Changeset - 883a0c6c425f
Parent rev.
Child rev.
[Not reviewed]
default
0 1 0
Mads Kiilerich (mads) - 5 years ago 2021-05-09 22:17:21
mads@kiilerich.com
Grafted from: a4c973f1e3b4
docs: document how proxy servers must be configured
1 file changed with 29 insertions and 0 deletions:
docs/setup.rst
29
0 comments (0 inline, 0 general)
docs/setup.rst
Show inline comments
 
@@ -403,12 +403,41 @@ for more info.
 

			




	
	
	
		
 
.. note::

			




	
	
	
		
 
   Make sure you run this command from the same virtualenv, and with the same

			




	
	
	
		
 
   user that Kallithea runs.

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
Proxy setups

			




	
	
	
		
 
------------

			




	
	
	
		
 

			




	
	
	
		
 
When Kallithea is processing HTTP requests from a user, it will see and use

			




	
	
	
		
 
some of the basic properties of the connection, both at the TCP/IP level and at

			




	
	
	
		
 
the HTTP level. The WSGI server will provide this information to Kallithea in

			




	
	
	
		
 
the "environment".

			




	
	
	
		
 

			




	
	
	
		
 
In some setups, a proxy server will take requests from users and forward

			




	
	
	
		
 
them to the actual Kallithea server. The proxy server will thus be the

			




	
	
	
		
 
immediate client of the Kallithea WSGI server, and Kallithea will basically see

			




	
	
	
		
 
it as such. To make sure Kallithea sees the request as it arrived from the

			




	
	
	
		
 
client to the proxy server, the proxy server must be configured to

			




	
	
	
		
 
somehow pass the original information on to Kallithea, and Kallithea must be

			




	
	
	
		
 
configured to pick that information up and trust it.

			




	
	
	
		
 

			




	
	
	
		
 
Kallithea will by default rely on its WSGI server to provide the IP of the

			




	
	
	
		
 
client in the WSGI environment as ``REMOTE_ADDR``, but it can also

			




	
	
	
		
 
get it from the ``X-Real-IP`` or ``X-Forwarded-For`` HTTP headers.

			




	
	
	
		
 

			




	
	
	
		
 
Kallithea will by default rely on finding the protocol (``http`` or ``https``)

			




	
	
	
		
 
in the WSGI environment as ``wsgi.url_scheme``. If the proxy server puts

			




	
	
	
		
 
the protocol of the client request in the ``X-Url-Scheme``,

			




	
	
	
		
 
``X-Forwarded-Scheme``, or ``X-Forwarded-Proto`` HTTP header,

			




	
	
	
		
 
Kallithea can be configured to trust these headers by setting::

			




	
	
	
		
 

			




	
	
	
		
 
    https_fixup = true

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
HTTPS support

			




	
	
	
		
 
-------------

			




	
	
	
		
 

			




	
	
	
		
 
Kallithea will by default generate URLs based on the WSGI environment.

			




	
	
	
		
 

			




	
	
	
		
 
Alternatively, you can use some special configuration settings to control

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        Server instance: clio-24903
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.
            – Support