From 7c126ed712a1bc56bcde376a54118afb1618ad0e Mon Sep 17 00:00:00 2001 From: Oliver Walters Date: Tue, 19 Apr 2022 21:19:25 +1000 Subject: [PATCH 1/2] Added x_forwarded_for middleware Used to extract remote client IP (when behind balancer / proxy / etc) --- InvenTree/InvenTree/settings.py | 1 + requirements.txt | 91 +++++++++++++++++---------------- 2 files changed, 47 insertions(+), 45 deletions(-) diff --git a/InvenTree/InvenTree/settings.py b/InvenTree/InvenTree/settings.py index c6810d51b6..cd7290ccee 100644 --- a/InvenTree/InvenTree/settings.py +++ b/InvenTree/InvenTree/settings.py @@ -282,6 +282,7 @@ INSTALLED_APPS = [ MIDDLEWARE = CONFIG.get('middleware', [ 'django.middleware.security.SecurityMiddleware', + 'x_forwarded_for.middleware.XForwardedForMiddleware', 'user_sessions.middleware.SessionMiddleware', # db user sessions 'django.middleware.locale.LocaleMiddleware', 'django.middleware.common.CommonMiddleware', diff --git a/requirements.txt b/requirements.txt index 0b0f95d864..640eb497dd 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,46 +1,47 @@ # Please keep this list sorted -Django==3.2.12 # Django package -bleach==4.1.0 # HTML santization -certifi # Certifi is (most likely) installed through one of the requirements above -coreapi==2.3.0 # API documentation -coverage==5.3 # Unit test coverage -coveralls==2.1.2 # Coveralls linking (for Travis) -cryptography==3.4.8 # Cryptography support -django-admin-shell==0.1.2 # Python shell for the admin interface -django-allauth==0.45.0 # SSO for external providers via OpenID -django-allauth-2fa==0.8 # MFA / 2FA -django-cleanup==5.1.0 # Manage deletion of old / unused uploaded files -django-cors-headers==3.2.0 # CORS headers extension for DRF -django-crispy-forms==1.11.2 # Form helpers -django-debug-toolbar==2.2 # Debug / profiling toolbar -django-error-report==0.2.0 # Error report viewer for the admin interface -django-filter==2.4.0 # Extended filtering options -django-formtools==2.3 # Form wizard tools -django-import-export==2.5.0 # Data import / export for admin interface -django-maintenance-mode==0.16.1 # Shut down application while reloading etc. -django-markdownify==0.8.0 # Markdown rendering -django-markdownx==3.0.1 # Markdown form fields -django-money==1.1 # Django app for currency management -django-mptt==0.11.0 # Modified Preorder Tree Traversal -django-redis>=5.0.0 -django-q==1.3.4 # Background task scheduling -django-sql-utils==0.5.0 # Advanced query annotation / aggregation -django-stdimage==5.1.1 # Advanced ImageField management -django-test-migrations==1.1.0 # Unit testing for database migrations -django-user-sessions==1.7.1 # user sessions in DB -django-weasyprint==1.0.1 # django weasyprint integration -djangorestframework==3.12.4 # DRF framework -flake8==3.8.3 # PEP checking -gunicorn>=20.1.0 # Gunicorn web server -importlib_metadata # Backport for importlib.metadata -inventree # Install the latest version of the InvenTree API python library -markdown==3.3.4 # Force particular version of markdown -pep8-naming==0.11.1 # PEP naming convention extension -pillow==9.0.1 # Image manipulation -py-moneyed==0.8.0 # Specific version requirement for py-moneyed -pygments==2.7.4 # Syntax highlighting -python-barcode[images]==0.13.1 # Barcode generator -qrcode[pil]==6.1 # QR code generator -rapidfuzz==0.7.6 # Fuzzy string matching -tablib[xls,xlsx,yaml] # Support for XLS and XLSX formats -weasyprint==52.5 # PDF generation library (Note: in the future need to update to 53) +Django==3.2.12 # Django package +bleach==4.1.0 # HTML santization +certifi # Certifi is (most likely) installed through one of the requirements above +coreapi==2.3.0 # API documentation +coverage==5.3 # Unit test coverage +coveralls==2.1.2 # Coveralls linking (for Travis) +cryptography==3.4.8 # Cryptography support +django-admin-shell==0.1.2 # Python shell for the admin interface +django-allauth==0.45.0 # SSO for external providers via OpenID +django-allauth-2fa==0.8 # MFA / 2FA +django-cleanup==5.1.0 # Manage deletion of old / unused uploaded files +django-cors-headers==3.2.0 # CORS headers extension for DRF +django-crispy-forms==1.11.2 # Form helpers +django-debug-toolbar==2.2 # Debug / profiling toolbar +django-error-report==0.2.0 # Error report viewer for the admin interface +django-filter==2.4.0 # Extended filtering options +django-formtools==2.3 # Form wizard tools +django-import-export==2.5.0 # Data import / export for admin interface +django-maintenance-mode==0.16.1 # Shut down application while reloading etc. +django-markdownify==0.8.0 # Markdown rendering +django-markdownx==3.0.1 # Markdown form fields +django-money==1.1 # Django app for currency