Kyle M Hall
a6838a3e35
Koha has a number of features that rely on knowing the IP address of the connecting client. If that server is behind a proxy these features do not work. This patch adds a module to automatically convert the X-Forwarded-For header into the REMOTE_ADDR environment variable for both CGI and Plack processes. TEST PLAN: 1) Apply this patch set 2) Install Plack::Middleware::RealIP via cpanm or your favorite utility 3) Update your plack.psgi with the changes you find in this patch set ( this process differs based on your testing environment ) 4) Restart plack 5) Tail the plack error log for your instance 6) Use curl to access the OPAC, adding an X-Forwarded-For header: curl --header "X-Forwarded-For: 32.32.32.32" http://127.0.0.1:8080 7) Note the logs output this address if you are unproxied 8) If you are proxied, restart plack using a command like below, where the ip you see in the logs ("REAL IP) is what you put in the koha conf: <koha_trusted_proxies>172.22.0.1 1.1.1.1</koha_trusted_proxies> 9) Restart all the things! 10) Repeat step 6 11) You should now see "REAL IP: 32.32.32.32" in the plack logs as the remote address in your plack-error.log logs! 12) Disable plack so you are running in cgi mode, repeat step 6 again 13) You should see "REAL IP: 32.32.32.32" as the remove address in your opac-error.log logs! Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Ed Veal <eveal@mckinneytexas.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
222 lines
10 KiB
XML
222 lines
10 KiB
XML
|
|
<yazgfs>
|
|
<!-- [scheme:]host[:port][/databaseName] -->
|
|
<!-- scheme: tcp, ssl, unix, http, sru -->
|
|
<!-- can run all servers on tcp, but the unix socket is faster -->
|
|
|
|
<listen id="biblioserver" >unix:__ZEBRA_RUN_DIR__/bibliosocket</listen>
|
|
<listen id="authorityserver" >unix:__ZEBRA_RUN_DIR__/authoritysocket</listen>
|
|
|
|
<!-- Uncomment the following entry if you want to run the public Z39.50 server.
|
|
Also uncomment the <server> and <serverinfo> sections for id 'publicserver'
|
|
under PUBLICSERVER'S BIBLIOGRAPHIC RECORDS title-->
|
|
<!--
|
|
<listen id="publicserver" >tcp:@:__ZEBRA_SRU_BIBLIOS_PORT__</listen>
|
|
-->
|
|
|
|
<!-- Settings for special biblio server instance for PazPar2.
|
|
Because PazPar2 only connects to a Z39.50 server using TCP/IP,
|
|
it cannot use the Unix-domain socket that biblioserver uses.
|
|
Therefore, a custom server is defined. -->
|
|
__PAZPAR2_TOGGLE_XML_PRE__
|
|
<listen id="mergeserver">tcp:@:__MERGE_SERVER_PORT__</listen>
|
|
<server id="mergeserver" listenref="mergeserver">
|
|
<directory>__ZEBRA_DATA_DIR__/biblios</directory>
|
|
<config>__ZEBRA_CONF_DIR__/__ZEBRA_BIB_CFG__</config>
|
|
<cql2rpn>__ZEBRA_CONF_DIR__/pqf.properties</cql2rpn>
|
|
</server>
|
|
__PAZPAR2_TOGGLE_XML_POST__
|
|
|
|
<!-- BIBLIOGRAPHIC RECORDS -->
|
|
<server id="biblioserver" listenref="biblioserver">
|
|
<directory>__ZEBRA_DATA_DIR__/biblios</directory>
|
|
<config>__ZEBRA_CONF_DIR__/__ZEBRA_BIB_CFG__</config>
|
|
<cql2rpn>__ZEBRA_CONF_DIR__/pqf.properties</cql2rpn>
|
|
