fix: warn once, handle array header, add default trusted proxies, sort CONFIGURATION.md A-Z

kanishka0411 · kanishka0411 · commit 0ac3cab8dd98 · 2026-04-19T12:02:46.000+05:30
diff --git a/CONFIGURATION.md b/CONFIGURATION.md
@@ -99,14 +99,12 @@ The settings below are listed in alphabetical order by name. Please keep this ta
 | limits.event.content[].kinds                | List of event kinds to apply limit. Use `[min, max]` for ranges. Optional. |
 | limits.event.content[].maxLength            | Maximum length of `content`. Defaults to 1 MB. Disabled when set to zero. |
 | limits.event.createdAt.maxPositiveDelta     | Maximum number of seconds an event's `created_at` can be in the future. Defaults to 900 (15 minutes). Disabled when set to zero. |
-| limits.event.createdAt.minNegativeDelta     | Maximum number of secodns an event's `created_at` can be in the past.  Defaults to zero. Disabled when set to zero. |
-| limits.event.eventId.minLeadingZeroBits     | Leading zero bits required on every incoming event for proof of work. |
-|                                             | Defaults to zero. Disabled when set to zero. |
+| limits.event.createdAt.minNegativeDelta     | Maximum number of seconds an event's `created_at` can be in the past. Defaults to zero. Disabled when set to zero. |
+| limits.event.eventId.minLeadingZeroBits     | Leading zero bits required on every incoming event for proof of work. Defaults to zero. Disabled when set to zero. |
 | limits.event.kind.blacklist                 | List of event kinds to always reject. Leave empty to allow any. |
 | limits.event.kind.whitelist                 | List of event kinds to always allow. Leave empty to allow any. |
 | limits.event.pubkey.blacklist               | List of public keys to always reject. Public keys in this list will not be able to post to this relay. |
-| limits.event.pubkey.minLeadingZeroBits      | Leading zero bits required on the public key of incoming events for proof of work. |
-|                                             | Defaults to zero. Disabled when set to zero. |
+| limits.event.pubkey.minLeadingZeroBits      | Leading zero bits required on the public key of incoming events for proof of work. Defaults to zero. Disabled when set to zero. |
 | limits.event.pubkey.whitelist               | List of public keys to always allow. Only public keys in this list will be able to post to this relay. Use for private relays. |
 | limits.event.rateLimits[].kinds             | List of event kinds rate limited. Use `[min, max]` for ranges. Optional. |
 | limits.event.rateLimits[].period            | Rate limiting period in milliseconds. |
diff --git a/resources/default-settings.yaml b/resources/default-settings.yaml
@@ -55,12 +55,16 @@ nip05:
   domainBlacklist: []
 network:
   maxPayloadSize: 524288
-  # Comment the next line if using CloudFlare proxy
-  remoteIpHeader: x-forwarded-for
-  # Optional: only trust forwarding headers from these proxy IPs
-  trustedProxies: []
-  # Uncomment the next line if using CloudFlare proxy
+  # Uncomment only when using a trusted reverse proxy and configuring trustedProxies.
+  # remoteIpHeader: x-forwarded-for
   # remoteIpHeader: cf-connecting-ip
+  # Proxy IPs allowed to set remoteIpHeader (loopback and common docker internal)
+  trustedProxies:
+    - "127.0.0.1"
+    - "::ffff:127.0.0.1"
+    - "::1"
+    - "10.10.10.1"
+    - "::ffff:10.10.10.1"
 workers:
   count: 0
 mirroring:
diff --git a/src/utils/http.ts b/src/utils/http.ts
@@ -2,6 +2,10 @@ import { IncomingMessage } from 'http'
 
 import { Settings } from '../@types/settings'
 
+let warnedEmptyTrustedProxies = false
+
+export const _resetWarnings = (): void => { warnedEmptyTrustedProxies = false }
+
 const normalizeIpAddress = (input: string): string => {
   if (input.startsWith('::ffff:')) {
     return input.slice(7)
@@ -36,13 +40,13 @@ export const getRemoteAddress = (request: IncomingMessage, settings: Settings):
   }
 
   const trustedProxies = settings.network?.trustedProxies
-  if (header && (!Array.isArray(trustedProxies) || trustedProxies.length === 0)) {
+  if (header && (!Array.isArray(trustedProxies) || trustedProxies.length === 0) && !warnedEmptyTrustedProxies) {
     console.warn('WARNING: network.remoteIpHeader is set but network.trustedProxies is empty. Forwarded headers will be ignored. Add your proxy IP to network.trustedProxies.')
+    warnedEmptyTrustedProxies = true
   }
 
-  const headerAddress = header
-    ? request.headers[header]
-    : undefined
+  const rawHeaderAddress = header ? request.headers[header] : undefined
+  const headerAddress = Array.isArray(rawHeaderAddress) ? rawHeaderAddress[0] : rawHeaderAddress
   const socketAddress = request.socket.remoteAddress
 
   const trustedProxy = typeof socketAddress === 'string'
