From fcb8fcd6973a1b12fc874097918a38c0730b44f1 Mon Sep 17 00:00:00 2001
From: Julio Capote <jcapote@gmail.com>
Date: Wed, 4 Jan 2023 19:01:34 -0500
Subject: warn about proxy misconfiguration

---
 registry/registry.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/registry/registry.go b/registry/registry.go
index cbadd5d..417bb9b 100644
--- a/registry/registry.go
+++ b/registry/registry.go
@@ -164,7 +164,10 @@ func (r *Registry) Inbox(name string, req *http.Request) error {
 	}
 	logger := r.log.With("type", "inbox")
 
-	logger.Debugf("host header is %s", req.Host)
+	if req.Host != handler.handlerCfg.Name {
+		logger.Warnf("%s != %s, configured domain should match incoming Host: header otherwise HTTP signature verification will fail. You'll need to enable 'ProxyPreserveHost' (for apache2) or proxy_set_header Host $host; (for nginx)", req.Host, handler.handlerCfg.Name)
+	}
+
 	verifier, err := httpsig.NewVerifier(req)
 	if err != nil {
 		return err
-- 
cgit v1.2.3