From 20efa793d753fa346c19401a569be3cb42cb3e8a Mon Sep 17 00:00:00 2001 From: pieter Date: Mon, 15 Dec 2025 08:13:46 +0000 Subject: [PATCH] =?UTF-8?q?templates/configmap.yaml=20=E3=82=92=E6=9B=B4?= =?UTF-8?q?=E6=96=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- templates/configmap.yaml | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/templates/configmap.yaml b/templates/configmap.yaml index a266196..98d861b 100644 --- a/templates/configmap.yaml +++ b/templates/configmap.yaml @@ -10,11 +10,13 @@ data: server 127.0.0.1:9000; } + # 実IPアドレスの抽出(X-Forwarded-Forから最初のIPを取得) map $http_x_forwarded_for $real_ip { ~^(\d+\.\d+\.\d+\.\d+) $1; default $remote_addr; } + # HTTPSプロトコルの判定 map $http_x_forwarded_proto $fastcgi_https { default ''; https on; @@ -32,6 +34,7 @@ data: client_max_body_size 64M; + # 信頼できるプロキシからのX-Forwarded-Forヘッダーを使用 real_ip_header X-Forwarded-For; set_real_ip_from 10.0.0.0/8; set_real_ip_from 172.16.0.0/12; @@ -67,14 +70,20 @@ data: # FastCGIパラメータの読み込み include fastcgi_params; - # 重要: これらのパラメータを正しく設定 + # 基本的なFastCGIパラメータ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; - # HTTPS対応 + # HTTPS対応(重要: WordPressのis_ssl()判定に必要) fastcgi_param HTTPS $fastcgi_https if_not_empty; + # プロキシ経由のリクエスト情報をPHPに伝える + fastcgi_param HTTP_X_FORWARDED_PROTO $http_x_forwarded_proto; + fastcgi_param HTTP_X_FORWARDED_FOR $http_x_forwarded_for; + fastcgi_param HTTP_X_REAL_IP $real_ip; + fastcgi_param REMOTE_ADDR $real_ip; + # タイムアウト設定 fastcgi_read_timeout 300; fastcgi_send_timeout 300; @@ -104,4 +113,9 @@ data: access_log off; log_not_found off; } + + # XML-RPC DDoS対策(必要に応じてコメント解除) + # location = /xmlrpc.php { + # deny all; + # } } \ No newline at end of file