From 45a907235dae18eb54a8a148c4b363b21cfa76c9 Mon Sep 17 00:00:00 2001 From: filmroellchen Date: Fri, 7 Feb 2025 23:55:46 +0100 Subject: [PATCH] proper proxy configuration --- fastcgi.conf | 2 +- nginx.conf | 8 ++++++-- public_mediawiki/LocalSettings.php | 5 +++++ 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/fastcgi.conf b/fastcgi.conf index 927fe5b..d53a628 100644 --- a/fastcgi.conf +++ b/fastcgi.conf @@ -16,7 +16,7 @@ fastcgi_param HTTPS $https if_not_empty; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; -fastcgi_param REMOTE_ADDR $http_x_forwarded_for; +fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param REMOTE_USER $remote_user; fastcgi_param SERVER_ADDR $server_addr; diff --git a/nginx.conf b/nginx.conf index bac1998..4532678 100644 --- a/nginx.conf +++ b/nginx.conf @@ -1,7 +1,6 @@ user www-data; worker_processes auto; pid /run/nginx.pid; -error_log /var/log/nginx/error.log; include /etc/nginx/modules-enabled/*.conf; events { @@ -37,7 +36,12 @@ http { # Logging Settings ## - access_log /var/log/nginx/access.log; + log_format main '$http_x_forwarded_for [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent"'; + + access_log /var/log/nginx/access.log main; + error_log /var/log/nginx/error.log; ## # Gzip Settings diff --git a/public_mediawiki/LocalSettings.php b/public_mediawiki/LocalSettings.php index 8eaa8fb..cabac03 100755 --- a/public_mediawiki/LocalSettings.php +++ b/public_mediawiki/LocalSettings.php @@ -242,3 +242,8 @@ $wgTemplateStylesExtenderEnableCssVars = true; $wgNamespacesWithSubpages[NS_MAIN] = true; $wgNamespacesWithSubpages[NS_TEMPLATE] = true; +# use proxy ip addresses -- we’re behind (at least) one reverse proxy that sets X-Forwarded-For +$wgUsePrivateIPs = true; +# ingress haproxy +$wgCdnServersNoPurge = [ '10.140.0.1' ]; +