Glebaster/forum
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: configuring a load balancer or a reverse proxy

Browse Source
This commit is contained in:
Maxime Hélias 2023-01-19 17:57:39 +01:00 committed by Maxime Helias
parent e4a090dd09
commit f464553da4
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
docs/production.md
View File

@ -89,3 +89,16 @@ docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d
If you want to deploy your app on a cluster of machines, you can use [Docker Swarm](https://docs.docker.com/engine/swarm/stack-deploy/),
which is compatible with the provided Compose files.
## Configuring a Load Balancer or a Reverse Proxy
Since Caddy 2.5, XFF values of incoming requests will be ignored to prevent spoofing.
So if Caddy is not the first server being connected to by your clients (for example when a CDN is in front of Caddy), you may configure `trusted_proxies` with a list of IP ranges (CIDRs) from which incoming requests are trusted to have sent good values for these headers.
As a shortcut, `private_ranges` may be configured to trust all private IP ranges.
```diff
-php_fastcgi unix//var/run/php/php-fpm.sock
+php_fastcgi unix//var/run/php/php-fpm.sock {
+ trusted_proxies private_ranges
+}
```