Merge pull request #2841 from SchrodingersGat/x-forwarded-for

X-forwarded-for

InvenTree/InvenTree/settings.py

@@ -282,6 +282,7 @@ INSTALLED_APPS = [
 
 MIDDLEWARE = CONFIG.get('middleware', [
     'django.middleware.security.SecurityMiddleware',
+    'x_forwarded_for.middleware.XForwardedForMiddleware',
     'user_sessions.middleware.SessionMiddleware',                   # db user sessions
     'django.middleware.locale.LocaleMiddleware',
     'django.middleware.common.CommonMiddleware',

docker/docker-compose.dev.yml

@@ -7,9 +7,9 @@ version: "3.8"
 # - Serves media and static content directly from Django webserver
 
 # IMPORANT NOTE:
-# The InvenTree docker image does not clone source code from git.
-# Instead, you must specify *where* the source code is located,
-# (on your local machine).
+# The InvenTree development image does not clone source code from git.
+# Instead, you must specify *where* the source code is located, (on your local machine).
+# The default setup in this file should work straight out of the box, without modification
 # The django server will auto-detect any code changes and reload the server.
 
 services:

docker/nginx.conf

@@ -4,24 +4,29 @@ server {
     # Listen for connection on (internal) port 80
     listen 80;
 
-    location / {
-        # Change 'inventree-server' to the name of the inventree server container,
-        # and '8000' to the INVENTREE_WEB_PORT (if not default)
-        proxy_pass http://inventree-server:8000;
+    real_ip_header proxy_protocol;
 
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header Host $http_host;
+    location / {
+
+        proxy_set_header      Host              $http_host;
+        proxy_set_header      X-Forwarded-By    $server_addr:$server_port;
+        proxy_set_header      X-Forwarded-For   $remote_addr;
+        proxy_set_header      X-Forwarded-Proto $scheme;
+        proxy_set_header      X-Real-IP         $remote_addr;
+        proxy_set_header      CLIENT_IP         $remote_addr;
+        
+        proxy_pass_request_headers on;
 
         proxy_redirect off;
 
         client_max_body_size 100M;
 
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-Proto $scheme;
-
         proxy_buffering off;
         proxy_request_buffering off;
 
+        # Change 'inventree-server' to the name of the inventree server container,
+        # and '8000' to the INVENTREE_WEB_PORT (if not default)
+        proxy_pass http://inventree-server:8000;
     }
 
     # Redirect any requests for static files

docker/nginx.dev.conf

@@ -4,24 +4,30 @@ server {
     # Listen for connection on (internal) port 80
     listen 80;
 
-    location / {
-        # Change 'inventree-dev-server' to the name of the inventree server container,
-        # and '8000' to the INVENTREE_WEB_PORT (if not default)
-        proxy_pass http://inventree-dev-server:8000;
+    real_ip_header proxy_protocol;
 
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header Host $http_host;
+    location / {
+
+        proxy_set_header      Host              $http_host;
+        proxy_set_header      X-Forwarded-By    $server_addr:$server_port;
+        proxy_set_header      X-Forwarded-For   $remote_addr;
+        proxy_set_header      X-Forwarded-Proto $scheme;
+        proxy_set_header      X-Real-IP         $remote_addr;
+        proxy_set_header      CLIENT_IP         $remote_addr;
+        
+        proxy_pass_request_headers on;
 
         proxy_redirect off;
 
         client_max_body_size 100M;
 
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-Proto $scheme;
-
         proxy_buffering off;
         proxy_request_buffering off;
 
+        # Change 'inventree-dev-server' to the name of the inventree server container,
+        # and '8000' to the INVENTREE_WEB_PORT (if not default)
+        proxy_pass http://inventree-dev-server:8000;
+
     }
 
