From 912f79f1af1535d32dfa4ab463c0d6efac3a4ae9 Mon Sep 17 00:00:00 2001 From: DynamoFox Date: Thu, 4 Aug 2022 00:19:54 +0200 Subject: [PATCH 1/3] Add optional support to trust reverse proxies (via X-Forwarded-For) --- config-sample.ini | 6 ++++++ src/www | 8 ++++++++ 2 files changed, 14 insertions(+) diff --git a/config-sample.ini b/config-sample.ini index 393a124f3..0e8da0360 100644 --- a/config-sample.ini +++ b/config-sample.ini @@ -21,3 +21,9 @@ https=false # path to certificate (run "bash bin/generate-cert.sh" to generate self-signed certificate). Relevant only if https=true certPath= keyPath= +# setting to give trust to reverse proxies, a comma-separated list of trusted rev. proxy IPs can be specified (CIDR notation is permitted), +# alternatively 'true' will make use of the leftmost IP in X-Forwarded-For, ultimately an integer can be used to tell about the number of hops between +# Trilium (which is hop 0) and the first trusted rev. proxy. +# once set, expressjs will use the X-Forwarded-For header set by the rev. proxy to determinate the real IPs of clients. +# expressjs shortcuts are supported: loopback(127.0.0.1/8, ::1/128), linklocal(169.254.0.0/16, fe80::/10), uniquelocal(10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, fc00::/7) +trustedReverseProxy=false diff --git a/src/www b/src/www index 637ca925d..c17ae0412 100644 --- a/src/www +++ b/src/www @@ -44,6 +44,14 @@ async function startTrilium() { app.set('port', usedPort); app.set('host', usedHost); + // Check from config whether to trust reverse proxies to supply user IPs, hostnames and protocols + if (config['Network']['trustedReverseProxy']) { + if (config['Network']['trustedReverseProxy'] === true || config['Network']['trustedReverseProxy'].trim().length) { + app.set('trust proxy', config['Network']['trustedReverseProxy']) + } + } + log.info('Trusted reverse proxy: ' + app.get('trust proxy')) + if (config['Network']['https']) { if (!config['Network']['keyPath'] || !config['Network']['keyPath'].trim().length) { throw new Error("keyPath in config.ini is required when https=true, but it's empty"); From 3a07c5fcc059019a2330a3f6ed204eeb5df1539d Mon Sep 17 00:00:00 2001 From: zadam Date: Sun, 7 Aug 2022 23:18:03 +0200 Subject: [PATCH 2/3] release 0.54.2 --- package.json | 2 +- src/services/build.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index 6c3652130..ab87a75cb 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "trilium", "productName": "Trilium Notes", "description": "Trilium Notes", - "version": "0.54.1-beta", + "version": "0.54.2", "license": "AGPL-3.0-only", "main": "electron.js", "bin": { diff --git a/src/services/build.js b/src/services/build.js index e5039d032..b7235e484 100644 --- a/src/services/build.js +++ b/src/services/build.js @@ -1 +1 @@ -module.exports = { buildDate:"2022-08-02T21:56:34+02:00", buildRevision: "12af3d05f04b9406af55ac301c0069eb385957c8" }; +module.exports = { buildDate:"2022-08-07T23:18:03+02:00", buildRevision: "0681ec9057e1b7931ae2a13b94150a537b1c525a" }; From 2335e402621d3575f927ee17f632d865e9952a39 Mon Sep 17 00:00:00 2001 From: zadam Date: Sun, 7 Aug 2022 23:20:59 +0200 Subject: [PATCH 3/3] release 0.54.2 --- src/services/build.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/services/build.js b/src/services/build.js index b7235e484..8e936c7ee 100644 --- a/src/services/build.js +++ b/src/services/build.js @@ -1 +1 @@ -module.exports = { buildDate:"2022-08-07T23:18:03+02:00", buildRevision: "0681ec9057e1b7931ae2a13b94150a537b1c525a" }; +module.exports = { buildDate:"2022-08-07T23:20:59+02:00", buildRevision: "3a07c5fcc059019a2330a3f6ed204eeb5df1539d" };