Add TRUSTED_PROXY support & global imports #643
+562
−82
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Updated documentation and configuration files to improve trusted proxy handling. Introduced customizable trusted proxy settings for Cloudflare, Sucuri, and local proxies, ensuring accurate IP logging. Removed hardcoded Cloudflare IPs from NGINX and Apache configurations, replacing them with a dynamic inclusion based on the TRUSTED_PROXY environment variable.
jaydrogers
changed the title
|
One recommendation would be for local to be somehow tied into cloudflare/sucuri. With this new implementation, if I have my site behind cloudflare, but also running in docker (behind traefik/caddy), then i shouldnt have to pick/choose if i want both Not sure what the best way to do this, but i do feel like a docker setup is very common |
Updated the documentation to specify that both Cloudflare and Sucuri configurations now automatically include local Docker networks. Added a tip to inform users that they can use the `cloudflare` setting while also trusting local proxies, enhancing clarity on trusted proxy usage.
Deploying serversideup-php with
|
| Latest commit: |
b172d24
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://e5b52b40.serversideup-php.pages.dev |
| Branch Preview URL: | https://improvement-webserver-config.serversideup-php.pages.dev |
Member
Author
|
Valid point! If you check the file, you'll see that when you set I just added some docs to make it clearer 😃 Next stepsIf you want to test out using the images in the top comment, let me know if you're getting your expected results 👍 |
Updated the Dockerfile to create a directory for global Caddy configurations and modified the Caddyfile to import additional configuration files from the new caddyfile-global.d directory, enhancing flexibility in Caddy setup.
jaydrogers
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
How to test this image
Use the
serversideup/php-devimages that are tagged with this PR number:serversideup/php-dev:643-*View the images →
What this PR does
Add
TRUSTED_PROXYsupportYou can now customize your trusted proxy experience via environment variables.
cloudflare(default)CF-Connecting-IPheadersucuriX-Forwarded-ForheaderlocalX-Forwarded-ForheaderoffGlobal Imports for FrankenPHP
Instead of using
${CADDY_GLOBAL_OPTIONS}variable (which can be a pain with escaping characters, etc) you can now just import configurations into the global block by copying Caddyfiles over to/etc/frankenphp/caddyfile-global.d/.Caddy will load any
*.caddyfilefiles:docker-php/src/variations/frankenphp/etc/frankenphp/Caddyfile
Lines 22 to 23 in 5d5d7a9