Permalink
Browse files

minor #4113 tweaks to the new reverse proxy/load balancer chapter (xa…

…bbuh)

This PR was merged into the 2.3 branch.

Discussion
----------

tweaks to the new reverse proxy/load balancer chapter

| Q             | A
| ------------- | ---
| Doc fix?      | yes
| New docs?     | no
| Applies to    | all
| Fixed tickets |

Commits
-------

bbc2f11 fix code block
6943da8 fix a headline
12840b1 improve linking between proxy config sections
  • Loading branch information...
weaverryan committed Aug 15, 2014
2 parents 4cce133 + bbc2f11 commit 12d0b825f158639928e0ea9acc9535cc4ffbd676
Showing with 11 additions and 10 deletions.
  1. +1 −1 book/http_cache.rst
  2. +10 −9 cookbook/request/load_balancer_reverse_proxy.rst
@@ -163,7 +163,7 @@ The caching kernel will immediately act as a reverse proxy - caching responses
from your application and returning them to the client.
Now that you're using a "proxy", you'll need to configure ``127.0.0.1`` under
the ``trusted_proxies`` configuration (see :ref:`reference <reference-framework-trusted-proxies>`).
the ``trusted_proxies`` configuration (see :ref:`the reference <reference-framework-trusted-proxies>`).
Without this, the client's IP address and a few other things won't report correctly.
.. tip::
@@ -1,5 +1,5 @@
How to Configure Symfony to Work behind a Load Balancer or Reverse Proxy
========================================================================
How to Configure Symfony to Work behind a Load Balancer or a Reverse Proxy
==========================================================================
When you deploy your application, you may be behind a load balancer (e.g.
an AWS Elastic Load Balancer) or a reverse proxy (e.g. Varnish for
@@ -60,7 +60,8 @@ and which reverse proxy IP addresses will be doing this type of thing:
In this example, you're saying that your reverse proxy (or proxies) has
the IP address ``192.0.0.1`` or matches the range of IP addresses that use
the CIDR notation ``10.0.0.0/8``. For more details, see :ref:`reference-framework-trusted-proxies`.
the CIDR notation ``10.0.0.0/8``. For more details, see the
:ref:`framework.trusted_proxies <reference-framework-trusted-proxies>` option.
That's it! Symfony will now look for the correct ``X-Forwarded-*`` headers
to get information like the client's IP address, host, port and whether or
@@ -80,13 +81,13 @@ In this case, you'll need to - *very carefully* - trust *all* proxies.
proxies, configure Symfony to *always* trust incoming request. This is
done inside of your front controller::
// web/app.php
// ...
// web/app.php
Request::setTrustedProxies(array($request->server->get('REMOTE_ADDR')));
// ...
Request::setTrustedProxies(array($request->server->get('REMOTE_ADDR')));
$response = $kernel->handle($request);
// ...
$response = $kernel->handle($request);
// ...
That's it! It's critical that you prevent traffic from all non-trusted sources.
If you allow outside traffic, they could "spoof" their true IP address and
@@ -97,7 +98,7 @@ My Reverse Proxy Uses Non-Standard (not X-Forwarded) Headers
Most reverse proxies store information on specific ``X-Forwarded-*`` headers.
But if your reverse proxy uses non-standard header names, you can configure
these (:doc:`see reference </components/http_foundation/trusting_proxies>`.
these (see ":doc:`/components/http_foundation/trusting_proxies`").
The code for doing this will need to live in your front controller (e.g. ``web/app.php``).
.. _`security groups`: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/using-elb-security-groups.html

0 comments on commit 12d0b82

Please sign in to comment.