initial commit

image-entry.d/24-http-forward-headers.envsh

@@ -0,0 +1,112 @@
+#!/bin/sh
+
+if [ "${NGX_HTTP}" = 0 ] ; then
+	unset NGX_HTTP_TRANSPARENT_PROXY NGX_HTTP_FAKE_UA NGX_HTTP_FORWARDED NGX_HTTP_X_FORWARDED NGX_HTTP_X_REAL_IP
+else
+	unset _NGX_HTTP_FAKE_UA _NGX_HTTP_FORWARDED _NGX_HTTP_X_FORWARDED _NGX_HTTP_X_REAL_IP
+	## here should be SANE defaults (!)
+	_NGX_HTTP_FAKE_UA='Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36'
+	_NGX_HTTP_FORWARDED=pass
+	_NGX_HTTP_X_FORWARDED=pass
+	_NGX_HTTP_X_REAL_IP=pass
+
+	NGX_HTTP_TRANSPARENT_PROXY=$(gobool_to_int "${NGX_HTTP_TRANSPARENT_PROXY:-0}" 0)
+	export NGX_HTTP_TRANSPARENT_PROXY
+
+	[ -n "${NGX_HTTP_FAKE_UA:-}" ] || NGX_HTTP_FAKE_UA=${_NGX_HTTP_FAKE_UA}
+	export NGX_HTTP_FAKE_UA
+
+	if [ -n "${NGX_HTTP_FORWARDED:-}" ] ; then
+		NGX_HTTP_FORWARDED=$(printf '%s' "${NGX_HTTP_FORWARDED}" | tr '[:upper:]' '[:lower:]')
+	fi
+	if [ -n "${NGX_HTTP_X_FORWARDED:-}" ] ; then
+		NGX_HTTP_X_FORWARDED=$(printf '%s' "${NGX_HTTP_X_FORWARDED}" | tr '[:upper:]' '[:lower:]')
+	fi
+	if [ -n "${NGX_HTTP_X_REAL_IP:-}" ] ; then
+		NGX_HTTP_X_REAL_IP=$(printf '%s' "${NGX_HTTP_X_REAL_IP}" | tr '[:upper:]' '[:lower:]')
+	fi
+
+	if [ "${NGX_HTTP_TRANSPARENT_PROXY}" = 1 ] ; then
+		if [ -n "${NGX_HTTP_FORWARDED:-}" ] ; then
+			log_always "NGX_HTTP_FORWARDED: overridden to 'remove' due to NGX_HTTP_TRANSPARENT_PROXY=1"
+		fi
+		NGX_HTTP_FORWARDED=remove
+
+		if [ -n "${NGX_HTTP_X_FORWARDED:-}" ] ; then
+			log_always "NGX_HTTP_X_FORWARDED: overridden to 'remove' due to NGX_HTTP_TRANSPARENT_PROXY=1"
+		fi
+		NGX_HTTP_X_FORWARDED=remove
+
+		if [ -n "${NGX_HTTP_X_REAL_IP:-}" ] ; then
+			log_always "NGX_HTTP_X_REAL_IP: overridden to 'remove' due to NGX_HTTP_TRANSPARENT_PROXY=1"
+		fi
+		NGX_HTTP_X_REAL_IP=remove
+	else
+		if [ -z "${NGX_HTTP_FORWARDED:-}" ] ; then
+			NGX_HTTP_FORWARDED=${_NGX_HTTP_FORWARDED}
+		fi
+		case "${NGX_HTTP_FORWARDED}" in
+		pass | remove ) ;;
+		* )
+			unset x
+			x=$(gobool_to_int "${NGX_HTTP_FORWARDED}")
+			case "$x" in
+			0 ) NGX_HTTP_FORWARDED=remove ;;
+			1 ) NGX_HTTP_FORWARDED=pass ;;
+			* )
+				log_always "NGX_HTTP_FORWARDED: unrecognized value: ${NGX_HTTP_FORWARDED}"
+				log_always "setting NGX_HTTP_FORWARDED=${_NGX_HTTP_FORWARDED}"
+				NGX_HTTP_FORWARDED=${_NGX_HTTP_FORWARDED}
+			;;
+			esac
+			unset x
+		;;
+		esac
+
+		if [ -z "${NGX_HTTP_X_FORWARDED:-}" ] ; then
+			NGX_HTTP_X_FORWARDED=${_NGX_HTTP_X_FORWARDED}
+		fi
+		case "${NGX_HTTP_X_FORWARDED}" in
+		pass | remove ) ;;
+		* )
+			unset x
+			x=$(gobool_to_int "${NGX_HTTP_X_FORWARDED}")
+			case "$x" in
+			0 ) NGX_HTTP_X_FORWARDED=remove ;;
+			1 ) NGX_HTTP_X_FORWARDED=pass ;;
+			* )
+				log_always "NGX_HTTP_X_FORWARDED: unrecognized value: ${NGX_HTTP_X_FORWARDED}"
+				log_always "setting NGX_HTTP_X_FORWARDED=${_NGX_HTTP_X_FORWARDED}"
+				NGX_HTTP_X_FORWARDED=${_NGX_HTTP_X_FORWARDED}
+			;;
+			esac
+			unset x
+		;;
+		esac
+
+		if [ -z "${NGX_HTTP_X_REAL_IP:-}" ] ; then
+			NGX_HTTP_X_REAL_IP=${_NGX_HTTP_X_REAL_IP}
+		fi
+		case "${NGX_HTTP_X_REAL_IP}" in
+		pass | remove ) ;;
+		* )
+			unset x
+			x=$(gobool_to_int "${NGX_HTTP_X_REAL_IP}")
+			case "$x" in
+			0 ) NGX_HTTP_X_REAL_IP=remove ;;
+			1 ) NGX_HTTP_X_REAL_IP=pass ;;
+			* )
+				log_always "NGX_HTTP_X_REAL_IP: unrecognized value: ${NGX_HTTP_X_REAL_IP}"
+				log_always "setting NGX_HTTP_X_REAL_IP=${_NGX_HTTP_X_REAL_IP}"
+				NGX_HTTP_X_REAL_IP=${_NGX_HTTP_X_REAL_IP}
+			;;
+			esac
+			unset x
+		;;
+		esac
+	fi
+
+	export NGX_HTTP_FORWARDED NGX_HTTP_X_FORWARDED NGX_HTTP_X_REAL_IP
+
+	unset _NGX_HTTP_FAKE_UA _NGX_HTTP_FORWARDED _NGX_HTTP_X_FORWARDED _NGX_HTTP_X_REAL_IP
+fi