Platform/pm 2138/add nginx to known proxies (#3012)

* Add nginx to known proxies * Only add nginx proxy if standard self host deployment * Style changes * Add forwarded headers config to events server * Add known proxy forwarding to missing services * Catch DNS errors in adding nginx proxy * Update src/SharedWeb/Utilities/ServiceCollectionExtensions.cs Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com> --------- Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
2025-04-02 18:06:07 +02:00 · 2023-06-14 09:33:26 -05:00 · 2023-06-14 09:33:26 -05:00 · bdd5e0916e
commit bdd5e0916e
parent 73c721ede3
5 changed files with 34 additions and 3 deletions
--- a/bitwarden_license/src/Scim/Startup.cs
+++ b/bitwarden_license/src/Scim/Startup.cs
@ -93,6 +93,12 @@ public class Startup
        // Add general security headers
        app.UseMiddleware<SecurityHeadersMiddleware>();

+        // Forwarding Headers
+        if (globalSettings.SelfHosted)
+        {
+            app.UseForwardedHeaders(globalSettings);
+        }
+
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
--- a/src/Events/Startup.cs
+++ b/src/Events/Startup.cs
@ -93,6 +93,12 @@ public class Startup
        // Add general security headers
        app.UseMiddleware<SecurityHeadersMiddleware>();

+        // Forwarding Headers
+        if (globalSettings.SelfHosted)
+        {
+            app.UseForwardedHeaders(globalSettings);
+        }
+
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
--- a/src/Icons/Startup.cs
+++ b/src/Icons/Startup.cs
@ -55,6 +55,12 @@ public class Startup
        // Add general security headers
        app.UseMiddleware<SecurityHeadersMiddleware>();

+        // Forwarding Headers
+        if (globalSettings.SelfHosted)
+        {
+            app.UseForwardedHeaders(globalSettings);
+        }
+
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
--- a/src/Notifications/Startup.cs
+++ b/src/Notifications/Startup.cs
@ -90,6 +90,12 @@ public class Startup
        // Add general security headers
        app.UseMiddleware<SecurityHeadersMiddleware>();

+        // Forwarding Headers
+        if (globalSettings.SelfHosted)
+        {
+            app.UseForwardedHeaders(globalSettings);
+        }
+
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
--- a/src/SharedWeb/Utilities/ServiceCollectionExtensions.cs
+++ b/src/SharedWeb/Utilities/ServiceCollectionExtensions.cs
@ -540,10 +540,17 @@ public static class ServiceCollectionExtensions
        if (!globalSettings.UnifiedDeployment)
        {
            // Trust the X-Forwarded-Host header of the nginx docker container
-            var nginxIp = Dns.GetHostEntry("nginx").AddressList.FirstOrDefault();
-            if (nginxIp != null)
+            try
            {
-                options.KnownProxies.Add(nginxIp);
+                var nginxIp = Dns.GetHostEntry("nginx")?.AddressList.FirstOrDefault();
+                if (nginxIp != null)
+                {
+                    options.KnownProxies.Add(nginxIp);
+                }
+            }
+            catch
+            {
+                // Ignore DNS errors
            }
        }