Fix reverse proxy support

Reintroducing trusted proxies via fideloper/proxy:

* Upgraded fideloper/proxy to 3.1
* Added fideloper/proxy to Http/Kernel.php
* Added fideloper/proxy to config/app.php
* Added environment variable APP_TRUSTED_PROXIES to env (with '*' being the default fallback)
This commit is contained in:
Nikolai Prokoschenko 2016-06-16 11:44:38 +02:00
parent 412756b651
commit 8d03668d78
6 changed files with 43 additions and 13 deletions

View file

@ -74,3 +74,4 @@ AWS_BUCKET=null
APP_LOG=single APP_LOG=single
APP_LOCKED=false APP_LOCKED=false
FILESYSTEM_DISK=local FILESYSTEM_DISK=local
APP_TRUSTED_PROXIES=192.168.1.1,10.0.0.1

View file

@ -21,6 +21,7 @@ class Kernel extends HttpKernel
\App\Http\Middleware\XssProtectHeader::class, \App\Http\Middleware\XssProtectHeader::class,
\App\Http\Middleware\NosniffGuard::class, \App\Http\Middleware\NosniffGuard::class,
\App\Http\Middleware\CheckForSetup::class, \App\Http\Middleware\CheckForSetup::class,
\Fideloper\Proxy\TrustProxies::class,
]; ];
/** /**

View file

@ -11,7 +11,7 @@
"league/csv": "~7.0", "league/csv": "~7.0",
"maknz/slack": "dev-master", "maknz/slack": "dev-master",
"erusev/parsedown": "dev-master", "erusev/parsedown": "dev-master",
"fideloper/proxy": "2.1.1", "fideloper/proxy": "^3.1",
"guzzlehttp/guzzle": "5.3.0", "guzzlehttp/guzzle": "5.3.0",
"aws/aws-sdk-php-laravel": "~3.0", "aws/aws-sdk-php-laravel": "~3.0",
"tecnickcom/tc-lib-barcode": "dev-master", "tecnickcom/tc-lib-barcode": "dev-master",

28
composer.lock generated
View file

@ -4,8 +4,8 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically" "This file is @generated automatically"
], ],
"hash": "abd2bfc01b3565b7dd1f6aac9e9311b1", "hash": "11dadd0d32641538b6855a62bc083aa2",
"content-hash": "21294a0f9fd03e194e64084844a1d380", "content-hash": "dd7dd05440de96bf23863dec984217af",
"packages": [ "packages": [
{ {
"name": "aws/aws-sdk-php", "name": "aws/aws-sdk-php",
@ -792,31 +792,35 @@
}, },
{ {
"name": "fideloper/proxy", "name": "fideloper/proxy",
"version": "2.1.1", "version": "3.1.0",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/fideloper/TrustedProxy.git", "url": "https://github.com/fideloper/TrustedProxy.git",
"reference": "a0ec0f35c82dceecc0d8975f29e6e8e85acbd419" "reference": "ec4dd30141e2515e307aea3539ff242e85c3f120"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/fideloper/TrustedProxy/zipball/a0ec0f35c82dceecc0d8975f29e6e8e85acbd419", "url": "https://api.github.com/repos/fideloper/TrustedProxy/zipball/ec4dd30141e2515e307aea3539ff242e85c3f120",
"reference": "a0ec0f35c82dceecc0d8975f29e6e8e85acbd419", "reference": "ec4dd30141e2515e307aea3539ff242e85c3f120",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
"illuminate/support": "~4.0|~5.0", "illuminate/contracts": "~5.0",
"php": ">=5.3.0" "php": ">=5.4.0"
},
"require-dev": {
"illuminate/http": "~5.0",
"mockery/mockery": "~0.9.3"
}, },
"type": "library", "type": "library",
"extra": { "extra": {
"branch-alias": { "branch-alias": {
"dev-master": "2.0-dev" "dev-master": "3.1-dev"
} }
}, },
"autoload": { "autoload": {
"psr-0": { "psr-4": {
"Fideloper\\Proxy": "src/" "Fideloper\\Proxy\\": "src/"
} }
}, },
"notification-url": "https://packagist.org/downloads/", "notification-url": "https://packagist.org/downloads/",
@ -835,7 +839,7 @@
"proxy", "proxy",
"trusted proxy" "trusted proxy"
], ],
"time": "2014-11-20 02:20:43" "time": "2015-12-24 15:02:55"
}, },
{ {
"name": "guzzlehttp/guzzle", "name": "guzzlehttp/guzzle",

View file

@ -196,6 +196,7 @@ return [
Intervention\Image\ImageServiceProvider::class, Intervention\Image\ImageServiceProvider::class,
Collective\Html\HtmlServiceProvider::class, Collective\Html\HtmlServiceProvider::class,
Spatie\Backup\BackupServiceProvider::class, Spatie\Backup\BackupServiceProvider::class,
Fideloper\Proxy\TrustedProxyServiceProvider::class,
/* /*
* Custom service provider * Custom service provider

23
config/trustedproxy.php Normal file
View file

@ -0,0 +1,23 @@
<?php
return [
/*
* Set trusted proxy IP addresses.
*
* Both IPv4 and IPv6 addresses are
* supported, along with CIDR notation.
*
* The "*" character is syntactic sugar
* within TrustedProxy to trust any proxy;
* a requirement when you cannot know the address
* of your proxy (e.g. if using Rackspace balancers).
*/
'proxies' => env('APP_TRUSTED_PROXIES') !== null ? explode(env('APP_TRUSTED_PROXIES'), ',') : '*',
/*
* Or, to trust all proxies, uncomment this:
*/
# 'proxies' => '*',
];