~xenrox/ansible: vault: Trust nginx to correctly set X-Forwarded-For

f275e51d54cd2477d43f7b8aeec05b52a8116f00 — Thorben Günther 2 years ago 3a9fe7a

vault: Trust nginx to correctly set X-Forwarded-For

Needed for restricting approle access to certain IP addresses.

patch browse .tar.gz

1 files changed, 1 insertions(+), 0 deletions(-)

M roles/vault/templates/vault.hcl.j2

M roles/vault/templates/vault.hcl.j2 => roles/vault/templates/vault.hcl.j2 +1 -0

@@ 9,4 9,5 @@ listener "tcp" {
     address = "127.0.0.1:8200"
     tls_disable = 1
     proxy_protocol_behavior = "use_always"
+    x_forwarded_for_authorized_addrs = "127.0.0.1"
 }