|HTTP proxy (CDN) settings: $wgCdnServers|
|An array of individual proxy servers to help MediaWiki detect if the request has been proxied.
But also to send back to the proxy PURGE commands on changes.
|Introduced in version:||1.34.0 (Gerrit change 387877; git #f9f8dff4)|
|Removed in version:||still in use|
Prior to 1.4.0 no default value was set.
|Other settings: Alphabetical | By function|
This variable is about telling MediaWiki what are the individual IP addresses of each Proxy servers that serve content to your visitors.
You can also specify port numbers explicitly.
However, if you specify port numbers, you need to add the same IP to
$wgCdnServersNoPurge, otherwise the server will not be recognized as a configured proxy (known bug T132538).
If you are upgrading to a MediaWiki version prior to 1.35 you might now need to specify port 80 explicitly if you are using that port. E.g.
myserver:80. Otherwise the port 1080 will be assumed. (https://phabricator.wikimedia.org/T291768)
Note that if you have CIDR ranges (e.g.
192.0.2.0/24), make sure you set them in $wgCdnServersNoPurge instead.
The setting can be used in many Proxy setups, both within a private network or through an external provider, and also with external services that are based on either Varnish or Squid.
Configuration example with Varnish
Consider the following setup details:
- one and/or more web servers ("origins") with MediaWiki running
- Varnish configuration points to your MediaWiki origins
- You have a few Varnish servers that proxies requests for the web servers
- You have a list of single IP addresses (not CIDR ranges, that would go in $wgCdnServersNoPurge instead!)
Here are the configurations you have to set in place:
- In Varnish, set a
X-Forwarded-ForHTTP header with
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
- Create an array of servers. Ideally it should be IP in decimal format but those would work
// In LocalSettings.php $wgUseCdn = true; $wgCdnServers = array(); $wgCdnServers = "192.0.2.100"; $wgCdnServers = "192.0.2.107"; $wgCdnServers = "192.0.2.200"; $wgCdnServers = "some.internal.name"; // Also works if you have a DNS configured on every MW origins. But it's not recommended. #$wgCdnServers = "192.0.2.0/24"; // WON’T WORK, refer to $wgCdnServersNoPurge
TODO: Insert example of a valid IPv6 address that is part of
2001:DB8::/32 range as per RFC3849
Usage notes and history
- Specifying the port number of your proxy software is not necessary. This will be useful when you don't run your proxy software at port 80 (used by default).
- Any IPs listed in this array will be treated as trusted surrogates (reverse proxies)
- IP addresses displayed for users connected via these Squid/Varnish servers therefore will match individual user IPs, not the Squid's IP.
- Each entry can be either IPv6/IPv4 addresses in octal format (e.g.
- CIDR notation and ranges should be configured in $wgCdnServersNoPurge
Anything described in includes/utils/IP.php should be valid.
- Manual:$wgCdnServersNoPurge (equivalent setting, for CIDR ranges)
- Manual:Hooks/IsTrustedProxy - to modify the proxy list dynamically