From bb7b5ec70c2b4c7e382edef9affec92caef72f65 Mon Sep 17 00:00:00 2001
From: Penar Musaraj <pmusaraj@gmail.com>
Date: Sun, 22 Dec 2024 16:12:22 -0500
Subject: [PATCH] FIX: Simplify nginx config change (#30383) (#30410)

---
 config/nginx.sample.conf | 69 +++++++++++++++++++++++++++++-----------
 1 file changed, 50 insertions(+), 19 deletions(-)

diff --git a/config/nginx.sample.conf b/config/nginx.sample.conf
index 9f0aa29572d..70c305a4ced 100644
--- a/config/nginx.sample.conf
+++ b/config/nginx.sample.conf
@@ -106,23 +106,26 @@ server {
     # auth_basic on;
     # auth_basic_user_file /etc/nginx/htpasswd;
 
-    # proxy_set_header directives are inherited from the previous configuration
-    # level if and only if there are no proxy_set_header directives defined on
-    # the current level.
-    proxy_set_header Host $http_host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Request-Start "t=${msec}";
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Forwarded-Proto $thescheme;
-    proxy_set_header X-Sendfile-Type "";
-    proxy_set_header X-Accel-Mapping "";
-
     location ~ ^/uploads/short-url/ {
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Request-Start "t=${msec}";
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $thescheme;
+      proxy_set_header X-Sendfile-Type "";
+      proxy_set_header X-Accel-Mapping "";
       proxy_pass http://discourse;
       break;
     }
 
     location ~ ^/(secure-media-uploads/|secure-uploads)/ {
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Request-Start "t=${msec}";
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $thescheme;
+      proxy_set_header X-Sendfile-Type "";
+      proxy_set_header X-Accel-Mapping "";
       proxy_pass http://discourse;
       break;
     }
@@ -136,6 +139,13 @@ server {
     location = /srv/status {
       access_log off;
       log_not_found off;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Request-Start "t=${msec}";
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $thescheme;
+      proxy_set_header X-Sendfile-Type "";
+      proxy_set_header X-Accel-Mapping "";
       proxy_pass http://discourse;
       break;
     }
@@ -173,9 +183,12 @@ server {
     }
 
     location ~ ^/uploads/ {
-      # proxy_set_header directives are inherited from the previous configuration
-      # level if and only if there are no proxy_set_header directives defined on
-      # the current level.
+
+      # NOTE: it is really annoying that we can't just define headers
+      # at the top level and inherit.
+      #
+      # proxy_set_header DOES NOT inherit, by design, we must repeat it,
+      # otherwise headers are not set correctly
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Request-Start "t=${msec}";
@@ -183,7 +196,6 @@ server {
       proxy_set_header X-Forwarded-Proto $thescheme;
       proxy_set_header X-Sendfile-Type X-Accel-Redirect;
       proxy_set_header X-Accel-Mapping $public/=/downloads/;
-
       expires 1y;
       add_header Cache-Control public,immutable;
 
@@ -215,9 +227,6 @@ server {
     }
 
     location ~ ^/admin/backups/ {
-      # proxy_set_header directives are inherited from the previous configuration
-      # level if and only if there are no proxy_set_header directives defined on
-      # the current level.
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Request-Start "t=${msec}";
@@ -225,7 +234,6 @@ server {
       proxy_set_header X-Forwarded-Proto $thescheme;
       proxy_set_header X-Sendfile-Type X-Accel-Redirect;
       proxy_set_header X-Accel-Mapping $public/=/downloads/;
-
       proxy_pass http://discourse;
       break;
     }
@@ -234,6 +242,14 @@ server {
     # acceleration for backups, avatars, sprites and so on.
     # see note about repetition above
     location ~ ^/(svg-sprite/|letter_avatar/|letter_avatar_proxy/|user_avatar|highlight-js|stylesheets|theme-javascripts|favicon/proxied|service-worker) {
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Request-Start "t=${msec}";
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $thescheme;
+      proxy_set_header X-Sendfile-Type "";
+      proxy_set_header X-Accel-Mapping "";
+
       # if Set-Cookie is in the response nothing gets cached
       # this is double bad cause we are not passing last modified in
       proxy_ignore_headers "Set-Cookie";
@@ -252,6 +268,13 @@ server {
 
     # we need buffering off for message bus
     location /message-bus/ {
+      proxy_set_header X-Request-Start "t=${msec}";
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $thescheme;
+      proxy_set_header X-Sendfile-Type "";
+      proxy_set_header X-Accel-Mapping "";
       proxy_http_version 1.1;
       proxy_buffering off;
       proxy_pass http://discourse;
@@ -268,6 +291,14 @@ server {
   }
 
   location @discourse {
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Request-Start "t=${msec}";
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $thescheme;
+    proxy_set_header X-Sendfile-Type "";
+    proxy_set_header X-Accel-Mapping "";
     proxy_pass http://discourse;
   }
+
 }