From f275e51d54cd2477d43f7b8aeec05b52a8116f00 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thorben=20G=C3=BCnther?= <admin@xenrox.net>
Date: Fri, 3 Sep 2021 11:04:43 +0200
Subject: [PATCH] vault: Trust nginx to correctly set X-Forwarded-For

Needed for restricting approle access to certain IP addresses.
---
 roles/vault/templates/vault.hcl.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/vault/templates/vault.hcl.j2 b/roles/vault/templates/vault.hcl.j2
index fc6336d..ac1742f 100644
--- a/roles/vault/templates/vault.hcl.j2
+++ b/roles/vault/templates/vault.hcl.j2
@@ -9,4 +9,5 @@ listener "tcp" {
     address = "127.0.0.1:8200"
     tls_disable = 1
     proxy_protocol_behavior = "use_always"
+    x_forwarded_for_authorized_addrs = "127.0.0.1"
 }
-- 
2.44.0