diff options
author | Lauris BH <lauris@nix.lv> | 2021-03-16 00:27:28 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-03-16 00:27:28 +0200 |
commit | 044cd4d016196e8c7091eee90b7e6f230bba142f (patch) | |
tree | 35f060380813f99588966339c5ddf796a8b8c451 /routers/routes | |
parent | 6e423d5573c20b78d6e21cb044e8f4d5de5b288a (diff) | |
download | gitea-044cd4d016196e8c7091eee90b7e6f230bba142f.tar.gz gitea-044cd4d016196e8c7091eee90b7e6f230bba142f.zip |
Add reverse proxy configuration support for remote IP address (#14959)
* Add reverse proxy configuration support for remote IP address validation
* Trust all IP addresses in containerized environments by default
* Use single option to specify networks and proxy IP addresses. By default trust all loopback IPs
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Diffstat (limited to 'routers/routes')
-rw-r--r-- | routers/routes/web.go | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/routers/routes/web.go b/routers/routes/web.go index 08faa274a5..166b4286a8 100644 --- a/routers/routes/web.go +++ b/routers/routes/web.go @@ -46,6 +46,7 @@ import ( "gitea.com/go-chi/captcha" "gitea.com/go-chi/session" "github.com/NYTimes/gziphandler" + "github.com/chi-middleware/proxy" "github.com/go-chi/chi/middleware" "github.com/go-chi/cors" "github.com/prometheus/client_golang/prometheus" @@ -65,14 +66,30 @@ func commonMiddlewares() []func(http.Handler) http.Handler { next.ServeHTTP(context.NewResponse(resp), req) }) }, - middleware.RealIP, - middleware.StripSlashes, } + + if setting.ReverseProxyLimit > 0 { + opt := proxy.NewForwardedHeadersOptions(). + WithForwardLimit(setting.ReverseProxyLimit). + ClearTrustedProxies() + for _, n := range setting.ReverseProxyTrustedProxies { + if !strings.Contains(n, "/") { + opt.AddTrustedProxy(n) + } else { + opt.AddTrustedNetwork(n) + } + } + handlers = append(handlers, proxy.ForwardedHeaders(opt)) + } + + handlers = append(handlers, middleware.StripSlashes) + if !setting.DisableRouterLog && setting.RouterLogLevel != log.NONE { if log.GetLogger("router").GetLevel() <= setting.RouterLogLevel { handlers = append(handlers, LoggerHandler(setting.RouterLogLevel)) } } + handlers = append(handlers, func(next http.Handler) http.Handler { return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) { // Why we need this? The Recovery() will try to render a beautiful |