ske087/digiserver-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: fix file permissions and ownership across project

Browse Source 
- Changed ownership of all files to scheianu:scheianu
- Set directories to 755 permissions (rwxr-xr-x)
- Set files to 644 permissions (rw-r--r--)
- Made shell scripts executable (755)
- Allows development without requiring sudo for file modifications
- Improves development workflow and security
This commit is contained in:
Quality App Developer
2026-01-15 22:39:51 +02:00
parent 024430754c
commit a4262da7c9
94 changed files with 0 additions and 120 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
old_code_documentation/PROXY_FIX_SETUP.md Normal file
View File

@@ -0,0 +1,56 @@
# ProxyFix Middleware Setup - DigiServer v2
## Overview
ProxyFix middleware is now properly configured in the Flask app to handle reverse proxy headers from Nginx (or Caddy). This ensures correct handling of:
- **X-Real-IP**: Client's real IP address
- **X-Forwarded-For**: List of IPs in the proxy chain
- **X-Forwarded-Proto**: Original protocol (http/https)
- **X-Forwarded-Host**: Original hostname
## Configuration Details
### Flask App (app/app.py)
```python
from werkzeug.middleware.proxy_fix import ProxyFix
app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1, x_port=1)
```
**Parameters:**
- `x_for=1`: Trust one proxy for X-Forwarded-For header
- `x_proto=1`: Trust proxy for X-Forwarded-Proto header
- `x_host=1`: Trust proxy for X-Forwarded-Host header
- `x_port=1`: Trust proxy for X-Forwarded-Port header
### Config Settings (app/config.py)
```python
# Reverse proxy trust (for Nginx/Caddy with ProxyFix middleware)
TRUSTED_PROXIES = os.getenv('TRUSTED_PROXIES', '127.0.0.1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16')
PREFERRED_URL_SCHEME = os.getenv('PREFERRED_URL_SCHEME', 'https')
```
## Testing ProxyFix
### 1. Test Real Client IP
```bash
docker exec digiserver-app flask shell
>>> from flask import request
>>> request.remote_addr # Should show client IP
```
### 2. Test URL Scheme
```bash
docker exec digiserver-app flask shell
>>> from flask import url_for
>>> url_for('auth.login', _external=True) # Should use https://
```
## Verification Checklist
- [x] ProxyFix imported in app.py
- [x] app.wsgi_app wrapped with ProxyFix
- [x] TRUSTED_PROXIES configured
- [x] PREFERRED_URL_SCHEME set to 'https'
- [x] SESSION_COOKIE_SECURE=True in ProductionConfig
- [x] Nginx headers configured correctly