diff --git a/config/env/.env.example b/config/env/.env.example index 90d94c8..9aa6428 100644 --- a/config/env/.env.example +++ b/config/env/.env.example @@ -34,3 +34,7 @@ COUCHDB_CREDENTIAL="base64-encoded-credentials" SKYDIVERID_API_URL="https://api.example.com" SKYDIVERID_API_TOKEN="your-api-token" AUTHORIZATION_PREFIX="Api-Key" + +# Reverse proxy hops in front of the API (e.g. 1 for nginx). Omit in dev. +# Required for rate limiting to use the real client IP behind a proxy. +# TRUST_PROXY=1 diff --git a/src/createApp.js b/src/createApp.js index 22c320c..8a553c5 100644 --- a/src/createApp.js +++ b/src/createApp.js @@ -10,6 +10,9 @@ const config = require('./config'), function createApp() { const app = express(); + if (process.env.TRUST_PROXY) { + app.set('trust proxy', parseInt(process.env.TRUST_PROXY, 10) || process.env.TRUST_PROXY); + } app.use(helmet({ contentSecurityPolicy: false })); const allowedOrigins = process.env.ALLOWED_ORIGINS ? process.env.ALLOWED_ORIGINS.split(',').map(o => o.trim())