management +django-mptt==0.11.0 # Modified Preorder Tree Traversal +django-redis>=5.0.0 # Redis integration +django-q==1.3.4 # Background task scheduling +django-sql-utils==0.5.0 # Advanced query annotation / aggregation +django-stdimage==5.1.1 # Advanced ImageField management +django-test-migrations==1.1.0 # Unit testing for database migrations +django-user-sessions==1.7.1 # user sessions in DB +django-weasyprint==1.0.1 # django weasyprint integration +djangorestframework==3.12.4 # DRF framework +django-xforwardedfor-middleware==2.0 # IP forwarding metadata +flake8==3.8.3 # PEP checking +gunicorn>=20.1.0 # Gunicorn web server +importlib_metadata # Backport for importlib.metadata +inventree # Install the latest version of the InvenTree API python library +markdown==3.3.4 # Force particular version of markdown +pep8-naming==0.11.1 # PEP naming convention extension +pillow==9.0.1 # Image manipulation +py-moneyed==0.8.0 # Specific version requirement for py-moneyed +pygments==2.7.4 # Syntax highlighting +python-barcode[images]==0.13.1 # Barcode generator +qrcode[pil]==6.1 # QR code generator +rapidfuzz==0.7.6 # Fuzzy string matching +tablib[xls,xlsx,yaml] # Support for XLS and XLSX formats +weasyprint==52.5 # PDF generation library (Note: in the future need to update to 53) From 85c8b94d80e41f9dd16a232e9c80107a1a3375d0 Mon Sep 17 00:00:00 2001 From: Oliver Walters Date: Tue, 19 Apr 2022 22:09:30 +1000 Subject: [PATCH 2/2] Update nginx conf files --- docker/docker-compose.dev.yml | 6 +++--- docker/nginx.conf | 23 ++++++++++++++--------- docker/nginx.dev.conf | 24 +++++++++++++++--------- 3 files changed, 32 insertions(+), 21 deletions(-) diff --git a/docker/docker-compose.dev.yml b/docker/docker-compose.dev.yml index ca0f837142..8cbe2a9e4d 100644 --- a/docker/docker-compose.dev.yml +++ b/docker/docker-compose.dev.yml @@ -7,9 +7,9 @@ version: "3.8" # - Serves media and static content directly from Django webserver # IMPORANT NOTE: -# The InvenTree docker image does not clone source code from git. -# Instead, you must specify *where* the source code is located, -# (on your local machine). +# The InvenTree development image does not clone source code from git. +# Instead, you must specify *where* the source code is located, (on your local machine). +# The default setup in this file should work straight out of the box, without modification # The django server will auto-detect any code changes and reload the server. services: diff --git a/docker/nginx.conf b/docker/nginx.conf index 271f65a89d..a412d4094a 100644 --- a/docker/nginx.conf +++ b/docker/nginx.conf @@ -4,24 +4,29 @@ server { # Listen for connection on (internal) port 80 listen 80; - location / { - # Change 'inventree-server' to the name of the inventree server container, - # and '8000' to the INVENTREE_WEB_PORT (if not default) - proxy_pass http://inventree-server:8000; + real_ip_header proxy_protocol; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; + location / { + + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-By $server_addr:$server_port; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header CLIENT_IP $remote_addr; + + proxy_pass_request_headers on; proxy_redirect off; client_max_body_size 100M; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_buffering off; proxy_request_buffering off; + # Change 'inventree-server' to the name of the inventree server container, + # and '8000' to the INVENTREE_WEB_PORT (if not default) + proxy_pass http://inventree-server:8000; } # Redirect any requests for static files diff --git a/docker/nginx.dev.conf b/docker/nginx.dev.conf index 8fc47e622c..f3085ef57b 100644 --- a/docker/nginx.dev.conf +++ b/docker/nginx.dev.conf @@ -4,24 +4,30 @@ server { # Listen for connection on (internal) port 80 listen 80; - location / { - # Change 'inventree-dev-server' to the name of the inventree server container, - # and '8000' to the INVENTREE_WEB_PORT (if not default) - proxy_pass http://inventree-dev-server:8000; + real_ip_header proxy_protocol; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; + location / { + + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-By $server_addr:$server_port; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header CLIENT_IP $remote_addr; + + proxy_pass_request_headers on; proxy_redirect off; client_max_body_size 100M; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_buffering off; proxy_request_buffering off; + # Change 'inventree-dev-server' to the name of the inventree server container, + # and '8000' to the INVENTREE_WEB_PORT (if not default) + proxy_pass http://inventree-dev-server:8000; + } # Redirect any requests for static files