Add nginx to known proxies (#3002)

* Add nginx to known proxies * Only add nginx proxy if standard self host deployment * Style changes
2025-07-01 16:12:49 -05:00 · 2023-06-08 08:41:36 -05:00
parent 746dec6496
commit e27ab5d6c3
4 changed files with 19 additions and 3 deletions
--- a/src/SharedWeb/Utilities/ServiceCollectionExtensions.cs
+++ b/src/SharedWeb/Utilities/ServiceCollectionExtensions.cs
@ -1,4 +1,5 @@
-using System.Reflection;
+using System.Net;
+using System.Reflection;
 using System.Security.Claims;
 using System.Security.Cryptography.X509Certificates;
 using AspNetCoreRateLimit;
@ -529,18 +530,29 @@ public static class ServiceCollectionExtensions
        });
    }

-    public static void UseForwardedHeaders(this IApplicationBuilder app, GlobalSettings globalSettings)
+    public static void UseForwardedHeaders(this IApplicationBuilder app, IGlobalSettings globalSettings)
    {
        var options = new ForwardedHeadersOptions
        {
            ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
        };
+
+        if (!globalSettings.UnifiedDeployment)
+        {
+            // Trust the X-Forwarded-Host header of the nginx docker container
+            var nginxIp = Dns.GetHostEntry("nginx").AddressList.FirstOrDefault();
+            if (nginxIp != null)
+            {
+                options.KnownProxies.Add(nginxIp);
+            }
+        }
+
        if (!string.IsNullOrWhiteSpace(globalSettings.KnownProxies))
        {
            var proxies = globalSettings.KnownProxies.Split(',');
            foreach (var proxy in proxies)
            {
-                if (System.Net.IPAddress.TryParse(proxy.Trim(), out var ip))
+                if (IPAddress.TryParse(proxy.Trim(), out var ip))
                {
                    options.KnownProxies.Add(ip);
                }