|An array of individual proxy servers to help MediaWiki detect if the request has been proxyed.
But also to send back to the proxy PURGE commands on changes.
|Introduced in version:||1.34.0 (Gerrit change 387877; )|
|Removed in version:||still in use|
Prior to 1.4.0 no default value was set.
|Other settings: Alphabetical | By function|
This variable is about telling MediaWiki what are the individual IP addresses of each Proxy servers that serve content to your visitors.
You can also specify port numbers explicitly.
However, if you specify port numbers, you need to add the same IP to
$wgCdnServersNoPurge, otherwise the server will not be recognized as a configured proxy (known bug T132538).
Note that if you have CIDR ranges (e.g.
192.0.2.0/24), make sure you set them in $wgCdnServersNoPurge instead.
The setting can be used in many Proxy setups, both within a private network or through an external provider, and also with external services that are based on either Varnish or Squid.
Configuration example with Varnish
Consider the following setup details:
- one and/or more web servers ("origins") with MediaWiki running
- Varnish configuration points to your MediaWiki origins
- You have a few Varnish servers that proxies requests for the web servers
- You have a list of single IP addresses (not CIDR ranges, that would go in $wgCdnServersNoPurge instead!)
Here are the configurations you have to set in place:
- In Varnish, set a
X-Forwarded-ForHTTP header with
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
- Create an array of servers. Ideally it should be IP in decimal format but those would work
// In LocalSettings.php $wgUseCdn = true; $wgCdnServers = array(); $wgCdnServers = "192.0.2.100"; $wgCdnServers = "192.0.2.107"; $wgCdnServers = "192.0.2.200"; $wgCdnServers = "some.internal.name"; // Also works if you have a DNS configured on every MW origins. But its not recommended. #$wgCdnServers = "192.0.2.0/24"; // WON’T WORK, refer to $wgCdnServersNoPurge
Usage notes and history
- Specifying the port number of your proxy software is not necessary. This will be useful when you don't run your proxy software at port 80 (used by default).
- Any IPs listed in this array will be treated as trusted surrogates (reverse proxies)
- IP addresses displayed for users connected via these Squid/Varnish servers therefore will match individual user IP's, not the Squid's IP.
- Each entry can be either IPv6/IPv4 addresses in octal format (e.g.
- CIDR notation and ranges should be configured in $wgCdnServersNoPurge
Anything described in includes/utils/IP.php should be valid.