From fa39cd58e05677da314dfdde1c8274dea3a1dbe8 Mon Sep 17 00:00:00 2001
From: Sebastian Eriksson <sebastian98@live.se>
Date: Sun, 19 Jan 2025 18:44:46 +0100
Subject: [PATCH] remove infra

---
 config/nginx.conf | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/config/nginx.conf b/config/nginx.conf
index e57c247..518ef3d 100644
--- a/config/nginx.conf
+++ b/config/nginx.conf
@@ -31,22 +31,16 @@ http {
     # (We do a separate server block for clarity. Could be done with if/host checks.)
   }
 
-  server {
-    listen 80;
-    server_name ~^(?<subdomain>.+)\.infra\.mrcynic\.site$;
-
-    location / {
-      proxy_pass http://external_ingress;
-      proxy_set_header Host $host;
-      proxy_set_header X-Real-IP $remote_addr;
-    }
-  }
-
   # dev.mrcynic.site - allow only LAN
   server {
     listen 80;
     server_name ~^(?<subdomain>.+)\.dev\.mrcynic\.site$;
 
+    # Inform NGINX how to read the client IP from X-Forwarded-For
+    real_ip_header X-Forwarded-For;
+    set_real_ip_from 192.168.0.1;
+    real_ip_recursive on;
+
     # Block if not LAN (192.168.0.0/24). You can expand or tighten this as needed.
     allow 192.168.0.0/24;
     deny all;
@@ -57,4 +51,15 @@ http {
       proxy_set_header X-Real-IP $remote_addr;
     }
   }
+
+  server {
+    listen 80;
+    server_name ~^(?<subdomain>.+)\.mrcynic\.site$;
+
+    location / {
+      proxy_pass http://external_ingress;
+      proxy_set_header Host $host;
+      proxy_set_header X-Real-IP $remote_addr;
+    }
+  }
 }
\ No newline at end of file