The nginx HTTP server can be used to serve cloud-config files to booting Container Linux machines. With the addition of the http_sub_module, nginx can perform appropriate substitution of the cloud-config $private_ipv4 and $public_ipv4 variables used to simplify network configuration. The http_sub_module is enabled in the official nginx binaries, and in most Linux distributions' nginx packages.
The example nginx configuration below will perform replacement of the $public_ipv4 and $private_ipv4 variables for each client connection from a Container Linux machine booting through the cloud-init process. This example works around a known nginx bug that prevents you from escaping the $ with geo.
geo $dollar {
default "$";
}
server {
listen 8080;
location ~ ^/user_data {
root /path/to/cloud/config/files;
sub_filter '${dollar}public_ipv4' '$remote_addr';
sub_filter '${dollar}private_ipv4' '$http_x_forwarded_for';
# sub_filter '${dollar}private_ipv4' '$http_x_real_ip';
sub_filter_once off;
sub_filter_types '*';
}
}
This example configuration is valid for all /user_data* URIs (e.g., /user_data_host1, /user_data_host2). With a remote nginx accessed via a transparent proxy, $private_ipv4 substitution will work only if the proxy adds appropriate HTTP_X_FORWARDED_FOR or HTTP_X_REAL_IP HTTP header to requests.