comparison docs/setup.rst @ 8884:883a0c6c425f

docs: document how proxy servers must be configured
author Mads Kiilerich <mads@kiilerich.com>
date Sun, 09 May 2021 22:17:21 +0200
parents fb40978c1afb
children 3d7ba590f6f5
comparison
equal deleted inserted replaced
8883:fb40978c1afb 8884:883a0c6c425f
402 for more info. 402 for more info.
403 403
404 .. note:: 404 .. note::
405 Make sure you run this command from the same virtualenv, and with the same 405 Make sure you run this command from the same virtualenv, and with the same
406 user that Kallithea runs. 406 user that Kallithea runs.
407
408
409 Proxy setups
410 ------------
411
412 When Kallithea is processing HTTP requests from a user, it will see and use
413 some of the basic properties of the connection, both at the TCP/IP level and at
414 the HTTP level. The WSGI server will provide this information to Kallithea in
415 the "environment".
416
417 In some setups, a proxy server will take requests from users and forward
418 them to the actual Kallithea server. The proxy server will thus be the
419 immediate client of the Kallithea WSGI server, and Kallithea will basically see
420 it as such. To make sure Kallithea sees the request as it arrived from the
421 client to the proxy server, the proxy server must be configured to
422 somehow pass the original information on to Kallithea, and Kallithea must be
423 configured to pick that information up and trust it.
424
425 Kallithea will by default rely on its WSGI server to provide the IP of the
426 client in the WSGI environment as ``REMOTE_ADDR``, but it can also
427 get it from the ``X-Real-IP`` or ``X-Forwarded-For`` HTTP headers.
428
429 Kallithea will by default rely on finding the protocol (``http`` or ``https``)
430 in the WSGI environment as ``wsgi.url_scheme``. If the proxy server puts
431 the protocol of the client request in the ``X-Url-Scheme``,
432 ``X-Forwarded-Scheme``, or ``X-Forwarded-Proto`` HTTP header,
433 Kallithea can be configured to trust these headers by setting::
434
435 https_fixup = true
407 436
408 437
409 HTTPS support 438 HTTPS support
410 ------------- 439 -------------
411 440