diff --git a/INSTALLATION.md b/INSTALLATION.md index f39fd42..569c2a1 100644 --- a/INSTALLATION.md +++ b/INSTALLATION.md @@ -212,6 +212,44 @@ server { } ``` +And edit the docker-compose file as follow: + +```diff +version: "3" + +networks: + birdsitelivenetwork: + external: false + +services: + server: + image: nicolasconstant/birdsitelive:latest + restart: always + container_name: birdsitelive + environment: + - Instance:Domain=domain.name + - Instance:AdminEmail=name@domain.ext ++ - Instance:IpWhiteListing=127.0.0.1;127.0.0.2 ++ - Instance:EnableXRealIpHeader=true + - Db:Type=postgres + - Db:Host=db + - Db:Name=birdsitelive + - Db:User=birdsitelive + - Db:Password=birdsitelive + - Twitter:ConsumerKey=twitter.api.key + - Twitter:ConsumerSecret=twitter.api.key + networks: + - birdsitelivenetwork + ports: + - "5000:80" + depends_on: + - db + + db: + image: postgres:9.6 + [...] +``` + ## More options You can find more options available [here](https://github.com/NicolasConstant/BirdsiteLive/blob/master/VARIABLES.md) diff --git a/VARIABLES.md b/VARIABLES.md index 990e045..f43bddc 100644 --- a/VARIABLES.md +++ b/VARIABLES.md @@ -52,6 +52,7 @@ If both whitelisting and blacklisting are set, only the whitelisting will be act * `Instance:FailingFollowerCleanUpThreshold` (default: 30000) set the max allowed errors from a Follower (Fediverse) Account before auto-removal. (often due to account suppression, instance issues, etc) * `Instance:UserCacheCapacity` (default: 10000) set the caching limit of the Twitter User retrieval. Must be higher than the number of synchronized accounts on the instance. * `Instance:IpWhiteListing` IP Whitelisting (separated by `;`), prevent usage of the instance from other IPs than those provided (if provided). +* `Instance:EnableXRealIpHeader` (default: false) Enable support of X-Real-IP Header to get the remote IP (useful when using reverse proxy). # Docker Compose full example diff --git a/src/BirdsiteLive.Common/Settings/InstanceSettings.cs b/src/BirdsiteLive.Common/Settings/InstanceSettings.cs index 4526c1b..a67977c 100644 --- a/src/BirdsiteLive.Common/Settings/InstanceSettings.cs +++ b/src/BirdsiteLive.Common/Settings/InstanceSettings.cs @@ -17,5 +17,6 @@ public int UserCacheCapacity { get; set; } public string IpWhiteListing { get; set; } + public bool EnableXRealIpHeader { get; set; } } } diff --git a/src/BirdsiteLive/Middlewares/IpWhitelistingMiddleware.cs b/src/BirdsiteLive/Middlewares/IpWhitelistingMiddleware.cs index b8490ae..da4c275 100644 --- a/src/BirdsiteLive/Middlewares/IpWhitelistingMiddleware.cs +++ b/src/BirdsiteLive/Middlewares/IpWhitelistingMiddleware.cs @@ -13,6 +13,7 @@ namespace BirdsiteLive.Middlewares { private readonly RequestDelegate _next; private readonly ILogger _logger; + private readonly InstanceSettings _instanceSettings; private readonly byte[][] _safelist; private readonly bool _ipWhitelistingSet; @@ -34,6 +35,7 @@ namespace BirdsiteLive.Middlewares _next = next; _logger = logger; + _instanceSettings = instanceSettings; } public async Task Invoke(HttpContext context) @@ -42,11 +44,15 @@ namespace BirdsiteLive.Middlewares { var remoteIp = context.Connection.RemoteIpAddress; - var forwardedIp = context.Request.Headers.FirstOrDefault(x => x.Key == "X-Real-IP").Value.ToString(); - if (!string.IsNullOrWhiteSpace(forwardedIp)) + if (_instanceSettings.EnableXRealIpHeader) { - _logger.LogDebug("Redirected IP address detected"); - remoteIp = IPAddress.Parse(forwardedIp); + var forwardedIp = context.Request.Headers.FirstOrDefault(x => x.Key == "X-Real-IP").Value + .ToString(); + if (!string.IsNullOrWhiteSpace(forwardedIp)) + { + _logger.LogDebug("Redirected IP address detected"); + remoteIp = IPAddress.Parse(forwardedIp); + } } _logger.LogDebug("Request from Remote IP address: {RemoteIp}", remoteIp);