From bdd5e0916ea95e92f825af10694850ed2f8cfb48 Mon Sep 17 00:00:00 2001 From: Matt Gibson Date: Wed, 14 Jun 2023 09:33:26 -0500 Subject: [PATCH] Platform/pm 2138/add nginx to known proxies (#3012) * Add nginx to known proxies * Only add nginx proxy if standard self host deployment * Style changes * Add forwarded headers config to events server * Add known proxy forwarding to missing services * Catch DNS errors in adding nginx proxy * Update src/SharedWeb/Utilities/ServiceCollectionExtensions.cs Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com> --------- Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com> --- bitwarden_license/src/Scim/Startup.cs | 6 ++++++ src/Events/Startup.cs | 6 ++++++ src/Icons/Startup.cs | 6 ++++++ src/Notifications/Startup.cs | 6 ++++++ .../Utilities/ServiceCollectionExtensions.cs | 13 ++++++++++--- 5 files changed, 34 insertions(+), 3 deletions(-) diff --git a/bitwarden_license/src/Scim/Startup.cs b/bitwarden_license/src/Scim/Startup.cs index 4aaccd9ed2..4ef46459c3 100644 --- a/bitwarden_license/src/Scim/Startup.cs +++ b/bitwarden_license/src/Scim/Startup.cs @@ -93,6 +93,12 @@ public class Startup // Add general security headers app.UseMiddleware(); + // Forwarding Headers + if (globalSettings.SelfHosted) + { + app.UseForwardedHeaders(globalSettings); + } + if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); diff --git a/src/Events/Startup.cs b/src/Events/Startup.cs index 50147fcda5..d41a27be0d 100644 --- a/src/Events/Startup.cs +++ b/src/Events/Startup.cs @@ -93,6 +93,12 @@ public class Startup // Add general security headers app.UseMiddleware(); + // Forwarding Headers + if (globalSettings.SelfHosted) + { + app.UseForwardedHeaders(globalSettings); + } + if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); diff --git a/src/Icons/Startup.cs b/src/Icons/Startup.cs index f64ea07edf..f63407fa7a 100644 --- a/src/Icons/Startup.cs +++ b/src/Icons/Startup.cs @@ -55,6 +55,12 @@ public class Startup // Add general security headers app.UseMiddleware(); + // Forwarding Headers + if (globalSettings.SelfHosted) + { + app.UseForwardedHeaders(globalSettings); + } + if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); diff --git a/src/Notifications/Startup.cs b/src/Notifications/Startup.cs index 2468e078b6..440808b78b 100644 --- a/src/Notifications/Startup.cs +++ b/src/Notifications/Startup.cs @@ -90,6 +90,12 @@ public class Startup // Add general security headers app.UseMiddleware(); + // Forwarding Headers + if (globalSettings.SelfHosted) + { + app.UseForwardedHeaders(globalSettings); + } + if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); diff --git a/src/SharedWeb/Utilities/ServiceCollectionExtensions.cs b/src/SharedWeb/Utilities/ServiceCollectionExtensions.cs index 679aaed1b7..c239be969a 100644 --- a/src/SharedWeb/Utilities/ServiceCollectionExtensions.cs +++ b/src/SharedWeb/Utilities/ServiceCollectionExtensions.cs @@ -540,10 +540,17 @@ public static class ServiceCollectionExtensions if (!globalSettings.UnifiedDeployment) { // Trust the X-Forwarded-Host header of the nginx docker container - var nginxIp = Dns.GetHostEntry("nginx").AddressList.FirstOrDefault(); - if (nginxIp != null) + try { - options.KnownProxies.Add(nginxIp); + var nginxIp = Dns.GetHostEntry("nginx")?.AddressList.FirstOrDefault(); + if (nginxIp != null) + { + options.KnownProxies.Add(nginxIp); + } + } + catch + { + // Ignore DNS errors } }