<xi:include href="__KOHA_CONF_DIR__/zebradb/__BIB_RETRIEVAL_CFG__" xmlns:xi="http://www.w3.org/2001/XInclude"/>
|
|
<xi:include href="__KOHA_CONF_DIR__/zebradb/explain-biblios.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
|
|
</server>
|
|
<serverinfo id="biblioserver">
|
|
<ccl2rpn>__ZEBRA_CONF_DIR__/ccl.properties</ccl2rpn>
|
|
<user>__ZEBRA_USER__</user>
|
|
<password>__ZEBRA_PASS__</password>
|
|
</serverinfo>
|
|
|
|
<!-- AUTHORITY RECORDS -->
|
|
<server id="authorityserver" listenref="authorityserver" >
|
|
<directory>__ZEBRA_DATA_DIR__/authorities</directory>
|
|
<config>__ZEBRA_CONF_DIR__/__ZEBRA_AUTH_CFG__</config>
|
|
<cql2rpn>__ZEBRA_CONF_DIR__/pqf.properties</cql2rpn>
|
|
<xi:include href="__KOHA_CONF_DIR__/zebradb/__AUTH_RETRIEVAL_CFG__" xmlns:xi="http://www.w3.org/2001/XInclude"/>
|
|
<xi:include href="__KOHA_CONF_DIR__/zebradb/explain-authorities.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
|
|
</server>
|
|
<serverinfo id="authorityserver">
|
|
<ccl2rpn>__ZEBRA_CONF_DIR__/ccl.properties</ccl2rpn>
|
|
<user>__ZEBRA_USER__</user>
|
|
<password>__ZEBRA_PASS__</password>
|
|
</serverinfo>
|
|
|
|
<!-- PUBLICSERVER'S BIBLIOGRAPHIC RECORDS -->
|
|
<!--
|
|
<server id="publicserver" listenref="publicserver">
|
|
<directory>__ZEBRA_DATA_DIR__/biblios</directory>
|
|
<config>__ZEBRA_CONF_DIR__/__ZEBRA_BIB_CFG__</config>
|
|
<cql2rpn>__ZEBRA_CONF_DIR__/pqf.properties</cql2rpn>
|
|
<xi:include href="__KOHA_CONF_DIR__/zebradb/__BIB_RETRIEVAL_CFG__" xmlns:xi="http://www.w3.org/2001/XInclude"/>
|
|
<xi:include href="__KOHA_CONF_DIR__/zebradb/explain-biblios.xml" xmlns:xi="http://www.w3.org/2001/XInclude"/>
|
|
</server>
|
|
<serverinfo id="publicserver">
|
|
<ccl2rpn>__ZEBRA_CONF_DIR__/ccl.properties</ccl2rpn>
|
|
<user>__ZEBRA_USER__</user>
|
|
<password>__ZEBRA_PASS__</password>
|
|
</serverinfo>
|
|
-->
|
|
|
|
<!-- ADDITIONAL KOHA CONFIGURATION DIRECTIVE -->
|
|
<!-- db_scheme should follow the DBD driver name -->
|
|
<!-- the DBD drivers supported by Koha are mysql and Pg -->
|
|
<!-- port info: mysql:3306 Pg:5432 (5433 on Debian) -->
|
|
<config>
|
|
<db_scheme>__DB_TYPE__</db_scheme>
|
|
<database>__DB_NAME__</database>
|
|
<hostname>__DB_HOST__</hostname>
|
|
<port>__DB_PORT__</port>
|
|
<user>__DB_USER__</user>
|
|
<pass>__DB_PASS__</pass>
|
|
<tls>__DB_USE_TLS__</tls>
|
|
<ca>__DB_TLS_CA_CERTIFICATE__</ca>
|
|
<cert>__DB_TLS_CLIENT_CERTIFICATE__</cert>
|
|
<key>__DB_TLS_CLIENT_KEY__</key>
|
|
<biblioserver>biblios</biblioserver>
|
|
<biblioservershadow>1</biblioservershadow>
|
|
<authorityserver>authorities</authorityserver>
|
|
<authorityservershadow>1</authorityservershadow>
|
|
<pluginsdir>__PLUGINS_DIR__</pluginsdir> <!-- This entry can be repeated to use multiple directories -->
|
|
<enable_plugins>0</enable_plugins>
|
|
<upload_path></upload_path>
|
|
<tmp_path></tmp_path>
|
|
<intranetdir>__INTRANET_CGI_DIR__</intranetdir>
|
|
<opacdir>__OPAC_CGI_DIR__/opac</opacdir>
|
|
<opachtdocs>__OPAC_TMPL_DIR__</opachtdocs>
|
|
<intrahtdocs>__INTRANET_TMPL_DIR__</intrahtdocs>
|
|
