From 2c71f995b73774d5b910d49a024e51c4ac902f3a Mon Sep 17 00:00:00 2001 From: Runxi Yu Date: Sat, 22 Mar 2025 20:55:25 +0800 Subject: Support X-Forwarded-For for reverse proxies --- config.go | 1 + forge.scfg | 9 ++++++++- http_server.go | 13 ++++++++++++- 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/config.go b/config.go index 3721fd6..28e90e8 100644 --- a/config.go +++ b/config.go @@ -24,6 +24,7 @@ var config struct { ReadTimeout uint `scfg:"read_timeout"` WriteTimeout uint `scfg:"write_timeout"` IdleTimeout uint `scfg:"idle_timeout"` + ReverseProxy bool `scfg:"reverse_proxy"` } `scfg:"http"` Hooks struct { Socket string `scfg:"socket"` diff --git a/forge.scfg b/forge.scfg index e2b703e..5003b75 100644 --- a/forge.scfg +++ b/forge.scfg @@ -14,9 +14,16 @@ http { # What is the canonical URL of the web root? root https://forge.example.org + # General HTTP server context timeout settings. It's recommended to + # set them slightly higher than usual as Git operations over large + # repos may take a long time. read_timeout 120 - write_timeout 120 + write_timeout 1800 idle_timeout 120 + + # Are we running behind a reverse proxy? If so, we will trust + # X-Forwarded-For headers. + reverse_proxy true } irc { diff --git a/http_server.go b/http_server.go index c86dae6..6531748 100644 --- a/http_server.go +++ b/http_server.go @@ -16,7 +16,18 @@ import ( type forgeHTTPRouter struct{} func (router *forgeHTTPRouter) ServeHTTP(writer http.ResponseWriter, request *http.Request) { - clog.Info("Incoming HTTP: " + request.RemoteAddr + " " + request.Method + " " + request.RequestURI) + var remoteAddr string + if config.HTTP.ReverseProxy { + remoteAddrs, ok := request.Header["X-Forwarded-For"] + if ok && len(remoteAddrs) == 1 { + remoteAddr = remoteAddrs[0] + } else { + remoteAddr = request.RemoteAddr + } + } else { + remoteAddr = request.RemoteAddr + } + clog.Info("Incoming HTTP: " + remoteAddr + " " + request.Method + " " + request.RequestURI) var segments []string var err error -- cgit v1.2.3