network: add trusted ips
This allows the user to set trusted ips to Cloudflare or some other CDN and have the logs have the correct IPs. fixes #801
This commit is contained in:
@@ -27,7 +27,10 @@ exports = module.exports = {
|
||||
removeAppConfigs,
|
||||
restoreFallbackCertificates,
|
||||
|
||||
handleCertificateProviderChanged
|
||||
handleCertificateProviderChanged,
|
||||
|
||||
getTrustedIps,
|
||||
setTrustedIps
|
||||
};
|
||||
|
||||
const acme2 = require('./acme2.js'),
|
||||
@@ -52,7 +55,8 @@ const acme2 = require('./acme2.js'),
|
||||
settings = require('./settings.js'),
|
||||
shell = require('./shell.js'),
|
||||
sysinfo = require('./sysinfo.js'),
|
||||
util = require('util');
|
||||
util = require('util'),
|
||||
validator = require('validator');
|
||||
|
||||
const NGINX_APPCONFIG_EJS = fs.readFileSync(__dirname + '/nginxconfig.ejs', { encoding: 'utf8' });
|
||||
const RESTART_SERVICE_CMD = path.join(__dirname, 'scripts/restartservice.sh');
|
||||
@@ -728,3 +732,25 @@ async function handleCertificateProviderChanged(domain) {
|
||||
|
||||
safe.fs.appendFileSync(paths.REVERSE_PROXY_REBUILD_FILE, `${domain}\n`, 'utf8');
|
||||
}
|
||||
|
||||
async function getTrustedIps() {
|
||||
return await settings.getTrustedIps();
|
||||
}
|
||||
|
||||
async function setTrustedIps(trustedIps) {
|
||||
assert.strictEqual(typeof trustedIps, 'string');
|
||||
|
||||
let trustedIpsConfig = 'real_ip_header X-Forwarded-For;\nreal_ip_recursive on;\n';
|
||||
|
||||
for (const line of trustedIps.split('\n')) {
|
||||
if (!line || line.startsWith('#')) continue;
|
||||
const rangeOrIP = line.trim();
|
||||
// this checks for IPv4 and IPv6
|
||||
if (!validator.isIP(rangeOrIP) && !validator.isIPRange(rangeOrIP)) throw new BoxError(BoxError.BAD_FIELD, `${rangeOrIP} is not a valid IP or range`);
|
||||
trustedIpsConfig += `set_real_ip_from ${rangeOrIP};\n`;
|
||||
}
|
||||
|
||||
await settings.setTrustedIps(trustedIps);
|
||||
if (!safe.fs.writeFileSync(paths.NGINX_TRUSTED_IPS_FILE, trustedIpsConfig, 'utf8')) throw new BoxError(BoxError.FS_ERROR, safe.error.message);
|
||||
await reload();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user