mirror of
https://github.com/bitwarden/server.git
synced 2024-11-25 12:45:18 +01:00
Add nginx to known proxies (#3002)
* Add nginx to known proxies * Only add nginx proxy if standard self host deployment * Style changes
This commit is contained in:
parent
746dec6496
commit
e27ab5d6c3
@ -194,6 +194,7 @@ ENV BW_ENABLE_SSO=false
|
||||
ENV BW_DB_FILE="/etc/bitwarden/vault.db"
|
||||
ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
|
||||
ENV globalSettings__selfHosted="true"
|
||||
ENV globalSettings__unifiedDeployment="true"
|
||||
ENV globalSettings__pushRelayBaseUri="https://push.bitwarden.com"
|
||||
ENV globalSettings__baseServiceUri__internalAdmin="http://localhost:5000"
|
||||
ENV globalSettings__baseServiceUri__internalApi="http://localhost:5001"
|
||||
|
@ -17,6 +17,7 @@ public class GlobalSettings : IGlobalSettings
|
||||
}
|
||||
|
||||
public bool SelfHosted { get; set; }
|
||||
public bool UnifiedDeployment { get; set; }
|
||||
public virtual string KnownProxies { get; set; }
|
||||
public virtual string SiteName { get; set; }
|
||||
public virtual string ProjectName { get; set; }
|
||||
|
@ -6,6 +6,8 @@ public interface IGlobalSettings
|
||||
{
|
||||
// This interface exists for testing. Add settings here as needed for testing
|
||||
bool SelfHosted { get; set; }
|
||||
bool UnifiedDeployment { get; set; }
|
||||
string KnownProxies { get; set; }
|
||||
bool EnableCloudCommunication { get; set; }
|
||||
string LicenseDirectory { get; set; }
|
||||
string LicenseCertificatePassword { get; set; }
|
||||
|
@ -1,4 +1,5 @@
|
||||
using System.Reflection;
|
||||
using System.Net;
|
||||
using System.Reflection;
|
||||
using System.Security.Claims;
|
||||
using System.Security.Cryptography.X509Certificates;
|
||||
using AspNetCoreRateLimit;
|
||||
@ -529,18 +530,29 @@ public static class ServiceCollectionExtensions
|
||||
});
|
||||
}
|
||||
|
||||
public static void UseForwardedHeaders(this IApplicationBuilder app, GlobalSettings globalSettings)
|
||||
public static void UseForwardedHeaders(this IApplicationBuilder app, IGlobalSettings globalSettings)
|
||||
{
|
||||
var options = new ForwardedHeadersOptions
|
||||
{
|
||||
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
|
||||
};
|
||||
|
||||
if (!globalSettings.UnifiedDeployment)
|
||||
{
|
||||
// Trust the X-Forwarded-Host header of the nginx docker container
|
||||
var nginxIp = Dns.GetHostEntry("nginx").AddressList.FirstOrDefault();
|
||||
if (nginxIp != null)
|
||||
{
|
||||
options.KnownProxies.Add(nginxIp);
|
||||
}
|
||||
}
|
||||
|
||||
if (!string.IsNullOrWhiteSpace(globalSettings.KnownProxies))
|
||||
{
|
||||
var proxies = globalSettings.KnownProxies.Split(',');
|
||||
foreach (var proxy in proxies)
|
||||
{
|
||||
if (System.Net.IPAddress.TryParse(proxy.Trim(), out var ip))
|
||||
if (IPAddress.TryParse(proxy.Trim(), out var ip))
|
||||
{
|
||||
options.KnownProxies.Add(ip);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user