<includes>__INTRANET_TMPL_DIR__/prog/en/includes/</includes>
|
|
<logdir>__LOG_DIR__</logdir>
|
|
<docdir>__DOC_DIR__</docdir>
|
|
<backupdir>__BACKUP_DIR__</backupdir>
|
|
<!-- Enable the two following to allow superlibrarians to download
|
|
database and configuration dumps (respectively) from the Export
|
|
tool -->
|
|
<backup_db_via_tools>0</backup_db_via_tools>
|
|
<backup_conf_via_tools>0</backup_conf_via_tools>
|
|
<!-- Uncomment the following line if you are not using packages and need to schedule reports through the web interface. supportdir should contain cronjobs/runreport.pl -->
|
|
<!--
|
|
<supportdir>__SCRIPT_NONDEV_DIR__</supportdir>
|
|
-->
|
|
<pazpar2url>http://__PAZPAR2_HOST__:__PAZPAR2_PORT__/search.pz2</pazpar2url>
|
|
<install_log>__MISC_DIR__/koha-install-log</install_log>
|
|
<useldapserver>0</useldapserver><!-- see C4::Auth_with_ldap for extra configs you must add if you want to turn this on -->
|
|
<useshibboleth>0</useshibboleth><!-- see C4::Auth_with_shibboleth for extra configs you must do to turn this on -->
|
|
<zebra_lockdir>__ZEBRA_LOCK_DIR__</zebra_lockdir>
|
|
<use_zebra_facets>1</use_zebra_facets>
|
|
<queryparser_config>__KOHA_CONF_DIR__/searchengine/queryparser.yaml</queryparser_config>
|
|
<log4perl_conf>__KOHA_CONF_DIR__/log4perl.conf</log4perl_conf>
|
|
<memcached_servers>__MEMCACHED_SERVERS__</memcached_servers>
|
|
<memcached_namespace>__MEMCACHED_NAMESPACE__</memcached_namespace>
|
|
<template_cache_dir>__TEMPLATE_CACHE_DIR__</template_cache_dir>
|
|
|
|
<!-- Secret passphrase used by Mojolicious for signed cookies -->
|
|
<api_secret_passphrase>CHANGEME</api_secret_passphrase>
|
|
|
|
<!-- Accessible directory from the staff client, uncomment the following line and define a valid path to let the intranet user access it-->
|
|
<!--
|
|
<access_dirs>
|
|
<access_dir></access_dir>
|
|
<access_dir></access_dir>
|
|
</access_dirs>
|
|
-->
|
|
|
|
<!-- true type font mapping accoding to type from $font_types in C4/Creators/Lib.pm -->
|
|
<ttf>
|
|
<font type="TR" >__FONT_DIR__/DejaVuSerif.ttf</font>
|
|
<font type="TB" >__FONT_DIR__/DejaVuSerif-Bold.ttf</font>
|
|
<font type="TI" >__FONT_DIR__/DejaVuSerif-Italic.ttf</font>
|
|
<font type="TBI">__FONT_DIR__/DejaVuSerif-BoldItalic.ttf</font>
|
|
<font type="C" >__FONT_DIR__/DejaVuSansMono.ttf</font>
|
|
<font type="CB" >__FONT_DIR__/DejaVuSansMono-Bold.ttf</font>
|
|
<font type="CO" >__FONT_DIR__/DejaVuSansMono-Oblique.ttf</font>
|
|
<font type="CBO">__FONT_DIR__/DejaVuSansMono-BoldOblique.ttf</font>
|
|
<font type="H" >__FONT_DIR__/DejaVuSans.ttf</font>
|
|
<font type="HO" >__FONT_DIR__/DejaVuSans-Oblique.ttf</font>
|
|
<font type="HB" >__FONT_DIR__/DejaVuSans-Bold.ttf</font>
|
|
<font type="HBO">__FONT_DIR__/DejaVuSans-BoldOblique.ttf</font>
|
|
</ttf>
|
|
|
|
<!-- Path to the config file for SMS::Send -->
|
|
<sms_send_config>__KOHA_CONF_DIR__/sms_send/</sms_send_config>
|
|
|
|
<!-- URL of the mana KB server -->
|
|
<!-- alternative value https://mana-test.koha-community.org to query the test server -->
|
|
