Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add an option to trust headers set by reverse proxies #1162

Merged
merged 4 commits into from
Nov 6, 2018
Merged

Add an option to trust headers set by reverse proxies #1162

merged 4 commits into from
Nov 6, 2018

Conversation

carnage
Copy link
Contributor

@carnage carnage commented Sep 16, 2018

eg Cloudflare, kubernetes ingresses etc

Going to tidy up and test this tomorrow, putting in a PR as a reminder

@carnage carnage changed the title Add an option to trust headers set by reverse proxies WIP: Add an option to trust headers set by reverse proxies Sep 16, 2018
@carnage carnage changed the title WIP: Add an option to trust headers set by reverse proxies Add an option to trust headers set by reverse proxies Sep 21, 2018
chartjes
chartjes requested changes Oct 4, 2018
View reviewed changes
README.md Outdated
@@ -252,6 +252,10 @@ mail:
encryption: tls
auth_mode: ~
```
### [Running behind a trusted proxy](#run-trusted-proxy)

If you are running open cfp behing a proxy server which adds X-Forwarded-For headers (this could be a cloud based load balancer or a service such as cloudflare) you will need to set the environment variable TRUST_PROXIES to true this will ensure that opencfp trusts the headers set by these proxies for the original IP address and ssl mode. Setting this will trust these headers regardless of where the original request originates, so it's advisable to either lock down your instance so that only the trusted proxy can access it, or modifiy the list of trusted proxies in the index.php file to only include the ip addresses of your proxies.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The project name is OpenCFP

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also: modifiy should be modify

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apologies for chiming it, but I think it also should be Cloudflare, see https://www.cloudflare.com.

@localheinz
Copy link
Contributor

@carnage

Can you take another look, please?

@carnage
Copy link
Contributor Author

carnage commented Oct 13, 2018

Yep, just haven't had time yet

@chartjes chartjes merged commit 8eca7a2 into opencfp:master Nov 6, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@drbyte drbyte drbyte left review comments

@localheinz localheinz localheinz left review comments

@chartjes chartjes chartjes approved these changes

Assignees

@carnage carnage

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@carnage @localheinz @chartjes @drbyte