templates/configmap.yaml を更新

2025-11-28 11:24:37 +00:00
parent 23568402aa
commit b530af4921
1 changed files with 28 additions and 23 deletions
--- a/templates/configmap.yaml
+++ b/templates/configmap.yaml
@@ -10,6 +10,18 @@ data:
        server 127.0.0.1:9000;
    }

+    # Ingress/LBからのリアルIPを取得
+    map $http_x_forwarded_for $real_ip {
+        ~^(\d+\.\d+\.\d+\.\d+) $1;
+        default $remote_addr;
+    }
+
+    # プロトコル判定（HTTP or HTTPS）
+    map $http_x_forwarded_proto $fastcgi_https {
+        default '';
+        https on;
+    }
+
    server {
        listen 80;
        server_name _;
@@ -21,9 +33,12 @@ data:

        client_max_body_size 64M;

-        # リアルIPの取得（LoadBalancer/Ingress経由の場合）
+        # リアルIP設定
        real_ip_header X-Forwarded-For;
-        set_real_ip_from 0.0.0.0/0;
+        set_real_ip_from 10.0.0.0/8;
+        set_real_ip_from 172.16.0.0/12;
+        set_real_ip_from 192.168.0.0/16;
+        real_ip_recursive on;

        location / {
            try_files $uri $uri/ /index.php?$args;
@@ -36,35 +51,25 @@ data:
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
+            
+            # HTTPSリバースプロキシ対応
+            fastcgi_param HTTPS $fastcgi_https;
+            fastcgi_param HTTP_X_FORWARDED_PROTO $http_x_forwarded_proto;
+            fastcgi_param HTTP_X_FORWARDED_FOR $http_x_forwarded_for;
+            fastcgi_param HTTP_X_FORWARDED_HOST $http_x_forwarded_host;
+            fastcgi_param HTTP_X_REAL_IP $real_ip;
+            fastcgi_param REMOTE_ADDR $real_ip;
+            fastcgi_param SERVER_PORT $http_x_forwarded_port;
+            
            fastcgi_buffering off;
            fastcgi_read_timeout 300;
-
-            # HTTPS対応（重要）
-            fastcgi_param HTTPS $https if_not_empty;
-            fastcgi_param REQUEST_SCHEME $scheme;
-            
-            # X-Forwarded-*ヘッダーの転送
-            fastcgi_param HTTP_X_FORWARDED_PROTO $http_x_forwarded_proto;
-            fastcgi_param HTTP_X_FORWARDED_HOST $http_x_forwarded_host;
-            fastcgi_param HTTP_X_FORWARDED_PORT $http_x_forwarded_port;
-            fastcgi_param HTTP_X_FORWARDED_FOR $http_x_forwarded_for;
-            fastcgi_param HTTP_X_REAL_IP $http_x_real_ip;
-
-            # HTTPSが検出された場合の明示的な設定
-            set $https_value "";
-            if ($http_x_forwarded_proto = "https") {
-                set $https_value "on";
-            }
-            if ($scheme = "https") {
-                set $https_value "on";
-            }
-            fastcgi_param HTTPS $https_value;
        }

        location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
            expires max;
            log_not_found off;
            access_log off;
+            add_header Cache-Control "public, immutable";
        }

        location = /favicon.ico {