<mana_config>https://mana-kb.koha-community.org</mana_config>
|
|
|
|
<!-- Configuration for Plack -->
|
|
<plack_max_requests>50</plack_max_requests>
|
|
<plack_workers>2</plack_workers>
|
|
|
|
<!-- Configuration for X-Forwarded-For -->
|
|
<!--
|
|
<koha_trusted_proxies>1.2.3.4 2.3.4.5 3.4.5.6</koha_trusted_proxies>
|
|
-->
|
|
|
|
<!-- Elasticsearch Configuration -->
|
|
<elasticsearch>
|
|
<server>__ELASTICSEARCH_SERVERS__</server>
|
|
<index_name>__ELASTICSEARCH_INDEX_____DB_NAME__</index_name>
|
|
|
|
<!-- See https://metacpan.org/pod/Search::Elasticsearch#cxn_pool -->
|
|
<cxn_pool>Static</cxn_pool>
|
|
</elasticsearch>
|
|
<!-- Uncomment the following line if you want to override the Elasticsearch default index settings -->
|
|
<!-- <elasticsearch_index_config>__KOHA_CONF_DIR__/searchengine/elasticsearch/index_config.yaml</elasticsearch_index_config> -->
|
|
<!-- Uncomment the following line if you want to override the Elasticsearch default field settings -->
|
|
<!-- <elasticsearch_field_config>__KOHA_CONF_DIR__/searchengine/elasticsearch/field_config.yaml</elasticsearch_field_config> -->
|
|
<!-- Uncomment the following line if you want to override the Elasticsearch index default settings.
|
|
Note that any changes made to the mappings file only take effect if you reset the mappings in
|
|
by visiting /cgi-bin/koha/admin/searchengine/elasticsearch/mappings.pl?op=reset&i_know_what_i_am_doing=1&reset_fields=1.
|
|
Resetting mappings will override any changes made in the Search engine configuration UI.
|
|
-->
|
|
<!-- <elasticsearch_index_mappings>__KOHA_CONF_DIR__/searchengine/elasticsearch/mappings.yaml</elasticsearch_index_mappings> -->
|
|
|
|
<interlibrary_loans>
|
|
<!-- Path to where Illbackends are located on the system
|
|
- This setting should normally not be touched -->
|
|
<backend_directory>__PERL_MODULE_DIR__/Koha/Illbackends</backend_directory>
|
|
<!-- At least one <branch> block is required. -->
|
|
<branch>
|
|
<!-- The code of this branch -->
|
|
<code>CPL</code>
|
|
<!-- An optional prefix for all ILL request IDs for this branch -->
|
|
<prefix>ILL</prefix>
|
|
</branch>
|
|
<!-- How should we treat staff comments?
|
|
- hide: don't show in OPAC
|
|
- show: show in OPAC -->
|
|
<staff_request_comments>hide</staff_request_comments>
|
|
<!-- How should we treat the reply_date field?
|
|
- hide: don't show this field in the UI
|
|
- any other string: show, with this label -->
|
|
<reply_date>hide</reply_date>
|
|
<!-- Where should digital ILLs be sent?
|
|
- borrower: send it straight to the borrower email
|
|
- branch: send the ILL to the branch email -->
|
|
<digital_recipient>branch</digital_recipient>
|
|
<!-- What patron category should we use for p2p ILL requests?
|
|
- By default this is set to 'ILLLIBS' -->
|
|
<partner_code>ILLLIBS</partner_code>
|
|
</interlibrary_loans>
|
|
|
|
<!-- The timezone setting can let you force the timezone for this
|
|
instance to be something other then the local timezone of the
|
|
server. e.g. Antarctica/South_Pole -->
|
|
<timezone></timezone>
|
|
|
|
</config>
|
|
</yazgfs>
|