starred/pocket-id-pocket-id-2
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2025-12-06 05:02:58 +03:00
Code Issues 116 Packages Projects Releases 10 Wiki Activity

[PR #189] [MERGED] fix(caddy): trusted_proxies for IPv6 enabled hosts #928

New Issue
Open
opened 2025-10-09 16:59:54 +03:00 by OVERLORD · 0 comments
OVERLORD commented 2025-10-09 16:59:54 +03:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/pocket-id/pocket-id/pull/189
Author: @apearson
Created: 1/30/2025
Status: Merged
Merged: 2/1/2025
Merged by: @stonith404

Base: mainHead: patch-1

📝 Commits (1)

  • 715a16c Update Caddyfile.trust-proxy to include IPv6

📊 Changes

1 file changed (+3 additions, -0 deletions)

View changed files

📝 reverse-proxy/Caddyfile.trust-proxy (+3 -0)

📄 Description

Problem

Current the Caddyfile.trust-proxy config only includes 0.0.0.0/0 which only includes IPv4 proxies.

Proposed Solution

Adding ::/0 (the equivalent of 0.0.0.0/0 for IPv6) allows for IPv6 proxies to be trusted.

Testing

  1. Ran docker image without modification on a IPv6 host with network_mode:host and a caddy server as a reverse proxy in front of the docker container [1].
  2. Attempt login and check audit logs for IP Address
  3. Modify running docker container with trusted_proxies ::/0 and reload caddy with changed Caddyfile
  4. Attempt login and check audit logs for IP Address (see screenshot)

[1] Caddy site block on IPv6 enabled host

auth.example.com {
	reverse_proxy localhost:8389
}
Screenshot 2025-01-29 at 10 15 21 PM

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/pocket-id/pocket-id/pull/189 **Author:** [@apearson](https://github.com/apearson) **Created:** 1/30/2025 **Status:** ✅ Merged **Merged:** 2/1/2025 **Merged by:** [@stonith404](https://github.com/stonith404) **Base:** `main` ← **Head:** `patch-1` --- ### 📝 Commits (1) - [`715a16c`](https://github.com/pocket-id/pocket-id/commit/715a16c83d495de255a63ef71501322720af7d4f) Update Caddyfile.trust-proxy to include IPv6 ### 📊 Changes **1 file changed** (+3 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `reverse-proxy/Caddyfile.trust-proxy` (+3 -0) </details> ### 📄 Description ## Problem Current the Caddyfile.trust-proxy config only includes 0.0.0.0/0 which only includes IPv4 proxies. ## Proposed Solution Adding ::/0 (the equivalent of 0.0.0.0/0 for IPv6) allows for IPv6 proxies to be trusted. ## Testing 1) Ran docker image without modification on a IPv6 host with network_mode:host and a caddy server as a reverse proxy in front of the docker container [1]. 2) Attempt login and check audit logs for IP Address 3) Modify running docker container with `trusted_proxies ::/0` and reload caddy with changed Caddyfile 4) Attempt login and check audit logs for IP Address (see screenshot) [1] Caddy site block on IPv6 enabled host ``` auth.example.com { reverse_proxy localhost:8389 } ``` <img width="1008" alt="Screenshot 2025-01-29 at 10 15 21 PM" src="https://github.com/user-attachments/assets/f01d5b23-170f-4ff3-8ecc-3510f39c469e" /> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
OVERLORD added the pull-request label 2025-10-09 16:59:55 +03:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
breaking
bug
documentation
feature
needs more upvotes
open to pull requests
pull-request
Mirrored from GitHub Pull Request
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/pocket-id-pocket-id-2#928
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?