anonymize user IPs
This commit is contained in:
parent
4f5a94fda9
commit
7a7a9e4657
|
|
@ -0,0 +1,9 @@
|
|||
class DisableSignInTokenByDefault < ActiveRecord::Migration[6.1]
|
||||
def up
|
||||
change_column_default :users, :skip_sign_in_token, true
|
||||
end
|
||||
|
||||
def down
|
||||
change_column_default :users, :skip_sign_in_token, nil
|
||||
end
|
||||
end
|
||||
|
|
@ -10,7 +10,7 @@
|
|||
#
|
||||
# It's strongly recommended that you check this file into your version control system.
|
||||
|
||||
ActiveRecord::Schema.define(version: 2021_12_13_040746) do
|
||||
ActiveRecord::Schema.define(version: 2022_01_29_231143) do
|
||||
|
||||
# These are extensions that must be enabled in order to support this database
|
||||
enable_extension "plpgsql"
|
||||
|
|
@ -953,7 +953,7 @@ ActiveRecord::Schema.define(version: 2021_12_13_040746) do
|
|||
t.datetime "sign_in_token_sent_at"
|
||||
t.string "webauthn_id"
|
||||
t.inet "sign_up_ip"
|
||||
t.boolean "skip_sign_in_token"
|
||||
t.boolean "skip_sign_in_token", default: true
|
||||
t.index ["account_id"], name: "index_users_on_account_id"
|
||||
t.index ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true
|
||||
t.index ["created_by_application_id"], name: "index_users_on_created_by_application_id"
|
||||
|
|
|
|||
|
|
@ -3,6 +3,12 @@ map $http_upgrade $connection_upgrade {
|
|||
'' close;
|
||||
}
|
||||
|
||||
map $remote_addr $anonymized_remote_addr {
|
||||
# indicates that the user is not using tor without revealing their real IP.
|
||||
default 127.0.0.2;
|
||||
"127.0.0.1" 127.0.0.1;
|
||||
}
|
||||
|
||||
upstream backend {
|
||||
server 127.0.0.1:3000 fail_timeout=0;
|
||||
}
|
||||
|
|
@ -72,8 +78,8 @@ server {
|
|||
|
||||
location @proxy {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Real-IP $anonymized_remote_addr;
|
||||
proxy_set_header X-Forwarded-For $anonymized_remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Proxy "";
|
||||
proxy_pass_header Server;
|
||||
|
|
@ -97,8 +103,8 @@ server {
|
|||
|
||||
location /api/v1/streaming {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Real-IP $anonymized_remote_addr;
|
||||
proxy_set_header X-Forwarded-For $anonymized_remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Proxy "";
|
||||
|
||||
|
|
|
|||
Reference in New Issue