diff options
author | zeripath | 2022-08-21 19:20:43 +0100 |
---|---|---|
committer | GitHub | 2022-08-21 19:20:43 +0100 |
commit | 943753f560fab8bb01946618b16c694bc2032827 (patch) | |
tree | d4faa0f8bde73d61ee00d7252ceb79f8334088b1 /custom | |
parent | 0b4c166e8a90beeb1e71ee2fc16b3a240517c82d (diff) |
Support Proxy protocol (#12527)
This PR adds functionality to allow Gitea to sit behind an
HAProxy and HAProxy protocolled connections directly.
Fix #7508
Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'custom')
-rw-r--r-- | custom/conf/app.example.ini | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini index 5e612fb42..0949c3d39 100644 --- a/custom/conf/app.example.ini +++ b/custom/conf/app.example.ini @@ -29,6 +29,18 @@ RUN_MODE = ; prod ;; The protocol the server listens on. One of 'http', 'https', 'unix' or 'fcgi'. Defaults to 'http' ;PROTOCOL = http ;; +;; Expect PROXY protocol headers on connections +;USE_PROXY_PROTOCOL = false +;; +;; Use PROXY protocol in TLS Bridging mode +;PROXY_PROTOCOL_TLS_BRIDGING = false +;; +; Timeout to wait for PROXY protocol header (set to 0 to have no timeout) +;PROXY_PROTOCOL_HEADER_TIMEOUT=5s +;; +; Accept PROXY protocol headers with UNKNOWN type +;PROXY_PROTOCOL_ACCEPT_UNKNOWN=false +;; ;; Set the domain for the server ;DOMAIN = localhost ;; @@ -51,6 +63,8 @@ RUN_MODE = ; prod ;REDIRECT_OTHER_PORT = false ;PORT_TO_REDIRECT = 80 ;; +;; expect PROXY protocol header on connections to https redirector. +;REDIRECTOR_USE_PROXY_PROTOCOL = %(USE_PROXY_PROTOCOL) ;; Minimum and maximum supported TLS versions ;SSL_MIN_VERSION=TLSv1.2 ;SSL_MAX_VERSION= @@ -76,13 +90,19 @@ RUN_MODE = ; prod ;; Do not set this variable if PROTOCOL is set to 'unix'. ;LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/ ;; +;; When making local connections pass the PROXY protocol header. +;LOCAL_USE_PROXY_PROTOCOL = %(USE_PROXY_PROTOCOL) +;; ;; Disable SSH feature when not available ;DISABLE_SSH = false ;; ;; Whether to use the builtin SSH server or not. ;START_SSH_SERVER = false ;; -;; Username to use for the builtin SSH server. +;; Expect PROXY protocol header on connections to the built-in SSH server +;SSH_SERVER_USE_PROXY_PROTOCOL = false +;; +;; Username to use for the builtin SSH server. If blank, then it is the value of RUN_USER. ;BUILTIN_SSH_SERVER_USER = %(RUN_USER)s ;; ;; Domain name to be exposed in clone URL |