diff options
| author | dosera <doser.andre@gmail.com> | 2021-07-16 11:04:52 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-07-16 10:04:52 +0100 |
| commit | 95f40047efe5bf9cf0d32315a2b95f04217f613a (patch) | |
| tree | f43955c827c2a6858f43660edf71778bed4020b3 /docs | |
| parent | 7b31aae414fe8c4117ffd2d2c284d111e52f700e (diff) | |
| download | gitea-95f40047efe5bf9cf0d32315a2b95f04217f613a.tar.gz gitea-95f40047efe5bf9cf0d32315a2b95f04217f613a.zip | |
Extend the fail2ban instructions with a hint on how to make X-Real-IP… (#16446)
Following the merging of #14959 - Gitea is a lot more strict regarding the interpretation of `X-Real-IP` and `X-Forwarded-For` headers.
This PR updates the fail2ban documentation to include hints to set: `REVERSE_PROXY_TRUSTED_PROXIES` and `REVERSE_PROXY_LIMIT` appropriately.
See discussion in #16443
Co-authored-by: zeripath <art27@cantab.net>
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/content/doc/usage/fail2ban-setup.en-us.md | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/docs/content/doc/usage/fail2ban-setup.en-us.md b/docs/content/doc/usage/fail2ban-setup.en-us.md index f96cf889a3..0821b23a9f 100644 --- a/docs/content/doc/usage/fail2ban-setup.en-us.md +++ b/docs/content/doc/usage/fail2ban-setup.en-us.md @@ -108,3 +108,12 @@ this to your Nginx configuration so that IPs don't show up as 127.0.0.1: ``` proxy_set_header X-Real-IP $remote_addr; ``` + +The security options in `app.ini` need to be adjusted to allow the interpretation of the headers +as well as the list of IP addresses and networks that describe trusted proxy servers +(See the [configuration cheat sheet](https://docs.gitea.io/en-us/config-cheat-sheet/#security-security) for more information). + +``` +REVERSE_PROXY_LIMIT = 1 +REVERSE_PROXY_TRUSTED_PROXIES = 127.0.0.1/8 ; 172.17.0.0/16 for the docker default network +``` |