Manual:$wgCdnServers

From mediawiki.org
HTTP proxy (CDN) settings: $wgCdnServers
An array of individual proxy servers to help MediaWiki detect if the request has been proxied.
But also to send back to the proxy PURGE commands on changes.
Introduced in version:1.34.0 (Gerrit change 387877; git #f9f8dff4)
Removed in version:still in use
Allowed values:Unspecified
Default value:[]
Prior to 1.4.0 no default value was set.

Details[edit]

This variable is about telling MediaWiki what are the individual IP addresses of each Proxy servers that serve content to your visitors.

You can also specify port numbers explicitly. However, if you specify port numbers, you need to add the same IP to $wgCdnServersNoPurge , otherwise the server will not be recognized as a configured proxy (known bug T132538).

If you are upgrading to a MediaWiki version prior to 1.35 you might now need to specify port 80 explicitly if you are using that port. E.g. myserver:80. Otherwise the port 1080 will be assumed. (https://phabricator.wikimedia.org/T291768)

Note that if you have CIDR ranges (e.g. 192.0.2.0/24), make sure you set them in $wgCdnServersNoPurge instead.

The setting can be used in many Proxy setups, both within a private network or through an external provider, and also with external services that are based on either Varnish or Squid.

Configuration example with Varnish[edit]

Consider the following setup details:

  • one and/or more web servers ("origins") with MediaWiki running
  • Varnish configuration points to your MediaWiki origins
  • You have a few Varnish servers that proxies requests for the web servers
  • You have a list of single IP addresses (not CIDR ranges, that would go in $wgCdnServersNoPurge instead!)

Here are the configurations you have to set in place:

  • In Varnish, set a X-Forwarded-For HTTP header with client.ip, example:
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
  • Create an array of servers. Ideally it should be IP in decimal format but those would work
// In LocalSettings.php
$wgUseCdn = true;
$wgCdnServers = array();
$wgCdnServers[] = "192.0.2.100";
$wgCdnServers[] = "192.0.2.107";
$wgCdnServers[] = "192.0.2.200";
$wgCdnServers[] = "some.internal.name";  // Also works if you have a DNS configured on every MW origins. But it's not recommended.
#$wgCdnServers[] = "192.0.2.0/24";       // WON’T WORK, refer to $wgCdnServersNoPurge
The following IP are for example purpose, defined in from RFC 5737.

TODO: Insert example of a valid IPv6 address that is part of 2001:DB8::/32 range as per RFC3849

Usage notes and history[edit]

  • Specifying the port number of your proxy software is not necessary. This will be useful when you don't run your proxy software at port 80 (used by default).
  • Any IPs listed in this array will be treated as trusted surrogates (reverse proxies)
  • IP addresses displayed for users connected via these Squid/Varnish servers therefore will match individual user IPs, not the Squid's IP.

Format[edit]

  • Each entry can be either IPv6/IPv4 addresses in octal format (e.g. 192.0.2.3)
  • CIDR notation and ranges should be configured in $wgCdnServersNoPurge

Anything described in includes/utils/IP.php should be valid.

See also[edit]