marketing-shibata50/tududi
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Setup infra for reverse proxy (#831)

Browse source
This commit is contained in:
Chris 2026-02-10 20:22:51 +02:00 committed by GitHub
parent f8ad3724af
commit 2b4cb0aeb2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 36 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
Dockerfile
View file

@ -122,6 +122,7 @@ ENV NODE_ENV=production \
TUDUDI_SESSION_SECRET="" \ TUDUDI_SESSION_SECRET="" \
TUDUDI_USER_EMAIL="" \ TUDUDI_USER_EMAIL="" \
TUDUDI_USER_PASSWORD="" \ TUDUDI_USER_PASSWORD="" \
TUDUDI_TRUST_PROXY=false \
DISABLE_TELEGRAM=false \ DISABLE_TELEGRAM=false \
DISABLE_SCHEDULER=false \ DISABLE_SCHEDULER=false \
TUDUDI_UPLOAD_PATH="/app/backend/uploads" \ TUDUDI_UPLOAD_PATH="/app/backend/uploads" \

18
README.md
View file

@ -79,6 +79,24 @@ docker run \
Navigate to [http://localhost:3002](http://localhost:3002) and login with your credentials. Navigate to [http://localhost:3002](http://localhost:3002) and login with your credentials.
### Reverse Proxy Setup
When running behind a reverse proxy (Caddy, Nginx, Traefik, etc.), set `TUDUDI_TRUST_PROXY` so that Express correctly reads client IPs from `X-Forwarded-For` headers. Without this, `express-rate-limit` will log a validation error.
```bash
docker run \
-e TUDUDI_TRUST_PROXY=true \
-e TUDUDI_ALLOWED_ORIGINS=https://your-domain.com \
...
```
| Value | Meaning |
|-------|---------|
| `true` | Trust all proxies (simplest option for single-proxy setups) |
| `1` | Trust the first hop only |
| `loopback` | Trust loopback addresses (127.0.0.1/::1) |
| `172.16.0.0/12` | Trust a specific subnet |
### 📚 Documentation ### 📚 Documentation
For detailed setup instructions, configuration options, and getting started guides, visit: For detailed setup instructions, configuration options, and getting started guides, visit:

2
backend/.env.example
View file

@ -26,3 +26,5 @@ REGISTRATION_TOKEN_EXPIRY_HOURS=24
DISABLE_SCHEDULER=false DISABLE_SCHEDULER=false
DISABLE_TELEGRAM=false DISABLE_TELEGRAM=false
# TUDUDI_TRUST_PROXY=true

4
backend/app.js
View file

@ -19,6 +19,10 @@ const API_BASE_PATH = `/api/${API_VERSION}`;
const app = express(); const app = express();
if (config.trustProxy !== false) {
app.set('trust proxy', config.trustProxy);
}
// Session store // Session store
const sessionStore = new SequelizeStore({ const sessionStore = new SequelizeStore({
db: sequelize, db: sequelize,

10
backend/config/config.js
View file

@ -108,6 +108,16 @@ const config = {
enabled: process.env.SWAGGER_ENABLED !== 'false', enabled: process.env.SWAGGER_ENABLED !== 'false',
}, },
trustProxy: (() => {
const val = process.env.TUDUDI_TRUST_PROXY;
if (val === undefined || val === '') return false;
if (val === 'true') return true;
if (val === 'false') return false;
const num = Number(val);
if (!isNaN(num) && val.trim() !== '') return num;
return val;
})(),
// Rate limiting configuration // Rate limiting configuration
rateLimiting: { rateLimiting: {
// Disable rate limiting in test environment // Disable rate limiting in test environment

1
docker-compose.yml
View file

@ -7,6 +7,7 @@ services:
- TUDUDI_USER_PASSWORD=your-secure-password - TUDUDI_USER_PASSWORD=your-secure-password
- TUDUDI_SESSION_SECRET=changeme-please-use-openssl - TUDUDI_SESSION_SECRET=changeme-please-use-openssl
- TUDUDI_ALLOWED_ORIGINS=http://localhost:3002 - TUDUDI_ALLOWED_ORIGINS=http://localhost:3002
- TUDUDI_TRUST_PROXY=false
- TUDUDI_UPLOAD_PATH=/app/backend/uploads - TUDUDI_UPLOAD_PATH=/app/backend/uploads
# Runtime UID/GID configuration - set these to match your host user/group # Runtime UID/GID configuration - set these to match your host user/group
- PUID=1001 - PUID=1001