mirror of
https://github.com/zadam/trilium.git
synced 2024-09-20 23:55:59 +08:00
Merge pull request #3038 from DynamoFox/support-reverse-proxy-trust
Add optional support to trust reverse proxies (via X-Forwarded-For)
This commit is contained in:
commit
0681ec9057
|
@ -21,3 +21,9 @@ https=false
|
|||
# path to certificate (run "bash bin/generate-cert.sh" to generate self-signed certificate). Relevant only if https=true
|
||||
certPath=
|
||||
keyPath=
|
||||
# setting to give trust to reverse proxies, a comma-separated list of trusted rev. proxy IPs can be specified (CIDR notation is permitted),
|
||||
# alternatively 'true' will make use of the leftmost IP in X-Forwarded-For, ultimately an integer can be used to tell about the number of hops between
|
||||
# Trilium (which is hop 0) and the first trusted rev. proxy.
|
||||
# once set, expressjs will use the X-Forwarded-For header set by the rev. proxy to determinate the real IPs of clients.
|
||||
# expressjs shortcuts are supported: loopback(127.0.0.1/8, ::1/128), linklocal(169.254.0.0/16, fe80::/10), uniquelocal(10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, fc00::/7)
|
||||
trustedReverseProxy=false
|
||||
|
|
8
src/www
8
src/www
|
@ -44,6 +44,14 @@ async function startTrilium() {
|
|||
app.set('port', usedPort);
|
||||
app.set('host', usedHost);
|
||||
|
||||
// Check from config whether to trust reverse proxies to supply user IPs, hostnames and protocols
|
||||
if (config['Network']['trustedReverseProxy']) {
|
||||
if (config['Network']['trustedReverseProxy'] === true || config['Network']['trustedReverseProxy'].trim().length) {
|
||||
app.set('trust proxy', config['Network']['trustedReverseProxy'])
|
||||
}
|
||||
}
|
||||
log.info('Trusted reverse proxy: ' + app.get('trust proxy'))
|
||||
|
||||
if (config['Network']['https']) {
|
||||
if (!config['Network']['keyPath'] || !config['Network']['keyPath'].trim().length) {
|
||||
throw new Error("keyPath in config.ini is required when https=true, but it's empty");
|
||||
|
|
Loading…
Reference in a new issue