From 2b0135697b8829754b5f05d058da7863e675f61a Mon Sep 17 00:00:00 2001 From: andreimarcu Date: Sun, 11 Oct 2015 20:32:28 -0400 Subject: [PATCH] Add option for using Real-IP --- README.md | 3 +-- server.go | 5 ++++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index ebdc9a8..662403d 100644 --- a/README.md +++ b/README.md @@ -29,6 +29,7 @@ Command-line options - ```-filecontentsecuritypolicy "..."``` -- Content-Security-Policy header for files (default is "default-src 'none'; img-src 'self'; object-src 'self'; media-src 'self'; sandbox; referrer none;"") - ```-xframeoptions "..." ``` -- X-Frame-Options header (default is "SAMEORIGIN") - ```-remoteuploads``` -- (optionally) enable remote uploads (/upload?url=https://...) +- ```-realip``` -- (optionally) let linx-server know you (nginx, etc) are providing the X-Real-IP and/or X-Forwarded-For headers. - ```-fastcgi``` -- (optionally) serve through fastcgi - ```-nologs``` -- (optionally) disable request logs in stdout @@ -48,8 +49,6 @@ server { client_max_body_size 4096M; location / { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; fastcgi_pass 127.0.0.1:8080; include fastcgi_params; } diff --git a/server.go b/server.go index 252babd..458ac12 100644 --- a/server.go +++ b/server.go @@ -30,6 +30,7 @@ var Config struct { fileContentSecurityPolicy string xFrameOptions string maxSize int64 + realIp bool noLogs bool allowHotlink bool fastcgi bool @@ -48,7 +49,7 @@ func setup() *web.Mux { // middleware mux.Use(middleware.RequestID) - if Config.fastcgi { + if Config.realIp { mux.Use(middleware.RealIP) } @@ -152,6 +153,8 @@ func main() { "path to ssl certificate (for https)") flag.StringVar(&Config.keyFile, "keyfile", "", "path to ssl key (for https)") + flag.BoolVar(&Config.realIp, "realip", false, + "use X-Real-IP/X-Forwarded-For headers as original host") flag.BoolVar(&Config.fastcgi, "fastcgi", false, "serve through fastcgi") flag.BoolVar(&Config.remoteUploads, "remoteuploads", false,