Support X-Forwarded-For for reverse proxies

3 files changed, 21 insertions, 2 deletions

diff --git a/config.go b/config.go
index 3721fd6..28e90e8 100644
--- a/config.go
+++ b/config.go
@@ -24,6 +24,7 @@ var config struct {
 		ReadTimeout  uint   `scfg:"read_timeout"`
 		WriteTimeout uint   `scfg:"write_timeout"`
 		IdleTimeout  uint   `scfg:"idle_timeout"`
+		ReverseProxy bool   `scfg:"reverse_proxy"`
 	} `scfg:"http"`
 	Hooks struct {
 		Socket string `scfg:"socket"`
diff --git a/forge.scfg b/forge.scfg
index e2b703e..5003b75 100644
--- a/forge.scfg
+++ b/forge.scfg
@@ -14,9 +14,16 @@ http {
 	# What is the canonical URL of the web root?
 	root https://forge.example.org
 
+	# General HTTP server context timeout settings. It's recommended to
+	# set them slightly higher than usual as Git operations over large
+	# repos may take a long time.
 	read_timeout 120
-	write_timeout 120
+	write_timeout 1800
 	idle_timeout 120
+
+	# Are we running behind a reverse proxy? If so, we will trust
+	# X-Forwarded-For headers.
+	reverse_proxy true
 }
 
 irc {
diff --git a/http_server.go b/http_server.go
index c86dae6..6531748 100644
--- a/http_server.go
+++ b/http_server.go
@@ -16,7 +16,18 @@ import (
 type forgeHTTPRouter struct{}
 
 func (router *forgeHTTPRouter) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
-	clog.Info("Incoming HTTP: " + request.RemoteAddr + " " + request.Method + " " + request.RequestURI)
+	var remoteAddr string
+	if config.HTTP.ReverseProxy {
+		remoteAddrs, ok := request.Header["X-Forwarded-For"]
+		if ok && len(remoteAddrs) == 1 {
+			remoteAddr = remoteAddrs[0]
+		} else {
+			remoteAddr = request.RemoteAddr
+		}
+	} else {
+		remoteAddr = request.RemoteAddr
+	}
+	clog.Info("Incoming HTTP: " + remoteAddr + " " + request.Method + " " + request.RequestURI)
 
 	var segments []string
 	var err error