcgi.conf;
@@ -147,8 +147,8 @@ location = /index.php {
147147
fastcgi_cache_key "$scheme$request_method$host$request_uri";
148148
fastcgi_cache_valid 200 301 302 10s;
149149
fastcgi_cache_valid 404 1s;
150-
fastcgi_cache_bypass $drupal_cache_bypass_method $drupal_cache_bypass_cookie $http_authorization $query_string;
151-
fastcgi_no_cache $drupal_cache_bypass_method $drupal_cache_bypass_cookie $http_authorization $query_string;
150+
fastcgi_cache_bypass $drupal_cache_bypass_method $drupal_cache_bypass_cookie $http_authorization;
151+
fastcgi_no_cache $drupal_cache_bypass_method $drupal_cache_bypass_cookie $http_authorization;
152152
add_header X-Cache $upstream_cache_status always;
153153

154154
fastcgi_pass php;

0 commit comments

Comments
 (0)