darkhttpd icon indicating copy to clipboard operation
darkhttpd copied to clipboard
verified publisher icon emikulic

With `--forward-https` set `client` ip from `X-Forwarded-For`

Open itoffshore opened this issue 1 year ago • 1 comments

When darkhttpd knows it's behind a proxy (--forward-https) - it makes more sense for logging purposes to set the client ip from a header rather than the source ip address of the connection.

So that these changes are a one time event - the following changes should be sufficient:

If --forward-https is enabled:

  • by default read the header X-Forwarded-For (this header is added automatically by most proxies nowadays by default - e.g Azure Front Door / Caddy server)
  • if a new option is set --log-proxy-header "Some-Header" use that header instead for the remote ip to be logged

Slightly OT - darkhttpd worked perfectly in a rootless podman pod behind caddy. Your docker container is also very nice with no shell / no users / no other binaries

itoffshore avatar Mar 08 '24 00:03 itoffshore

Yeah, this is reasonable. I'd be willing to merge a patch that did this.

The docker container is thanks to @miles-po and @kugland - thanks, folks!

emikulic avatar Mar 08 '24 00:03 emikulic