From 4e10275fd16e9d47f62128c9f8ea83721c770f38 Mon Sep 17 00:00:00 2001 From: Nicola Murino Date: Mon, 7 Nov 2022 09:17:12 +0100 Subject: [PATCH] clarify that the PROXY protocol is supported for SFTP/FTP Signed-off-by: Nicola Murino --- docs/full-configuration.md | 2 +- go.mod | 2 +- go.sum | 4 ++-- templates/webadmin/user.html | 4 ++++ 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/docs/full-configuration.md b/docs/full-configuration.md index 9b167a10..645d8012 100644 --- a/docs/full-configuration.md +++ b/docs/full-configuration.md @@ -65,7 +65,7 @@ The configuration file contains the following sections: - `hook`, string. Absolute path to the command to execute or HTTP URL to notify. - `setstat_mode`, integer. 0 means "normal mode": requests for changing permissions, owner/group and access/modification times are executed. 1 means "ignore mode": requests for changing permissions, owner/group and access/modification times are silently ignored. 2 means "ignore mode if not supported": requests for changing permissions and owner/group are silently ignored for cloud filesystems and executed for local/SFTP filesystem. Requests for changing modification times are always executed for local/SFTP filesystems and are executed for cloud based filesystems if the target is a file and there is a metadata plugin available. A metadata plugin can be found [here](https://github.com/sftpgo/sftpgo-plugin-metadata). - `temp_path`, string. Defines the path for temporary files such as those used for atomic uploads or file pipes. If you set this option you must make sure that the defined path exists, is accessible for writing by the user running SFTPGo, and is on the same filesystem as the users home directories otherwise the renaming for atomic uploads will become a copy and therefore may take a long time. The temporary files are not namespaced. The default is generally fine. Leave empty for the default. - - `proxy_protocol`, integer. Support for [HAProxy PROXY protocol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt). If you are running SFTPGo behind a proxy server such as HAProxy, AWS ELB or NGINX, you can enable the proxy protocol. It provides a convenient way to safely transport connection information such as a client's address across multiple layers of NAT or TCP proxies to get the real client IP address instead of the proxy IP. Both protocol versions 1 and 2 are supported. If the proxy protocol is enabled in SFTPGo then you have to enable the protocol in your proxy configuration too. For example, for HAProxy, add `send-proxy` or `send-proxy-v2` to each server configuration line. The following modes are supported: + - `proxy_protocol`, integer. Support for [HAProxy PROXY protocol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt). If you are running SFTPGo behind a proxy server such as HAProxy, AWS ELB or NGINX, you can enable the proxy protocol. It provides a convenient way to safely transport connection information such as a client's address across multiple layers of NAT or TCP proxies to get the real client IP address instead of the proxy IP. Both protocol versions 1 and 2 are supported. If the proxy protocol is enabled in SFTPGo then you have to enable the protocol in your proxy configuration too. For example, for HAProxy, add `send-proxy` or `send-proxy-v2` to each server configuration line. The PROXY protocol is supported for SSH/SFTP and FTP/S. The following modes are supported: - 0, disabled - 1, enabled. If the upstream IP is not allowed to send a proxy header the header be ignored. Using this mode does not mean that we can accept connections with and without the proxy header. We always try to read the proxy header and we ignore it if the upstream IP is not allowed to send a proxy header - 2, required. If the upstream IP is not allowed to send a proxy header the connection will be rejected diff --git a/go.mod b/go.mod index f5d7c7bf..6b76ea2b 100644 --- a/go.mod +++ b/go.mod @@ -56,7 +56,7 @@ require ( github.com/shirou/gopsutil/v3 v3.22.10 github.com/spf13/afero v1.9.2 github.com/spf13/cobra v1.6.1 - github.com/spf13/viper v1.13.0 + github.com/spf13/viper v1.14.0 github.com/stretchr/testify v1.8.1 github.com/studio-b12/gowebdav v0.0.0-20221102155456-200a600c0272 github.com/subosito/gotenv v1.4.1 diff --git a/go.sum b/go.sum index 228087c4..19f2b799 100644 --- a/go.sum +++ b/go.sum @@ -1510,8 +1510,8 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= -github.com/spf13/viper v1.13.0 h1:BWSJ/M+f+3nmdz9bxB+bWX28kkALN2ok11D0rSo8EJU= -github.com/spf13/viper v1.13.0/go.mod h1:Icm2xNL3/8uyh/wFuB1jI7TiTNKp8632Nwegu+zgdYw= +github.com/spf13/viper v1.14.0 h1:Rg7d3Lo706X9tHsJMUjdiwMpHB7W8WnSVOssIY+JElU= +github.com/spf13/viper v1.14.0/go.mod h1:WT//axPky3FdvXHzGw33dNdXXXfFQqmEalje+egj8As= github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= diff --git a/templates/webadmin/user.html b/templates/webadmin/user.html index 340d556e..000d0f1e 100644 --- a/templates/webadmin/user.html +++ b/templates/webadmin/user.html @@ -1057,6 +1057,10 @@ along with this program. If not, see . showClear: false, showClose: true, showToday: false + }, + widgetPositioning: { + horizontal: 'auto', + vertical: 'bottom' } });