Browse Source
Extend the fail2ban instructions with a hint on how to make X-Real-IP… (#16446)
Following the merging of #14959 - Gitea is a lot more strict regarding the interpretation of `X-Real-IP` and `X-Forwarded-For` headers. This PR updates the fail2ban documentation to include hints to set: `REVERSE_PROXY_TRUSTED_PROXIES` and `REVERSE_PROXY_LIMIT` appropriately. See discussion in #16443 Co-authored-by: zeripath <art27@cantab.net>tags/v1.16.0-rc1
dosera
2 years ago
1 changed files with 9 additions and 0 deletions
+ 9
- 0
docs/content/doc/usage/fail2ban-setup.en-us.md
View File
| @@ -108,3 +108,12 @@ this to your Nginx configuration so that IPs don't show up as 127.0.0.1: | |||
| ``` | |||
| proxy_set_header X-Real-IP $remote_addr; | |||
| ``` | |||
| The security options in `app.ini` need to be adjusted to allow the interpretation of the headers | |||
| as well as the list of IP addresses and networks that describe trusted proxy servers | |||
| (See the [configuration cheat sheet](https://docs.gitea.io/en-us/config-cheat-sheet/#security-security) for more information). | |||
| ``` | |||
| REVERSE_PROXY_LIMIT = 1 | |||
| REVERSE_PROXY_TRUSTED_PROXIES = 127.0.0.1/8 ; 172.17.0.0/16 for the docker default network | |||
| ``` | |||
Loading…