From 0116489dea2284e9b55aa26b5ecefa63d2b3f627 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=90=B4=E6=96=87=E5=B3=B0?= Date: Thu, 28 May 2026 16:31:17 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=A1=E4=BB=BB=E5=8F=8D=E5=90=91?= =?UTF-8?q?=E4=BB=A3=E7=90=86=E5=A4=B4=EF=BC=8C=E4=BF=AE=E5=A4=8D=20unix?= =?UTF-8?q?=20socket=20=E6=A8=A1=E5=BC=8F=E4=B8=8B=E8=8E=B7=E5=8F=96?= =?UTF-8?q?=E4=B8=8D=E5=88=B0=E7=9C=9F=E5=AE=9E=20IP?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Caddy 传 X-Real-IP / X-Forwarded-For,但 Gin 默认不信任代理头。 配置 SetTrustedProxies 全信任(unix socket 无来源 IP,无法按 IP 过滤), 安全边界由前端 Caddy 把控。 --- main.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/main.go b/main.go index 123373b..82518a2 100644 --- a/main.go +++ b/main.go @@ -83,6 +83,11 @@ func main() { r := gin.Default() + // 信任反向代理,从 X-Real-IP / X-Forwarded-For 获取真实客户端 IP + // Unix socket 下无法按来源 IP 判断信任,全信任(安全边界由 Caddy 把控) + _ = r.SetTrustedProxies([]string{"0.0.0.0/0", "::/0"}) + r.RemoteIPHeaders = []string{"X-Real-IP", "X-Forwarded-For"} + // 加载 HTML 模板 r.SetHTMLTemplate(loadTemplates())