Skip to content

Update nginx recommendations #26924

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Sep 6, 2023
Merged

Update nginx recommendations #26924

merged 4 commits into from
Sep 6, 2023

Conversation

silverwind
Copy link
Member

@silverwind silverwind commented Sep 5, 2023
edited
Loading

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Sep 5, 2023
@silverwind silverwind added the type/docs This PR mainly updates/creates documentation label Sep 5, 2023
@silverwind
Copy link
Member Author

silverwind commented Sep 5, 2023
edited
Loading

I guess X-Real-IP has the benefit of parsing faster, so I'm indifferent whether to keep it. cc: @lafriks.

@lafriks
Copy link
Member

lafriks commented Sep 5, 2023

This really depends on the situation, I would keep both. Generally nowadays there will be at least two proxies when deploying HA in K8s/docker etc edge reverse proxy -> ingress reverse proxy -> gitea and if not correctly configured x-real-ip could be incorrect and x-forwarded-for will be more reliable in that case. In the case of a single VM and nginx in front, yes it does not really matter what to use

@lafriks
Copy link
Member

lafriks commented Sep 5, 2023

For more general use case I would recommend leaving them both

@silverwind
Copy link
Member Author

I guess I will restore x-real-ip based on your opinion. Generally I think XFF is much better and likely better handled in a chain of proxies. There is also a https://datatracker.ietf.org/doc/html/rfc7239 but it seems no one is adopting it 😆

@silverwind
Copy link
Member Author

silverwind commented Sep 6, 2023
edited
Loading

So now this is only about websocket config, which does not hurt to have and will be needed for #26679 anyways, so I think it's good to start recommending it.

@wxiaoguang
Copy link
Contributor

In many cases, X-Real-IP can be trusted while X-Forwarded-For can't.

@techknowlogick techknowlogick added the backport/v1.20 This PR should be backported to Gitea 1.20 label Sep 6, 2023
@lafriks
Copy link
Member

lafriks commented Sep 6, 2023

In many cases, X-Real-IP can be trusted while X-Forwarded-For can't.

That's why there is configuration on how many last IP's from X-Forwarded-For can be trusted by default we have 1 I think all others are discarded

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Sep 6, 2023
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Sep 6, 2023
@silverwind silverwind added the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Sep 6, 2023
@silverwind silverwind enabled auto-merge (squash) September 6, 2023 17:49
@silverwind silverwind merged commit e596806 into go-gitea:main Sep 6, 2023
@GiteaBot GiteaBot added this to the 1.22.0 milestone Sep 6, 2023
@GiteaBot
Copy link
Collaborator

GiteaBot commented Sep 6, 2023

I was unable to create a backport for 1.20. @silverwind, please send one manually. 🍵

go run ./contrib/backport 26924
...  // fix git conflicts if any
go run ./contrib/backport --continue

@GiteaBot GiteaBot added backport/manual No power to the bots! Create your backport yourself! and removed reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. labels Sep 6, 2023
@silverwind silverwind deleted the nginxdocs branch September 6, 2023 17:50
@silverwind
Copy link
Member Author

Not worth the backport imho, Websocket will come in 1.22 earliest.

@silverwind silverwind removed backport/manual No power to the bots! Create your backport yourself! backport/v1.20 This PR should be backported to Gitea 1.20 labels Sep 6, 2023
zjjhot added a commit to zjjhot/gitea that referenced this pull request Sep 7, 2023
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
58c0c0b 
* giteaofficial/main:
  Fix schedule actions still running even if workflow disalbed (go-gitea#26939)
  Fix the missing repo count (go-gitea#26942)
  Improve SSH Key / GPG Key / Deploy Key UI (go-gitea#26949)
  [skip ci] Updated translations via Crowdin
  Update nginx recommendations (go-gitea#26924)
  docs: Update Profile README information (go-gitea#26947)
  Fix scoped label layout (go-gitea#26932)
  Move createrepository from module to service layer (go-gitea#26927)
  Add a documentation note for Windows Service (go-gitea#26938)
  allow "latest" to be used in release vTag when downloading file (go-gitea#26748)
  Extract common code to new template (go-gitea#26933)
  Show always repo count in header (go-gitea#26842)
  Show always repo count in header (go-gitea#26842)
  Artifacts retention and auto clean up (go-gitea#26131)
  Fix UI anomalies (go-gitea#26929)
  Fix the display of org level badges  (go-gitea#26504)
@techknowlogick techknowlogick modified the milestones: 1.22.0, 1.21.0 Sep 8, 2023
@techknowlogick techknowlogick added the type/changelog Adds the changelog for a new Gitea version label Sep 8, 2023
@delvh delvh removed the type/changelog Adds the changelog for a new Gitea version label Oct 7, 2023
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Dec 6, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@lafriks lafriks lafriks approved these changes

@delvh delvh delvh approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/docs This PR mainly updates/creates documentation
Projects
None yet
Milestone
1.21.0
Development

Successfully merging this pull request may close these issues.
6 participants
@silverwind @lafriks @wxiaoguang @GiteaBot @delvh @techknowlogick