diff --git a/angie/autoconf/http-realip.conf.j2 b/angie/autoconf/http-realip.conf.j2
new file mode 100644
index 0000000..ad51b36
--- /dev/null
+++ b/angie/autoconf/http-realip.conf.j2
@@ -0,0 +1,5 @@
+{%- set hdr = j2cfg.headers.real_ip_from or 'off' -%}
+{%- if hdr != 'off' %}
+real_ip_header {{ hdr | http_header }};
+{% include 'realip-set-from.j2inc' %}
+{%- endif %}
\ No newline at end of file
diff --git a/angie/autoconf/mail-realip.conf.j2 b/angie/autoconf/mail-realip.conf.j2
new file mode 100644
index 0000000..5fe1be1
--- /dev/null
+++ b/angie/autoconf/mail-realip.conf.j2
@@ -0,0 +1 @@
+{% include 'realip-set-from.j2inc' %}
\ No newline at end of file
diff --git a/angie/autoconf/realip-set-from.j2inc b/angie/autoconf/realip-set-from.j2inc
new file mode 100644
index 0000000..7a2fb64
--- /dev/null
+++ b/angie/autoconf/realip-set-from.j2inc
@@ -0,0 +1,8 @@
+{%- set src = (j2cfg.trusted_sources or []) | any_to_str_list | uniq_str_list | ngx_esc -%}
+{%- if src %}
+  {%- for s in src %}
+set_real_ip_from {{ s }};
+  {%- endfor %}
+{%- else %}
+set_real_ip_from unix: ;
+{%- endif %}
\ No newline at end of file
diff --git a/angie/autoconf/stream-realip.conf.j2 b/angie/autoconf/stream-realip.conf.j2
new file mode 100644
index 0000000..5fe1be1
--- /dev/null
+++ b/angie/autoconf/stream-realip.conf.j2
@@ -0,0 +1 @@
+{% include 'realip-set-from.j2inc' %}
\ No newline at end of file
diff --git a/angie/j2cfg.yml b/angie/j2cfg.yml
index f426ae6..9ba814d 100644
--- a/angie/j2cfg.yml
+++ b/angie/j2cfg.yml
@@ -58,3 +58,15 @@ tls:
       dhparam: tls/dh1024.pem
       session_tickets: off
       session_timeout: 1d
+
+## well-known values are:
+## - 'off'             - don't use "realip" module
+## - 'proxy_protocol'  - get information from PROXY protocol if listen directive has "proxy_protocol" option
+## - 'X-Forwarded-For' - get information from 'X-Forwarded-For' header
+## - 'X-Real-IP'       - get information from 'X-Real-IP' header
+## any other value will be treated as uncommon (but valid?) header
+real_ip_from: off
+## list of trusted sources to be used in "realip" module
+## ref: https://en.angie.software/angie/docs/configuration/modules/http/http_realip/
+## if empty, defaults to "unix:"
+trusted_sources: []