Mercurial > p > roundup > code
diff share/man/man1/roundup-server.1 @ 8169:627c5d6a0551
allow roundup-server to log real client IP behind reverse proxy
added -P flag to roundup-server to log client address from
X-Forwarded-For reverse proxy header rather than connecting
address. This logs the actual client address when roundup-server is
run behind a reverse proxy. It also appends a '+' sign to the logged
address/name.
This makes correlating reverse proxy logs to roundup logs much easier
by propagating the IP address.
Also added documentation for -D flag that was undocumented.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sun, 01 Dec 2024 17:38:15 -0500 |
| parents | 0f5d31be5418 |
| children |
line wrap: on
line diff
--- a/share/man/man1/roundup-server.1 Tue Nov 26 17:11:13 2024 -0500 +++ b/share/man/man1/roundup-server.1 Sun Dec 01 17:38:15 2024 -0500 @@ -20,6 +20,9 @@ file indicated by PIDfile. The -l (or -L) option \fBmust\fP be specified if -d is used. .TP +\fB-D\fP +Run the server in the foreground even if -d is used. +.TP \fB-t\fP \fBfork|thread|debug|none\fP Control multi-process mode. \fBdebug\fP and \fBnone\fP are always available. If an invalid mode is specified the server starts in @@ -33,6 +36,17 @@ Sets a filename to log to (instead of stdout). This is required if the -d option is used. .TP +\fB-P\fP +If a reverse proxy is used in front of the roundup-server, the server +will log the ip address of the proxy, not the client browser. Using -P +logs the left most entry in the X-Forwarded-For http header as the +IP address of the client. This address will be logged or resolved to a +hostname (with \fB-N\fP) and a '+' character will be appended. +\fB-P\fP should only be used when the +roundup server is accessible only from trusted proxy hosts. See: +https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For +for details and warnings about using the X-Forwarded-For header. +.TP \fB-L\fP Have the server log using the Python logger with key roundup.http. .TP