From 044cd4d016196e8c7091eee90b7e6f230bba142f Mon Sep 17 00:00:00 2001 From: Lauris BH Date: Tue, 16 Mar 2021 00:27:28 +0200 Subject: Add reverse proxy configuration support for remote IP address (#14959) * Add reverse proxy configuration support for remote IP address validation * Trust all IP addresses in containerized environments by default * Use single option to specify networks and proxy IP addresses. By default trust all loopback IPs Co-authored-by: techknowlogick --- custom/conf/app.example.ini | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'custom') diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini index 6edf09e8ae..fe4fec7e92 100644 --- a/custom/conf/app.example.ini +++ b/custom/conf/app.example.ini @@ -549,6 +549,10 @@ COOKIE_REMEMBER_NAME = gitea_incredible ; Reverse proxy authentication header name of user name REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER REVERSE_PROXY_AUTHENTICATION_EMAIL = X-WEBAUTH-EMAIL +; Interpret X-Forwarded-For header or the X-Real-IP header and set this as the remote IP for the request +REVERSE_PROXY_LIMIT = 1 +; List of IP addresses and networks seperated by comma of trusted proxy servers. Use `*` to trust all. +REVERSE_PROXY_TRUSTED_PROXIES = 127.0.0.0/8,::1/128 ; The minimum password length for new Users MIN_PASSWORD_LENGTH = 6 ; Set to true to allow users to import local server paths -- cgit v1.2.3