diff options
author | Julio Capote <jcapote@gmail.com> | 2023-01-05 00:01:34 +0000 |
---|---|---|
committer | Julio Capote <jcapote@gmail.com> | 2023-01-05 00:01:34 +0000 |
commit | fcb8fcd6973a1b12fc874097918a38c0730b44f1 (patch) | |
tree | f84443ecb4e81a854c1117e427def17cdfa5c503 | |
parent | bb6cfa59b1b0601e683406f10a5a8d27b752095e (diff) | |
download | communique-fcb8fcd6973a1b12fc874097918a38c0730b44f1.tar.gz |
warn about proxy misconfiguration
-rw-r--r-- | registry/registry.go | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/registry/registry.go b/registry/registry.go index cbadd5d..417bb9b 100644 --- a/registry/registry.go +++ b/registry/registry.go @@ -164,7 +164,10 @@ func (r *Registry) Inbox(name string, req *http.Request) error { } logger := r.log.With("type", "inbox") - logger.Debugf("host header is %s", req.Host) + if req.Host != handler.handlerCfg.Name { + logger.Warnf("%s != %s, configured domain should match incoming Host: header otherwise HTTP signature verification will fail. You'll need to enable 'ProxyPreserveHost' (for apache2) or proxy_set_header Host $host; (for nginx)", req.Host, handler.handlerCfg.Name) + } + verifier, err := httpsig.NewVerifier(req) if err != nil { return err |