Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-19 23:18:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 96
fleet/server/platform
History
Scott Gress 393531b624
Implement trusted proxies config (#38471) 
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #

# Details

Adds a new `FLEET_SERVER_TRUSTED_PROXIES` config, allowing more
fine-grained control over how the client IP is determined for requests.
Uses the
[realclientip-go](https://github.com/realclientip/realclientip-go)
library as the engine for parsing headers and using rules to determine
the IP.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

## Testing

- [X] Added/updated automated tests
- [X] QA'd all new/changed functionality manually



<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Introduced FLEET_SERVER_TRUSTED_PROXIES configuration option to
specify trusted proxy IPs and hosts. The server now supports flexible
client IP detection strategies that respect your proxy configuration,
with support for multiple formats including single IP header names, hop
counts, and IP address ranges, adapting to various infrastructure setups
and deployment scenarios.

<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-01-19 22:13:37 -06:00
..
authz Activity bounded context: /api/latest/fleet/activities (1 of 2) (#38115) 2026-01-19 09:07:14 -05:00
endpointer Implement trusted proxies config (#38471) 2026-01-19 22:13:37 -06:00
http Refactor common_mysql (#37245) 2026-01-07 16:26:44 -06:00
middleware Moved common endpointer packages to platform dir. (#37780) 2026-01-06 14:23:07 -06:00
mysql Moved common_mysql package to server/platform/mysql (#38017) 2026-01-08 13:17:19 -06:00
arch_test.go Moved common_mysql package to server/platform/mysql (#38017) 2026-01-08 13:17:19 -06:00
README.md Moved common_mysql package to server/platform/mysql (#38017) 2026-01-08 13:17:19 -06:00

README.md

Platform packages

This directory contains infrastructure and cross-cutting technical concerns that are independent of Fleet's business domain. These packages provide foundational capabilities used across the codebase.

Platform vs domain

Following separation of concerns, we distinguish:

  • Platform (infrastructure): Technical concerns like database connectivity, HTTP utilities, middleware, and transport-level error handling. These packages have no knowledge of Fleet's business domain.
  • Domain (business logic): Feature-specific code organized into bounded contexts. Domain packages depend on platform packages, not the reverse.

Guidelines

  • Platform packages must not import domain packages
  • Platform packages should be general-purpose and reusable
  • Architectural boundaries are enforced by arch_test.go