From 521fe69644e39fbe72c5e978ee3ecd5a325af443 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= <josue@tille.ch>
Date: Tue, 26 Oct 2021 07:47:40 +0200
Subject: [PATCH] Try improve reverse proxy authentication

---
 conf/app.ini    | 4 ++--
 conf/nginx.conf | 1 -
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/conf/app.ini b/conf/app.ini
index d5bb347..f987b9a 100644
--- a/conf/app.ini
+++ b/conf/app.ini
@@ -40,9 +40,8 @@ ENABLE_NOTIFY_MAIL     = true
 DISABLE_REGISTRATION   = true
 ENABLE_CAPTCHA         = false
 REQUIRE_SIGNIN_VIEW    = false
-ENABLE_REVERSE_PROXY_AUTHENTICATION = false
+ENABLE_REVERSE_PROXY_AUTHENTICATION     = true
 ENABLE_REVERSE_PROXY_AUTO_REGISTERATION = false
-ENABLE_BASIC_AUTHENTICATION = true
 
 [picture]
 AVATAR_UPLOAD_PATH = __DATA_PATH__/avatars
@@ -74,3 +73,4 @@ XORM                = file
 INSTALL_LOCK = true
 SECRET_KEY   = __KEY__
 REVERSE_PROXY_AUTHENTICATION_USER = REMOTE_USER
+REVERSE_PROXY_TRUSTED_PROXIES     = 127.0.0.0/8,::1/128
diff --git a/conf/nginx.conf b/conf/nginx.conf
index 536fa2e..29ffee3 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -3,7 +3,6 @@ location __PATH__/ {
     proxy_pass                  http://localhost:__PORT__/;
     proxy_set_header            Host $host;
     proxy_buffering off;
-    fastcgi_param REMOTE_USER   $remote_user;
     client_max_body_size        200M;
     proxy_set_header X-Real-IP $remote_addr;