Kyle M Hall
a6838a3e35
Koha has a number of features that rely on knowing the IP address of the connecting client. If that server is behind a proxy these features do not work. This patch adds a module to automatically convert the X-Forwarded-For header into the REMOTE_ADDR environment variable for both CGI and Plack processes. TEST PLAN: 1) Apply this patch set 2) Install Plack::Middleware::RealIP via cpanm or your favorite utility 3) Update your plack.psgi with the changes you find in this patch set ( this process differs based on your testing environment ) 4) Restart plack 5) Tail the plack error log for your instance 6) Use curl to access the OPAC, adding an X-Forwarded-For header: curl --header "X-Forwarded-For: 32.32.32.32" http://127.0.0.1:8080 7) Note the logs output this address if you are unproxied 8) If you are proxied, restart plack using a command like below, where the ip you see in the logs ("REAL IP) is what you put in the koha conf: <koha_trusted_proxies>172.22.0.1 1.1.1.1</koha_trusted_proxies> 9) Restart all the things! 10) Repeat step 6 11) You should now see "REAL IP: 32.32.32.32" in the plack logs as the remote address in your plack-error.log logs! 12) Disable plack so you are running in cgi mode, repeat step 6 again 13) You should see "REAL IP: 32.32.32.32" as the remove address in your opac-error.log logs! Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Ed Veal <eveal@mckinneytexas.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
80 lines
2.1 KiB
Perl
80 lines
2.1 KiB
Perl
#!/usr/bin/perl
|
||
|
||
# This file is part of Koha.
|
||
#
|
||
# This program is free software: you can redistribute it and/or modify
|
||
# it under the terms of the GNU General Public License as published by
|
||
# the Free Software Foundation, either version 3 of the License, or
|
||
# (at your option) any later version.
|
||
#
|
||
# This program is distributed in the hope that it will be useful,
|
||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
# GNU General Public License for more details.
|
||
#
|
||
# You should have received a copy of the GNU General Public License
|
||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||
|
||
use Modern::Perl;
|
||
|
||
use Plack::Builder;
|
||
use Plack::App::CGIBin;
|
||
use Plack::App::Directory;
|
||
use Plack::App::URLMap;
|
||
use Plack::Request;
|
||
|
||
use Mojo::Server::PSGI;
|
||
|
||
# Pre-load libraries
|
||
use C4::Boolean;
|
||
use C4::Koha;
|
||
use C4::Languages;
|
||
use C4::Letters;
|
||
use C4::Members;
|
||
use C4::XSLT;
|
||
use Koha::Caches;
|
||
use Koha::Cache::Memory::Lite;
|
||
use Koha::Database;
|
||
use Koha::DateUtils;
|
||
|
||
use CGI qw(-utf8 ); # we will loose -utf8 under plack, otherwise
|
||
{
|
||
no warnings 'redefine';
|
||
my $old_new = \&CGI::new;
|
||
*CGI::new = sub {
|
||
my $q = $old_new->( @_ );
|
||
$CGI::PARAM_UTF8 = 1;
|
||
Koha::Caches->flush_L1_caches();
|
||
Koha::Cache::Memory::Lite->flush();
|
||
return $q;
|
||
};
|
||
}
|
||
|
||
my $home = $ENV{KOHA_HOME};
|
||
my $intranet = Plack::App::CGIBin->new(
|
||
root => $ENV{DEV_INSTALL}? $home: "$home/intranet/cgi-bin"
|
||
)->to_app;
|
||
|
||
my $opac = Plack::App::CGIBin->new(
|
||
root => $ENV{DEV_INSTALL}? "$home/opac": "$home/opac/cgi-bin/opac"
|
||
)->to_app;
|
||
|
||
my $apiv1 = builder {
|
||
my $server = Mojo::Server::PSGI->new;
|
||
$server->load_app("$home/api/v1/app.pl");
|
||
$server->to_psgi_app;
|
||
};
|
||
|
||
builder {
|
||
enable "ReverseProxy";
|
||
enable "Plack::Middleware::Static";
|
||
|
||
# + is required so Plack doesn't try to prefix Plack::Middleware::
|
||
enable "+Koha::Middleware::SetEnv";
|
||
enable "+Koha::Middleware::RealIP";
|
||
|
||
mount '/opac' => $opac;
|
||
mount '/intranet' => $intranet;
|
||
mount '/api/v1/app.pl' => $apiv1;
|
||
|
||
};
|