[server-pro] trust local nginx proxy running inside Server Pro/CE (#27719)

GitOrigin-RevId: ed9bb136effb1602aa0239b107c116fd6385ebbc

server-ce/config/settings.js

@@ -184,9 +184,12 @@ const settings = {
   siteUrl: (siteUrl = process.env.OVERLEAF_SITE_URL || 'http://localhost'),
 
   // Status page URL as displayed on the maintenance/500 pages.
-  statusPageUrl: process.env.OVERLEAF_STATUS_PAGE_URL ?
-    // Add https:// protocol prefix if not set (Allow plain-text http:// for Server Pro/CE).
-    (process.env.OVERLEAF_STATUS_PAGE_URL.startsWith('http://') || process.env.OVERLEAF_STATUS_PAGE_URL.startsWith('https://')) ? process.env.OVERLEAF_STATUS_PAGE_URL : `https://${process.env.OVERLEAF_STATUS_PAGE_URL}`
+  statusPageUrl: process.env.OVERLEAF_STATUS_PAGE_URL
+    ? // Add https:// protocol prefix if not set (Allow plain-text http:// for Server Pro/CE).
+      process.env.OVERLEAF_STATUS_PAGE_URL.startsWith('http://') ||
+      process.env.OVERLEAF_STATUS_PAGE_URL.startsWith('https://')
+      ? process.env.OVERLEAF_STATUS_PAGE_URL
+      : `https://${process.env.OVERLEAF_STATUS_PAGE_URL}`
     : undefined,
   maintenanceMessage: process.env.OVERLEAF_MAINTENANCE_MESSAGE,
   maintenanceMessageHTML: process.env.OVERLEAF_MAINTENANCE_MESSAGE_HTML,
@@ -244,8 +247,8 @@ const settings = {
   // then set this to true to allow it to correctly detect the forwarded IP
   // address and http/https protocol information.
 
-  behindProxy: process.env.OVERLEAF_BEHIND_PROXY || false,
-  trustedProxyIps: process.env.OVERLEAF_TRUSTED_PROXY_IPS,
+  behindProxy: true,
+  trustedProxyIps: process.env.OVERLEAF_TRUSTED_PROXY_IPS || 'loopback',
 
   // The amount of time, in milliseconds, until the (rolling) cookie session expires
   cookieSessionLength: parseInt(
@@ -480,6 +483,16 @@ switch (process.env.OVERLEAF_FILESTORE_BACKEND) {
     }
 }
 
+if (
+  !settings.trustedProxyIps.includes('loopback') &&
+  !settings.trustedProxyIps.includes('localhost') &&
+  !settings.trustedProxyIps.includes('127.0.0.1')
+) {
+  throw new Error(
+    'OVERLEAF_TRUSTED_PROXY_IPS must include one of "loopback", "localhost" or "127.0.0.1", which trusts the nginx instance running inside the container'
+  )
+}
+
 // With lots of incoming and outgoing HTTP connections to different services,
 // sometimes long running, it is a good idea to increase the default number
 // of sockets that Node will hold open.

services/real-time/config/settings.defaults.js

@@ -170,8 +170,8 @@ const settings = {
     shutdownOnUncaughtError: true,
   },
 
-  behindProxy: process.env.BEHIND_PROXY === 'true',
-  trustedProxyIps: process.env.TRUSTED_PROXY_IPS,
+  behindProxy: true,
+  trustedProxyIps: process.env.TRUSTED_PROXY_IPS || 'loopback',
   keepAliveTimeoutMs: parseInt(process.env.KEEPALIVE_TIMEOUT_MS ?? '5000', 10),
   allowedCorsOrigins: process.env.REAL_TIME_ALLOWED_CORS_ORIGINS,
 }

services/web/config/settings.defaults.js

@@ -661,7 +661,8 @@ module.exports = {
   // If you are running Overleaf behind a proxy (like Apache, Nginx, etc)
   // then set this to true to allow it to correctly detect the forwarded IP
   // address and http/https protocol information.
-  behindProxy: false,
+  behindProxy: true,
+  trustedProxyIps: process.env.TRUSTED_PROXY_IPS || 'loopback',
 
   // Delay before closing the http server upon receiving a SIGTERM process signal.
   gracefulShutdownDelayInMs: