diff --git a/config-sample.ini b/config-sample.ini index 393a124f3..0e8da0360 100644 --- a/config-sample.ini +++ b/config-sample.ini @@ -21,3 +21,9 @@ https=false # path to certificate (run "bash bin/generate-cert.sh" to generate self-signed certificate). Relevant only if https=true certPath= keyPath= +# setting to give trust to reverse proxies, a comma-separated list of trusted rev. proxy IPs can be specified (CIDR notation is permitted), +# alternatively 'true' will make use of the leftmost IP in X-Forwarded-For, ultimately an integer can be used to tell about the number of hops between +# Trilium (which is hop 0) and the first trusted rev. proxy. +# once set, expressjs will use the X-Forwarded-For header set by the rev. proxy to determinate the real IPs of clients. +# expressjs shortcuts are supported: loopback(127.0.0.1/8, ::1/128), linklocal(169.254.0.0/16, fe80::/10), uniquelocal(10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, fc00::/7) +trustedReverseProxy=false diff --git a/package.json b/package.json index 253f9d8ec..1bf872d5c 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "trilium", "productName": "Trilium Notes", "description": "Trilium Notes", - "version": "0.54.1-beta", + "version": "0.54.2", "license": "AGPL-3.0-only", "main": "electron.js", "bin": { diff --git a/src/services/build.js b/src/services/build.js index e5039d032..8e936c7ee 100644 --- a/src/services/build.js +++ b/src/services/build.js @@ -1 +1 @@ -module.exports = { buildDate:"2022-08-02T21:56:34+02:00", buildRevision: "12af3d05f04b9406af55ac301c0069eb385957c8" }; +module.exports = { buildDate:"2022-08-07T23:20:59+02:00", buildRevision: "3a07c5fcc059019a2330a3f6ed204eeb5df1539d" }; diff --git a/src/www b/src/www index 3643c0ea9..e3a26de4d 100644 --- a/src/www +++ b/src/www @@ -56,6 +56,14 @@ async function startTrilium() { app.set('port', port); app.set('host', host); + // Check from config whether to trust reverse proxies to supply user IPs, hostnames and protocols + if (config['Network']['trustedReverseProxy']) { + if (config['Network']['trustedReverseProxy'] === true || config['Network']['trustedReverseProxy'].trim().length) { + app.set('trust proxy', config['Network']['trustedReverseProxy']) + } + } + log.info('Trusted reverse proxy: ' + app.get('trust proxy')) + if (config['Network']['https']) { if (!config['Network']['keyPath'] || !config['Network']['keyPath'].trim().length) { throw new Error("keyPath in config.ini is required when https=true, but it's empty");