summaryrefslogtreecommitdiffstats
path: root/routers/routes
diff options
context:
space:
mode:
authorLauris BH <lauris@nix.lv>2021-03-16 00:27:28 +0200
committerGitHub <noreply@github.com>2021-03-16 00:27:28 +0200
commit044cd4d016196e8c7091eee90b7e6f230bba142f (patch)
tree35f060380813f99588966339c5ddf796a8b8c451 /routers/routes
parent6e423d5573c20b78d6e21cb044e8f4d5de5b288a (diff)
downloadgitea-044cd4d016196e8c7091eee90b7e6f230bba142f.tar.gz
gitea-044cd4d016196e8c7091eee90b7e6f230bba142f.zip
Add reverse proxy configuration support for remote IP address (#14959)
* Add reverse proxy configuration support for remote IP address validation * Trust all IP addresses in containerized environments by default * Use single option to specify networks and proxy IP addresses. By default trust all loopback IPs Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Diffstat (limited to 'routers/routes')
-rw-r--r--routers/routes/web.go21
1 files changed, 19 insertions, 2 deletions
diff --git a/routers/routes/web.go b/routers/routes/web.go
index 08faa274a5..166b4286a8 100644
--- a/routers/routes/web.go
+++ b/routers/routes/web.go
@@ -46,6 +46,7 @@ import (
"gitea.com/go-chi/captcha"
"gitea.com/go-chi/session"
"github.com/NYTimes/gziphandler"
+ "github.com/chi-middleware/proxy"
"github.com/go-chi/chi/middleware"
"github.com/go-chi/cors"
"github.com/prometheus/client_golang/prometheus"
@@ -65,14 +66,30 @@ func commonMiddlewares() []func(http.Handler) http.Handler {
next.ServeHTTP(context.NewResponse(resp), req)
})
},
- middleware.RealIP,
- middleware.StripSlashes,
}
+
+ if setting.ReverseProxyLimit > 0 {
+ opt := proxy.NewForwardedHeadersOptions().
+ WithForwardLimit(setting.ReverseProxyLimit).
+ ClearTrustedProxies()
+ for _, n := range setting.ReverseProxyTrustedProxies {
+ if !strings.Contains(n, "/") {
+ opt.AddTrustedProxy(n)
+ } else {
+ opt.AddTrustedNetwork(n)
+ }
+ }
+ handlers = append(handlers, proxy.ForwardedHeaders(opt))
+ }
+
+ handlers = append(handlers, middleware.StripSlashes)
+
if !setting.DisableRouterLog && setting.RouterLogLevel != log.NONE {
if log.GetLogger("router").GetLevel() <= setting.RouterLogLevel {
handlers = append(handlers, LoggerHandler(setting.RouterLogLevel))
}
}
+
handlers = append(handlers, func(next http.Handler) http.Handler {
return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
// Why we need this? The Recovery() will try to render a beautiful