diff options
| author | Haelwenn <contact+git.pleroma.social@hacktivis.me> | 2020-10-08 17:29:00 +0000 |
|---|---|---|
| committer | Haelwenn <contact+git.pleroma.social@hacktivis.me> | 2020-10-08 17:29:00 +0000 |
| commit | 74be4de3f6c2c34447029649526637411acfa9f3 (patch) | |
| tree | c221ef7a67c9b8ebd6e7d1c4fd5523fda6b8b0f7 /config | |
| parent | f9ece1a7f65dc13a867c40ccf08f8973e822e6f2 (diff) | |
| parent | a702f9fb5bff78c99014838eb8f678c30913bd59 (diff) | |
| download | pleroma-74be4de3f6c2c34447029649526637411acfa9f3.tar.gz | |
Merge branch 'fix/2209-remoteip' into 'develop'
#2209 RemoteIP CIDR helper, config and doc improvements
See merge request pleroma/pleroma!3057
Diffstat (limited to 'config')
| -rw-r--r-- | config/config.exs | 13 | ||||
| -rw-r--r-- | config/description.exs | 12 |
2 files changed, 19 insertions, 6 deletions
diff --git a/config/config.exs b/config/config.exs index 2e6b0796a..d53663d36 100644 --- a/config/config.exs +++ b/config/config.exs @@ -677,7 +677,18 @@ config :pleroma, :rate_limit, config :pleroma, Pleroma.Workers.PurgeExpiredActivity, enabled: true, min_lifetime: 600 -config :pleroma, Pleroma.Plugs.RemoteIp, enabled: true +config :pleroma, Pleroma.Plugs.RemoteIp, + enabled: true, + headers: ["x-forwarded-for"], + proxies: [], + reserved: [ + "127.0.0.0/8", + "::1/128", + "fc00::/7", + "10.0.0.0/8", + "172.16.0.0/12", + "192.168.0.0/16" + ] config :pleroma, :static_fe, enabled: false diff --git a/config/description.exs b/config/description.exs index 6fa78a5d1..3902b9632 100644 --- a/config/description.exs +++ b/config/description.exs @@ -3265,20 +3265,22 @@ config :pleroma, :config_description, [ %{ key: :headers, type: {:list, :string}, - description: - "A list of strings naming the `req_headers` to use when deriving the `remote_ip`. Order does not matter. Default: `~w[forwarded x-forwarded-for x-client-ip x-real-ip]`." + description: """ + A list of strings naming the HTTP headers to use when deriving the true client IP. Default: `["x-forwarded-for"]`. + """ }, %{ key: :proxies, type: {:list, :string}, description: - "A list of strings in [CIDR](https://en.wikipedia.org/wiki/CIDR) notation specifying the IPs of known proxies. Default: `[]`." + "A list of upstream proxy IP subnets in CIDR notation from which we will parse the content of `headers`. Defaults to `[]`. IPv4 entries without a bitmask will be assumed to be /32 and IPv6 /128." }, %{ key: :reserved, type: {:list, :string}, - description: - "Defaults to [localhost](https://en.wikipedia.org/wiki/Localhost) and [private network](https://en.wikipedia.org/wiki/Private_network)." + description: """ + A list of reserved IP subnets in CIDR notation which should be ignored if found in `headers`. Defaults to `["127.0.0.0/8", "::1/128", "fc00::/7", "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]` + """ } ] }, |