caddyhttp: Add trusted_proxies_unix for trusting unix socket X-Forwarded-* headers
#7265
Conversation
|
|
|
Thanks! Let's make it a boolean instead of int, the reason strict is an int is because it's meant to have the dual purpose (eventually) to mean the N-th IP (iirc) from the right of the XFF header. Also please add a Caddyfile adapt test (look for |
Makes sense, created a .caddyfiletest and changed to bool. Let me know if i need more for the adapt side. Also I have no clue what is actually failing on the last CI build on Mac OS |
|
@francislavoie is this likely to get merged, or should I open a PR for a different approach? |
|
Yes sorry, it will be merged soon. It fell off my radar. |
francislavoie
force-pushed
the
trust-unix-sockets
branch
from
b6d1dd5 to
998747a
Compare
francislavoie
changed the title
trusted_proxies_unix for trusting unix socket X-Forwarded-* headers
francislavoie
force-pushed
the
trust-unix-sockets
branch
from
998747a to
f9199c7
Compare
Added a new server configuration option `trusted_proxies_unix` to support trusting connections to a `bind unix://path.sock`. This also works with strict mode enabled `trusted_proxies_strict`. This allows for seamless setup of `(tcp:443) -> caddy -> (unix socket) -> caddy -> php_fastcgi` to have the correct remote address available. Fixes caddyserver#7263
Added .caddyfiletest case for trusted_proxies_unix
francislavoie
force-pushed
the
trust-unix-sockets
branch
from
68272ac to
315954e
Compare
3 participants
Added a new server configuration option
trusted_proxies_unixto support trusting connections to abind unix://path.sock. This also works with strict mode enabledtrusted_proxies_strict.This allows for seamless setup of
(tcp:443) -> caddy -> (unix socket) -> caddy -> php_fastcgito have the correct remote address available.Fixes #7263
Assistance Disclosure
"Copilot provided tab completion for code and comments."