Mercurial > kallithea
comparison docs/setup.rst @ 8884:883a0c6c425f
docs: document how proxy servers must be configured
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Sun, 09 May 2021 22:17:21 +0200 |
parents | fb40978c1afb |
children | 3d7ba590f6f5 |
comparison
equal
deleted
inserted
replaced
8883:fb40978c1afb | 8884:883a0c6c425f |
---|---|
402 for more info. | 402 for more info. |
403 | 403 |
404 .. note:: | 404 .. note:: |
405 Make sure you run this command from the same virtualenv, and with the same | 405 Make sure you run this command from the same virtualenv, and with the same |
406 user that Kallithea runs. | 406 user that Kallithea runs. |
407 | |
408 | |
409 Proxy setups | |
410 ------------ | |
411 | |
412 When Kallithea is processing HTTP requests from a user, it will see and use | |
413 some of the basic properties of the connection, both at the TCP/IP level and at | |
414 the HTTP level. The WSGI server will provide this information to Kallithea in | |
415 the "environment". | |
416 | |
417 In some setups, a proxy server will take requests from users and forward | |
418 them to the actual Kallithea server. The proxy server will thus be the | |
419 immediate client of the Kallithea WSGI server, and Kallithea will basically see | |
420 it as such. To make sure Kallithea sees the request as it arrived from the | |
421 client to the proxy server, the proxy server must be configured to | |
422 somehow pass the original information on to Kallithea, and Kallithea must be | |
423 configured to pick that information up and trust it. | |
424 | |
425 Kallithea will by default rely on its WSGI server to provide the IP of the | |
426 client in the WSGI environment as ``REMOTE_ADDR``, but it can also | |
427 get it from the ``X-Real-IP`` or ``X-Forwarded-For`` HTTP headers. | |
428 | |
429 Kallithea will by default rely on finding the protocol (``http`` or ``https``) | |
430 in the WSGI environment as ``wsgi.url_scheme``. If the proxy server puts | |
431 the protocol of the client request in the ``X-Url-Scheme``, | |
432 ``X-Forwarded-Scheme``, or ``X-Forwarded-Proto`` HTTP header, | |
433 Kallithea can be configured to trust these headers by setting:: | |
434 | |
435 https_fixup = true | |
407 | 436 |
408 | 437 |
409 HTTPS support | 438 HTTPS support |
410 ------------- | 439 ------------- |
411 | 440 |