From ee26a7e8dd94690ed9a1ecca7eaf2e00d7e1ab4d Mon Sep 17 00:00:00 2001 From: Jakob Schrettenbrunner Date: Wed, 1 Feb 2017 20:10:28 +0100 Subject: [PATCH 1/3] add fideloper/proxy to support reverse proxies and load balancers --- .env.example | 1 + app/Http/Kernel.php | 2 ++ composer.json | 3 ++- config/app.php | 1 + config/trustedproxy.php | 59 +++++++++++++++++++++++++++++++++++++++++ 5 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 config/trustedproxy.php diff --git a/.env.example b/.env.example index ba98b1c75..7e41a75a0 100644 --- a/.env.example +++ b/.env.example @@ -7,6 +7,7 @@ APP_CLEAR_TASKLOG=720 APP_DELETE_MINUTES=10 CONSOLE_PUSH_FREQ=250 CONSOLE_PUSH_COUNT=10 +TRUSTED_PROXIES=null DB_HOST=localhost DB_PORT=3306 diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index 9e8d9f816..7e03c17ec 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -17,7 +17,9 @@ class Kernel extends HttpKernel \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Session\Middleware\StartSession::class, \Illuminate\View\Middleware\ShareErrorsFromSession::class, + \Pterodactyl\Http\Middleware\LanguageMiddleware::class, + \Fideloper\Proxy\TrustProxies::class, ]; /** diff --git a/composer.json b/composer.json index 3569e3d1b..b015adbd0 100644 --- a/composer.json +++ b/composer.json @@ -26,7 +26,8 @@ "mtdowling/cron-expression": "1.1.0", "dingo/api": "1.0.0-beta6", "aws/aws-sdk-php": "3.19.20", - "predis/predis": "1.1.1" + "predis/predis": "1.1.1", + "fideloper/proxy": "3.2.0" }, "require-dev": { "fzaninotto/faker": "~1.4", diff --git a/config/app.php b/config/app.php index 3093b43d0..957848eae 100644 --- a/config/app.php +++ b/config/app.php @@ -158,6 +158,7 @@ return [ igaster\laravelTheme\themeServiceProvider::class, Prologue\Alerts\AlertsServiceProvider::class, Krucas\Settings\Providers\SettingsServiceProvider::class, + Fideloper\Proxy\TrustedProxyServiceProvider::class, ], diff --git a/config/trustedproxy.php b/config/trustedproxy.php new file mode 100644 index 000000000..7d7accf0e --- /dev/null +++ b/config/trustedproxy.php @@ -0,0 +1,59 @@ +getClientIp() + * always gets the originating client IP, no matter + * how many proxies that client's request has + * subsequently passed through. + */ + 'proxies' => explode(',', env('TRUSTED_PROXIES', null)), + + /* + * Or, to trust all proxies that connect + * directly to your server, uncomment this: + */ + # 'proxies' => '*', + + /* + * Or, to trust ALL proxies, including those that + * are in a chain of fowarding, uncomment this: + */ + # 'proxies' => '**', + + /* + * Default Header Names + * + * Change these if the proxy does + * not send the default header names. + * + * Note that headers such as X-Forwarded-For + * are transformed to HTTP_X_FORWARDED_FOR format. + * + * The following are Symfony defaults, found in + * \Symfony\Component\HttpFoundation\Request::$trustedHeaders + */ + 'headers' => [ + \Illuminate\Http\Request::HEADER_CLIENT_IP => 'X_FORWARDED_FOR', + \Illuminate\Http\Request::HEADER_CLIENT_HOST => 'X_FORWARDED_HOST', + \Illuminate\Http\Request::HEADER_CLIENT_PROTO => 'X_FORWARDED_PROTO', + \Illuminate\Http\Request::HEADER_CLIENT_PORT => 'X_FORWARDED_PORT', + ] +]; From 8ab4faad8a47d0e4d1db9ff6b07e6d6bf8703490 Mon Sep 17 00:00:00 2001 From: Jakob Schrettenbrunner Date: Wed, 1 Feb 2017 20:31:24 +0100 Subject: [PATCH 2/3] remove TRUSTED_PROXIES from .env.example make style ci happy --- .env.example | 1 - app/Http/Kernel.php | 2 +- config/trustedproxy.php | 8 ++++---- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/.env.example b/.env.example index 7e41a75a0..ba98b1c75 100644 --- a/.env.example +++ b/.env.example @@ -7,7 +7,6 @@ APP_CLEAR_TASKLOG=720 APP_DELETE_MINUTES=10 CONSOLE_PUSH_FREQ=250 CONSOLE_PUSH_COUNT=10 -TRUSTED_PROXIES=null DB_HOST=localhost DB_PORT=3306 diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index 7e03c17ec..d4c1cf1f1 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -17,7 +17,7 @@ class Kernel extends HttpKernel \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Session\Middleware\StartSession::class, \Illuminate\View\Middleware\ShareErrorsFromSession::class, - + \Pterodactyl\Http\Middleware\LanguageMiddleware::class, \Fideloper\Proxy\TrustProxies::class, ]; diff --git a/config/trustedproxy.php b/config/trustedproxy.php index 7d7accf0e..2bf4cd02f 100644 --- a/config/trustedproxy.php +++ b/config/trustedproxy.php @@ -30,13 +30,13 @@ return [ * Or, to trust all proxies that connect * directly to your server, uncomment this: */ - # 'proxies' => '*', + // 'proxies' => '*', /* * Or, to trust ALL proxies, including those that * are in a chain of fowarding, uncomment this: - */ - # 'proxies' => '**', + */ + // 'proxies' => '**', /* * Default Header Names @@ -55,5 +55,5 @@ return [ \Illuminate\Http\Request::HEADER_CLIENT_HOST => 'X_FORWARDED_HOST', \Illuminate\Http\Request::HEADER_CLIENT_PROTO => 'X_FORWARDED_PROTO', \Illuminate\Http\Request::HEADER_CLIENT_PORT => 'X_FORWARDED_PORT', - ] + ], ]; From 7b659a773ee2cff875d5d992e13d6c7ac38a10ae Mon Sep 17 00:00:00 2001 From: Jakob Schrettenbrunner Date: Thu, 2 Feb 2017 23:31:42 +0100 Subject: [PATCH 3/3] handle * and ** for TRUSTED_PROXIES --- config/trustedproxy.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/trustedproxy.php b/config/trustedproxy.php index 2bf4cd02f..a1fac334a 100644 --- a/config/trustedproxy.php +++ b/config/trustedproxy.php @@ -24,7 +24,8 @@ return [ * how many proxies that client's request has * subsequently passed through. */ - 'proxies' => explode(',', env('TRUSTED_PROXIES', null)), + 'proxies' => in_array(env('TRUSTED_PROXIES', ['*', '**'])) ? + env('TRUSTED_PROXIES') : explode(',', env('TRUSTED_PROXIES', null)), /* * Or, to trust all proxies that connect