fix nginx header forwarding

Author: martenson

templates/nginx/galaxy.j2

@@ -28,12 +28,21 @@ server {
 	# The most important location block, by default all requests are sent to gunicorn
 	# If you serve galaxy at a path like /galaxy, change that below (and all other locations!)
 	location / {
-		# This is the backend to send the requests to.
-		proxy_pass http://galaxy;
+		# Remove any forwarded headers that clients might have sent
+		proxy_set_header X-Forwarded-For "";
+		proxy_set_header X-Forwarded-Proto "";
+		proxy_set_header X-Forwarded-Host "";
+
+		# Set the headers with trusted values
 		proxy_set_header Host $http_host;
-		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header X-Forwarded-For $remote_addr;
 		proxy_set_header X-Forwarded-Proto $scheme;
+		proxy_set_header X-Forwarded-Host $host;
 		proxy_set_header Upgrade $http_upgrade;
+		proxy_set_header Connection "upgrade";
+
+		# This is the backend to send the requests to
+		proxy_pass http://galaxy;
 	}
 
 	location /api/upload/resumable_upload {
@@ -99,7 +108,7 @@ server {
 		proxy_buffering                    off;
 		proxy_set_header Host              $http_host;
 		proxy_set_header X-Real-IP         $remote_addr;
-		proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+		proxy_set_header X-Forwarded-For   $remote_addr;
 		proxy_set_header X-Forwarded-Proto $scheme;
 	}
 

templates/nginx/sentry.j2

@@ -13,9 +13,8 @@ server {
 		proxy_pass "http://localhost:9000";
 
 		proxy_set_header Host $http_host;
-		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header X-Forwarded-For $remote_addr;
 		proxy_set_header X-Forwarded-Proto $scheme;
 		proxy_set_header Upgrade $http_upgrade;
 	}
 }
-