From 37743a3103635cfd0cde39349077e221a9b57b10 Mon Sep 17 00:00:00 2001
From: Chloe Gerhardson <chloe.gerhardson@pyfound.org>
Date: Tue, 30 Jan 2024 19:15:56 -0500
Subject: [PATCH 1/2] Add realip.conf

This commit introdcues a realip.conf nginx configuration file to be managed by salt.
---
 salt/nginx/config/realip-nginx.jinja.conf | 0
 salt/nginx/init.sls                       | 9 +++++++++
 2 files changed, 9 insertions(+)
 create mode 100644 salt/nginx/config/realip-nginx.jinja.conf

diff --git a/salt/nginx/config/realip-nginx.jinja.conf b/salt/nginx/config/realip-nginx.jinja.conf
new file mode 100644
index 00000000..e69de29b
diff --git a/salt/nginx/init.sls b/salt/nginx/init.sls
index 158dddd5..71a702d4 100644
--- a/salt/nginx/init.sls
+++ b/salt/nginx/init.sls
@@ -94,6 +94,15 @@ nginx:
     - require:
       - pkg: nginx
 
+/etc/nginx/sites.d/realip.conf:
+  file.managed:
+    - source: salt://nginx/config/realip-nginx.jinja.conf
+    - template: jinja
+    - user: root
+    - group: root
+    - mode: "0644"
+    - require:
+      - file: /etc/nginx/sites.d/
 
 /etc/logrotate.d/nginx:
   file.managed:

From 4b40666ef9dd5b3e93228a7291a0cef124ccc574 Mon Sep 17 00:00:00 2001
From: Chloe Gerhardson <chloe.gerhardson@pyfound.org>
Date: Tue, 30 Jan 2024 20:23:50 -0500
Subject: [PATCH 2/2] Configure realip

This commit adds configuration for nginx realip module for X-Forwarded-For handling.
---
 salt/nginx/config/realip-nginx.jinja.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/salt/nginx/config/realip-nginx.jinja.conf b/salt/nginx/config/realip-nginx.jinja.conf
index e69de29b..b5ea92d6 100644
--- a/salt/nginx/config/realip-nginx.jinja.conf
+++ b/salt/nginx/config/realip-nginx.jinja.conf
@@ -0,0 +1,4 @@
+# Real IP Configuration
+set_real_ip_from {{ pillar["psf_internal_network"] }};
+set_real_ip_from 127.0.0.1;
+real_ip_header X-Forwarded-For;