self-hosted/Mailu
1
0
Fork 0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-12 10:45:38 +02:00
Code Issues Releases Activity

nginx with PROXY protocol; much stronger wording

Browse Source
This commit is contained in:
Didier 'OdyX' Raboud 2023-03-27 22:27:08 +02:00
parent 991dd647cb
commit 3877635502
No known key found for this signature in database
GPG Key ID: EA830BC6A684CD7C
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/configuration.rst
View File

@ -254,12 +254,18 @@ The ``TZ`` sets the timezone Mailu will use. The timezone naming convention usua
.. _`TZ database name`: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
The ``PROXY_PROTOCOL`` (default: unset) allows the the front container to receive TCP and HTTP connections with
the PROXY protocol. It can be set to:
the `PROXY protocol`_ (originally introduced in HAProxy, now also configurable in other proxy servers).
It can be set to:
* ``http`` to accept the ``PROXY`` protocol on nginx's HTTP proxy ports
* ``mail`` to accept the ``PROXY`` protocol on nginx's mail proxy ports
* ``all`` to accept the ``PROXY`` protocol on all nginx's HTTP and mail proxy ports
This requires to have a valid ``REAL_IP_FROM``.
.. _`PROXY protocol`: https://github.com/haproxy/haproxy/blob/master/doc/proxy-protocol.txt
This requires to have a valid ``REAL_IP_FROM`` (default: unset). Setting ``PROXY_PROTOCOL`` without setting
``REAL_IP_FROM`` *will not work*. Make sure to set a ``REAL_IP_FROM`` only pointing to IP addresses or networks
that you trust; accepting the ``PROXY`` protocol from untrusted sources is a serious security vulnerability,
allowing a potential attacker to spoof his source address.
Antivirus settings
------------------