1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-25 12:45:18 +01:00

Add nginx to known proxies (#3002)

* Add nginx to known proxies

* Only add nginx proxy if standard self host deployment

* Style changes
This commit is contained in:
Matt Gibson 2023-06-08 08:41:36 -05:00 committed by GitHub
parent 746dec6496
commit e27ab5d6c3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 19 additions and 3 deletions

View File

@ -194,6 +194,7 @@ ENV BW_ENABLE_SSO=false
ENV BW_DB_FILE="/etc/bitwarden/vault.db"
ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
ENV globalSettings__selfHosted="true"
ENV globalSettings__unifiedDeployment="true"
ENV globalSettings__pushRelayBaseUri="https://push.bitwarden.com"
ENV globalSettings__baseServiceUri__internalAdmin="http://localhost:5000"
ENV globalSettings__baseServiceUri__internalApi="http://localhost:5001"

View File

@ -17,6 +17,7 @@ public class GlobalSettings : IGlobalSettings
}
public bool SelfHosted { get; set; }
public bool UnifiedDeployment { get; set; }
public virtual string KnownProxies { get; set; }
public virtual string SiteName { get; set; }
public virtual string ProjectName { get; set; }

View File

@ -6,6 +6,8 @@ public interface IGlobalSettings
{
// This interface exists for testing. Add settings here as needed for testing
bool SelfHosted { get; set; }
bool UnifiedDeployment { get; set; }
string KnownProxies { get; set; }
bool EnableCloudCommunication { get; set; }
string LicenseDirectory { get; set; }
string LicenseCertificatePassword { get; set; }

View File

@ -1,4 +1,5 @@
using System.Reflection;
using System.Net;
using System.Reflection;
using System.Security.Claims;
using System.Security.Cryptography.X509Certificates;
using AspNetCoreRateLimit;
@ -529,18 +530,29 @@ public static class ServiceCollectionExtensions
});
}
public static void UseForwardedHeaders(this IApplicationBuilder app, GlobalSettings globalSettings)
public static void UseForwardedHeaders(this IApplicationBuilder app, IGlobalSettings globalSettings)
{
var options = new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
};
if (!globalSettings.UnifiedDeployment)
{
// Trust the X-Forwarded-Host header of the nginx docker container
var nginxIp = Dns.GetHostEntry("nginx").AddressList.FirstOrDefault();
if (nginxIp != null)
{
options.KnownProxies.Add(nginxIp);
}
}
if (!string.IsNullOrWhiteSpace(globalSettings.KnownProxies))
{
var proxies = globalSettings.KnownProxies.Split(',');
foreach (var proxy in proxies)
{
if (System.Net.IPAddress.TryParse(proxy.Trim(), out var ip))
if (IPAddress.TryParse(proxy.Trim(), out var ip))
{
options.KnownProxies.Add(ip);
}