From 56050a65fd97c2b2530cc40d9a69e43f011945cf Mon Sep 17 00:00:00 2001 From: xenofem Date: Sun, 29 May 2022 10:54:17 -0400 Subject: [PATCH 1/2] make TRANSBEAM_REVERSE_PROXY default to true, safe because it will bind to localhost --- src/main.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main.rs b/src/main.rs index 61533a0..97b4876 100644 --- a/src/main.rs +++ b/src/main.rs @@ -288,7 +288,7 @@ async fn main() -> std::io::Result<()> { let storage_dir: PathBuf = env_or_else("TRANSBEAM_STORAGE_DIR", || PathBuf::from("storage")); let port: u16 = env_or("TRANSBEAM_PORT", 8080); let mnemonic_codes: bool = env_or("TRANSBEAM_MNEMONIC_CODES", true); - let reverse_proxy: bool = env_or("TRANSBEAM_REVERSE_PROXY", false); + let reverse_proxy: bool = env_or("TRANSBEAM_REVERSE_PROXY", true); let max_lifetime: u16 = env_or("TRANSBEAM_MAX_LIFETIME", 30); let max_upload_size: u64 = env_or::("TRANSBEAM_MAX_UPLOAD_SIZE", ByteSize(16 * bytesize::GB)).as_u64(); From 7f2f7460acd4fcc7e36e5e117a3642e79a6076bf Mon Sep 17 00:00:00 2001 From: xenofem Date: Sun, 29 May 2022 10:54:33 -0400 Subject: [PATCH 2/2] document TRANSBEAM_REVERSE_PROXY --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index b036c7c..6a0bd73 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,12 @@ transbeam is configured with the following environment variables: (default: `./static`) - `TRANSBEAM_PORT`: port to listen on localhost for http requests (default: 8080) +- `TRANSBEAM_REVERSE_PROXY`: whether transbeam is running behind a + reverse proxy (recommended), or directly exposed to the internet. If + true, transbeam will only bind to localhost, and will use the + `Forwarded` or `X-Forwarded-For` headers to determine client IP + addresses for logs. If false, transbeam will bind on all interfaces, + and will always log the peer IP address. (default: true) - `TRANSBEAM_MAX_LIFETIME`: maximum number of days files can be kept for (default: 30) - `TRANSBEAM_MAX_UPLOAD_SIZE`: maximum size of a fileset being