mirror of
https://github.com/superseriousbusiness/gotosocial.git
synced 2025-01-27 11:06:36 +01:00
[chore] Allow suppressing trusted-proxies warning by disabling rate limiting (#3686)
This commit is contained in:
parent
3ab2d8621b
commit
2a46681147
2 changed files with 24 additions and 2 deletions
|
@ -63,9 +63,17 @@ If you are using docker compose, your docker-compose.yaml file should look somet
|
|||
################################
|
||||
```
|
||||
|
||||
Once you have made the necessary configuration changes, restart your instance and refresh the home page. If the message is gone, then the problem is resolved!
|
||||
Once you have made the necessary configuration changes, **restart your instance** and refresh the home page.
|
||||
|
||||
If the message is gone, then the problem is resolved!
|
||||
|
||||
If you still see the warning message but with a different suggested IP range to add to `trusted-proxies`, then follow the same steps as above again, including the new suggested IP range in your config in addition to the one you just added.
|
||||
|
||||
!!! tip "Cloudflare IP Addresses"
|
||||
If you are running with a CDN/proxy such as Cloudflare in front of your GoToSocial instance (not recommended), then you may need to add one or more of the Cloudflare IP addresses to your `trusted-proxies` in order to have rate limiting work properly. You can find a list of Cloudflare IP addresses here: https://www.cloudflare.com/ips/
|
||||
|
||||
## I can't seem to get `trusted-proxies` configured properly, can I just disable the warning?
|
||||
|
||||
There are some situations where it's not practically possible to get `trusted-proxies` configured correctly to detect the real client IP of incoming requests For example, if you're running GoToSocial behind a home internet router that cannot inject an `X-Forwarded-For` header, then your suggested entry to add to `trusted-proxies` will look something like `192.168.x.x`, but adding this to `trusted-proxies` won't resolve the issue.
|
||||
|
||||
If you've tried everything, then you can disable the warning message by just turning off rate limiting entirely, ie., by setting `advanced-rate-limit-requests` to 0 in your config.yaml, or setting the environment variable `GTS_ADVANCED_RATE_LIMIT_REQUESTS` to 0. Don't forget to **restart your instance** after changing this setting.
|
||||
|
|
|
@ -23,6 +23,7 @@
|
|||
|
||||
"github.com/gin-gonic/gin"
|
||||
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
|
||||
"github.com/superseriousbusiness/gotosocial/internal/config"
|
||||
)
|
||||
|
||||
// WebPage encapsulates variables for
|
||||
|
@ -96,6 +97,17 @@ func injectTrustedProxiesRec(
|
|||
c *gin.Context,
|
||||
obj map[string]any,
|
||||
) {
|
||||
if config.GetAdvancedRateLimitRequests() <= 0 {
|
||||
// If rate limiting is disabled entirely
|
||||
// there's no point in giving a trusted
|
||||
// proxies rec, as proper clientIP is
|
||||
// basically only used for rate limiting.
|
||||
return
|
||||
}
|
||||
|
||||
// clientIP = the client IP that gin
|
||||
// derives based on x-forwarded-for
|
||||
// and current trusted proxies.
|
||||
clientIP := c.ClientIP()
|
||||
if clientIP == "127.0.0.1" {
|
||||
// Suggest precise 127.0.0.1/32.
|
||||
|
@ -119,7 +131,9 @@ func injectTrustedProxiesRec(
|
|||
|
||||
if !hasRemoteIPHeader {
|
||||
// Upstream hasn't set a
|
||||
// remote IP header, bail.
|
||||
// remote IP header so we're
|
||||
// probably not in a reverse
|
||||
// proxy setup, bail.
|
||||
return
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue