Our Nginx configuration uses this variable to automatically set
X-External-Client: 1 in API request headers when clients don't have
direct access to Keep stores.
* Document the variable definition, and how to customize it, in the
suggested API server configuration.
* Remove the variable from the Workbench configuration. Workbench
does not currently read this header, so it isn't necessary.
proxy_http_version 1.1;
+# When Keep clients request a list of Keep services from the API server, the
+# server will automatically return the list of available proxies if
+# the request headers include X-External-Client: 1. Following the example
+# here, at the end of this section, add a line for each netmask that has
+# direct access to Keep storage daemons to set this header value to 0.
+geo $external_client {
+ default 1;
+ <span class="userinput">10.20.30.0/24</span> 0;
+}
+
server {
listen <span class="userinput">[your public IP address]</span>:443 ssl;
server_name <span class="userinput">uuid_prefix.your.domain</span>;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
- proxy_set_header X-External-Client $external_client;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}