summaryrefslogtreecommitdiffstats
path: root/custom
diff options
context:
space:
mode:
authorzeripath <art27@cantab.net>2022-08-21 19:20:43 +0100
committerGitHub <noreply@github.com>2022-08-21 19:20:43 +0100
commit943753f560fab8bb01946618b16c694bc2032827 (patch)
treed4faa0f8bde73d61ee00d7252ceb79f8334088b1 /custom
parent0b4c166e8a90beeb1e71ee2fc16b3a240517c82d (diff)
downloadgitea-943753f560fab8bb01946618b16c694bc2032827.tar.gz
gitea-943753f560fab8bb01946618b16c694bc2032827.zip
Support Proxy protocol (#12527)
This PR adds functionality to allow Gitea to sit behind an HAProxy and HAProxy protocolled connections directly. Fix #7508 Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'custom')
-rw-r--r--custom/conf/app.example.ini22
1 files changed, 21 insertions, 1 deletions
diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index 5e612fb428..0949c3d399 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -29,6 +29,18 @@ RUN_MODE = ; prod
;; The protocol the server listens on. One of 'http', 'https', 'unix' or 'fcgi'. Defaults to 'http'
;PROTOCOL = http
;;
+;; Expect PROXY protocol headers on connections
+;USE_PROXY_PROTOCOL = false
+;;
+;; Use PROXY protocol in TLS Bridging mode
+;PROXY_PROTOCOL_TLS_BRIDGING = false
+;;
+; Timeout to wait for PROXY protocol header (set to 0 to have no timeout)
+;PROXY_PROTOCOL_HEADER_TIMEOUT=5s
+;;
+; Accept PROXY protocol headers with UNKNOWN type
+;PROXY_PROTOCOL_ACCEPT_UNKNOWN=false
+;;
;; Set the domain for the server
;DOMAIN = localhost
;;
@@ -51,6 +63,8 @@ RUN_MODE = ; prod
;REDIRECT_OTHER_PORT = false
;PORT_TO_REDIRECT = 80
;;
+;; expect PROXY protocol header on connections to https redirector.
+;REDIRECTOR_USE_PROXY_PROTOCOL = %(USE_PROXY_PROTOCOL)
;; Minimum and maximum supported TLS versions
;SSL_MIN_VERSION=TLSv1.2
;SSL_MAX_VERSION=
@@ -76,13 +90,19 @@ RUN_MODE = ; prod
;; Do not set this variable if PROTOCOL is set to 'unix'.
;LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
;;
+;; When making local connections pass the PROXY protocol header.
+;LOCAL_USE_PROXY_PROTOCOL = %(USE_PROXY_PROTOCOL)
+;;
;; Disable SSH feature when not available
;DISABLE_SSH = false
;;
;; Whether to use the builtin SSH server or not.
;START_SSH_SERVER = false
;;
-;; Username to use for the builtin SSH server.
+;; Expect PROXY protocol header on connections to the built-in SSH server
+;SSH_SERVER_USE_PROXY_PROTOCOL = false
+;;
+;; Username to use for the builtin SSH server. If blank, then it is the value of RUN_USER.
;BUILTIN_SSH_SERVER_USER = %(RUN_USER)s
;;
;; Domain name to be exposed in clone URL