external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(docker): correct proxy configuration

Browse source 
- On non-localhost communication, this whitelists forwarded headers
  on all remote ips
- Add more headers
- Force https X-Forwarded-Proto
- Unset Forwarded header and rely on X-Forwarded-*

Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit is contained in:
Kevin Morris 2022-01-15 20:11:51 -08:00
parent ec3295ffd4
commit 0f4ead759c
No known key found for this signature in database
GPG key ID: F7E46DED420788F3
2 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
docker/config/nginx.conf
View file

@ -137,8 +137,9 @@ http {
location / { location / {
proxy_pass http://asgi_backend; proxy_pass http://asgi_backend;
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Protocol ssl;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-Ssl on;
} }
} }

2
docker/scripts/run-fastapi.sh
View file

@ -23,6 +23,8 @@ elif [ "$1" == "gunicorn" ]; then
exec gunicorn \ exec gunicorn \
--log-config /docker/logging.conf \ --log-config /docker/logging.conf \
--bind "0.0.0.0:8000" \ --bind "0.0.0.0:8000" \
--proxy-protocol \
--forwarded-allow-ips "*" \
-w $FASTAPI_WORKERS \ -w $FASTAPI_WORKERS \
-k uvicorn.workers.UvicornWorker \ -k uvicorn.workers.UvicornWorker \
aurweb.asgi:app aurweb.asgi:app