[nextcloud-web] nginx: Attempt to strip ::ffff prefix

[Bartłomiej Piotrowski <bpiotrowski src gnome org>]

commit 2450e9e8d9cddc58f499786746b6e2ef1013faa8
Author: Bartłomiej Piotrowski <bpiotrowski gnome org>
Date:   Wed Jun 23 13:40:54 2021 +0200

    nginx: Attempt to strip ::ffff prefix

 nginx/nginx.conf | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)
---
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index aa439ce..9ee174d 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -20,7 +20,7 @@ http {
 
   log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                     '$status $body_bytes_sent "$http_referer" '
-                    '"$http_user_agent" "$http_x_forwarded_for"';
+                    '"$http_user_agent" "$http_x_forwarded_for" "$real_x_forwarded_for"';
   access_log  /dev/stdout  main;
 
   upstream php-handler {
@@ -39,6 +39,11 @@ http {
     set_real_ip_from 10.0.0.0/8;
     real_ip_header X-Forwarded-For;
 
+    map $http_x_forwarded_for $real_x_forwarded_for {
+      default $http_x_forwarded_for;
+      ~^::ffff:(.*) $1;
+    }
+
     # Add headers to serve security related headers
     # Before enabling Strict-Transport-Security headers please read into this
     # topic first.
@@ -113,7 +118,7 @@ http {
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       fastcgi_param PATH_INFO $fastcgi_path_info;
       fastcgi_param HTTPS on;
-      fastcgi_param REMOTE_ADDR $http_x_forwarded_for;
+      fastcgi_param REMOTE_ADDR $real_x_forwarded_for;
       #Avoid sending the security headers twice
       fastcgi_param modHeadersAvailable true;
       fastcgi_param front_controller_active true;