Fix real IP in proxy config

roles/docker/defaults/main.yml

@@ -3,6 +3,9 @@
 volume_root_folder: "/docker-volumes"
 volume_website_folder: "{{ volume_root_folder }}/websites"
 
+external_services_network_ipv4_subnet: '172.28.0.0/16'
+external_services_network_ipv6_subnet: 'fd02::/64'
+
 services:
   ### Internal services ###
   postfix:

roles/docker/tasks/services.yml

@@ -3,6 +3,10 @@
 - name: Set up external services network
   docker_network:
     name: external_services
+    enable_ipv6: true
+    ipam_config:
+      - subnet: "{{ external_services_network_ipv4_subnet }}"
+      - subnet: "{{ external_services_network_ipv6_subnet }}"
 
 - name: Deploy all services
   include_tasks:

roles/docker/templates/fedi_dk_nodebb/config.json.j2

@@ -4,8 +4,7 @@
     "database": "mongo",
     "port": [{% for port in range(services.fedi_dk_nodebb.nodebb_port_begin,
                                   services.fedi_dk_nodebb.nodebb_port_begin + services.fedi_dk_nodebb.nodebb_processes)
-    %}{{ port }}{% if not loop.last %}, {% endif %}{% endfor %}]
-    ["4567", "4568", "4569", "4570"],
+    %}"{{ port }}"{% if not loop.last %}, {% endif %}{% endfor %}],
     "mongo": {
         "host": "mongodb",
         "port": "27017",

roles/docker/templates/fedi_dk_nodebb/nginx/http.conf.j2

@@ -1,12 +1,17 @@
 resolver 127.0.0.11 valid=30s ipv6=off;
 
+set_real_ip_from  {{ external_services_network_ipv4_subnet }};
+set_real_ip_from  {{ external_services_network_ipv6_subnet }};
+real_ip_header    X-Forwarded-For;
+real_ip_recursive on;
+
 map $http_upgrade $connection_upgrade {
     default upgrade;
     ''      close;
 }
 
 upstream workers {
-    hash $http_x_real_ip;
+    ip_hash;
 {% for port in range(services.fedi_dk_nodebb.nodebb_port_begin,
                      services.fedi_dk_nodebb.nodebb_port_begin + services.fedi_dk_nodebb.nodebb_processes) %}
     server app.nodebb:{{ port }};