Mercurial > kallithea
changeset 8884:883a0c6c425f
docs: document how proxy servers must be configured
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Sun, 09 May 2021 22:17:21 +0200 |
parents | fb40978c1afb |
children | f08fbf424898 |
files | docs/setup.rst |
diffstat | 1 files changed, 29 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/docs/setup.rst Mon May 17 16:59:06 2021 +0200 +++ b/docs/setup.rst Sun May 09 22:17:21 2021 +0200 @@ -406,6 +406,35 @@ user that Kallithea runs. +Proxy setups +------------ + +When Kallithea is processing HTTP requests from a user, it will see and use +some of the basic properties of the connection, both at the TCP/IP level and at +the HTTP level. The WSGI server will provide this information to Kallithea in +the "environment". + +In some setups, a proxy server will take requests from users and forward +them to the actual Kallithea server. The proxy server will thus be the +immediate client of the Kallithea WSGI server, and Kallithea will basically see +it as such. To make sure Kallithea sees the request as it arrived from the +client to the proxy server, the proxy server must be configured to +somehow pass the original information on to Kallithea, and Kallithea must be +configured to pick that information up and trust it. + +Kallithea will by default rely on its WSGI server to provide the IP of the +client in the WSGI environment as ``REMOTE_ADDR``, but it can also +get it from the ``X-Real-IP`` or ``X-Forwarded-For`` HTTP headers. + +Kallithea will by default rely on finding the protocol (``http`` or ``https``) +in the WSGI environment as ``wsgi.url_scheme``. If the proxy server puts +the protocol of the client request in the ``X-Url-Scheme``, +``X-Forwarded-Scheme``, or ``X-Forwarded-Proto`` HTTP header, +Kallithea can be configured to trust these headers by setting:: + + https_fixup = true + + HTTPS support -------------