     # Redirect any requests for static files

requirements.txt

@@ -1,46 +1,47 @@
 # Please keep this list sorted
-Django==3.2.12                  # Django package
-bleach==4.1.0                   # HTML santization
-certifi                         # Certifi is (most likely) installed through one of the requirements above
-coreapi==2.3.0                  # API documentation
-coverage==5.3                   # Unit test coverage
-coveralls==2.1.2                # Coveralls linking (for Travis)
-cryptography==3.4.8             # Cryptography support
-django-admin-shell==0.1.2       # Python shell for the admin interface
-django-allauth==0.45.0          # SSO for external providers via OpenID
-django-allauth-2fa==0.8         # MFA / 2FA
-django-cleanup==5.1.0           # Manage deletion of old / unused uploaded files
-django-cors-headers==3.2.0      # CORS headers extension for DRF
-django-crispy-forms==1.11.2     # Form helpers
-django-debug-toolbar==2.2       # Debug / profiling toolbar
-django-error-report==0.2.0      # Error report viewer for the admin interface
-django-filter==2.4.0            # Extended filtering options
-django-formtools==2.3           # Form wizard tools
-django-import-export==2.5.0     # Data import / export for admin interface
-django-maintenance-mode==0.16.1 # Shut down application while reloading etc.
-django-markdownify==0.8.0       # Markdown rendering
-django-markdownx==3.0.1         # Markdown form fields
-django-money==1.1               # Django app for currency management
-django-mptt==0.11.0             # Modified Preorder Tree Traversal
-django-redis>=5.0.0
-django-q==1.3.4                 # Background task scheduling
-django-sql-utils==0.5.0         # Advanced query annotation / aggregation
-django-stdimage==5.1.1          # Advanced ImageField management
-django-test-migrations==1.1.0   # Unit testing for database migrations
-django-user-sessions==1.7.1     # user sessions in DB
-django-weasyprint==1.0.1        # django weasyprint integration
-djangorestframework==3.12.4     # DRF framework
-flake8==3.8.3                   # PEP checking
-gunicorn>=20.1.0                # Gunicorn web server
-importlib_metadata              # Backport for importlib.metadata
-inventree                       # Install the latest version of the InvenTree API python library
-markdown==3.3.4                 # Force particular version of markdown
-pep8-naming==0.11.1             # PEP naming convention extension
-pillow==9.0.1                   # Image manipulation
-py-moneyed==0.8.0               # Specific version requirement for py-moneyed
-pygments==2.7.4                 # Syntax highlighting
-python-barcode[images]==0.13.1  # Barcode generator
-qrcode[pil]==6.1                # QR code generator
-rapidfuzz==0.7.6                # Fuzzy string matching
-tablib[xls,xlsx,yaml]           # Support for XLS and XLSX formats
-weasyprint==52.5                # PDF generation library (Note: in the future need to update to 53)
+Django==3.2.12                          # Django package
+bleach==4.1.0                           # HTML santization
+certifi                                 # Certifi is (most likely) installed through one of the requirements above
+coreapi==2.3.0                          # API documentation
+coverage==5.3                           # Unit test coverage
+coveralls==2.1.2                        # Coveralls linking (for Travis)
+cryptography==3.4.8                     # Cryptography support
+django-admin-shell==0.1.2               # Python shell for the admin interface
+django-allauth==0.45.0                  # SSO for external providers via OpenID
+django-allauth-2fa==0.8                 # MFA / 2FA
+django-cleanup==5.1.0                   # Manage deletion of old / unused uploaded files
+django-cors-headers==3.2.0              # CORS headers extension for DRF
+django-crispy-forms==1.11.2             # Form helpers
+django-debug-toolbar==2.2               # Debug / profiling toolbar
+django-error-report==0.2.0              # Error report viewer for the admin interface
+django-filter==2.4.0                    # Extended filtering options
+django-formtools==2.3                   # Form wizard tools
+django-import-export==2.5.0             # Data import / export for admin interface
+django-maintenance-mode==0.16.1         # Shut down application while reloading etc.
+django-markdownify==0.8.0               # Markdown rendering
+django-markdownx==3.0.1                 # Markdown form fields
+django-money==1.1                       # Django app for currency management
+django-mptt==0.11.0                     # Modified Preorder Tree Traversal
+django-redis>=5.0.0                     # Redis integration
+django-q==1.3.4                         # Background task scheduling
+django-sql-utils==0.5.0                 # Advanced query annotation / aggregation
+django-stdimage==5.1.1                  # Advanced ImageField management
+django-test-migrations==1.1.0           # Unit testing for database migrations
+django-user-sessions==1.7.1             # user sessions in DB
+django-weasyprint==1.0.1                # django weasyprint integration
+djangorestframework==3.12.4             # DRF framework
+django-xforwardedfor-middleware==2.0    # IP forwarding metadata
+flake8==3.8.3                           # PEP checking
+gunicorn>=20.1.0                        # Gunicorn web server
+importlib_metadata                      # Backport for importlib.metadata
+inventree                               # Install the latest version of the InvenTree API python library
+markdown==3.3.4                         # Force particular version of markdown
+pep8-naming==0.11.1                     # PEP naming convention extension
+pillow==9.0.1                           # Image manipulation
+py-moneyed==0.8.0                       # Specific version requirement for py-moneyed
+pygments==2.7.4                         # Syntax highlighting
+python-barcode[images]==0.13.1          # Barcode generator
+qrcode[pil]==6.1                        # QR code generator
+rapidfuzz==0.7.6                        # Fuzzy string matching
+tablib[xls,xlsx,yaml]                   # Support for XLS and XLSX formats
+weasyprint==52.5                        # PDF generation library (Note: in the future need to update to 53)