Closed calvin-li-developer closed 6 months ago
I am a bot, here are the test results for this PR: https://ci-tests.linuxserver.io/lspipepr/bookstack/v23.12-pkg-c7735067-dev-1796f2dc54569fe5f447e14859295a33135b7056-pr-202/index.html https://ci-tests.linuxserver.io/lspipepr/bookstack/v23.12-pkg-c7735067-dev-1796f2dc54569fe5f447e14859295a33135b7056-pr-202/shellcheck-result.xml | Tag | Passed |
---|---|---|
amd64-v23.12-pkg-c7735067-dev-1796f2dc54569fe5f447e14859295a33135b7056-pr-202 | ✅ | |
arm64v8-v23.12-pkg-c7735067-dev-1796f2dc54569fe5f447e14859295a33135b7056-pr-202 | ✅ |
We don't set this OOTB for a reason: Firstly it makes a dangerous assumption that the whole of 172.16.0.0/12 is under the control over whoever is setting up the container, and secondly it doesn't account for any other parts of RFC1918 address space that Docker networks can make use of; local networks are allocated from 172.17.0.0/12, and then 192.168.0.0/16 once the initial range is exhausted, while overlay networks are allocated from 10.0.0.0/8.
It also assumes the desired use of X-Forwarded-For, and while that will broadly be correct there are situations where it is not.
If users need to trust upstream address ranges they should configure it themselves to ensure that their network remains secure.
Description:
Update default.conf.sample for reverse proxy & cloudflare purpose
Benefits of this PR and context:
Update default.conf.sample for reverse proxy & cloudflare purpose
How Has This Been Tested?
locally. This will enable proper ip when going to "Audit Log" for bookstack
Source / References: