finn/forgejo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add reverse proxy configuration support for remote IP address (#14959)

Browse source 
* Add reverse proxy configuration support for remote IP address validation

* Trust all IP addresses in containerized environments by default

* Use single option to specify networks and proxy IP addresses. By default trust all loopback IPs

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
This commit is contained in:
Lauris BH 2021-03-16 00:27:28 +02:00 committed by GitHub
parent 6e423d5573
commit 044cd4d016
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
20 changed files with 464 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
docs/content/doc/advanced/config-cheat-sheet.en-us.md
View file

@ -390,6 +390,9 @@ relation to port exhaustion.
authentication.
- `REVERSE_PROXY_AUTHENTICATION_EMAIL`: **X-WEBAUTH-EMAIL**: Header name for reverse proxy
authentication provided email.
- `REVERSE_PROXY_LIMIT`: **1**: Interpret X-Forwarded-For header or the X-Real-IP header and set this as the remote IP for the request.
Number of trusted proxy count. Set to zero to not use these headers.
- `REVERSE_PROXY_TRUSTED_PROXIES`: **127.0.0.0/8,::1/128**: List of IP addresses and networks separated by comma of trusted proxy servers. Use `*` to trust all.
- `DISABLE_GIT_HOOKS`: **true**: Set to `false` to enable users with git hook privilege to create custom git hooks.
WARNING: Custom git hooks can be used to perform arbitrary code execution on the host operating system.
This enables the users to access and modify this config file and the Gitea database and interrupt the Gitea service.