Manual:$wgCdnServers

HTTP proxy (CDN) settings: $wgCdnServers
An array of individual proxy servers to help MediaWiki detect if the request has been proxied.
But also to send back to the proxy PURGE commands on changes.
Introduced in version:1.34.0 (Gerrit change 387877; git #f9f8dff4)
Removed in version:Still in use
Allowed values:Unspecified
Default value:[]
Prior to 1.4.0 no default value was set.

Details

edit

This variable is about telling MediaWiki what are the individual IP addresses of each Proxy servers that serve content to your visitors.

You can also specify port numbers explicitly. However, if you specify port numbers, you need to add the same IP to $wgCdnServersNoPurge , otherwise the server will not be recognized as a configured proxy (known bug T132538).

If you are upgrading to a MediaWiki version prior to 1.35 you might now need to specify port 80 explicitly if you are using that port. E.g. myserver:80. Otherwise the port 1080 will be assumed. (https://phabricator.wikimedia.org/T291768)

Note that if you have CIDR ranges (e.g. 192.0.2.0/24), make sure you set them in $wgCdnServersNoPurge instead.

The setting can be used in many Proxy setups, both within a private network or through an external provider, and also with external services that are based on either Varnish or Squid.

Configuration example with Varnish

edit

Consider the following setup details:

  • one and/or more web servers ("origins") with MediaWiki running
  • Varnish configuration points to your MediaWiki origins
  • You have a few Varnish servers that proxies requests for the web servers
  • You have a list of single IP addresses (not CIDR ranges, that would go in $wgCdnServersNoPurge instead!)

Here are the configurations you have to set in place:

  • In Varnish, set a X-Forwarded-For HTTP header with client.ip, example:
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
  • Create an array of servers. Ideally it should be IP in decimal format but those would work
// In LocalSettings.php
$wgUseCdn = true;
$wgCdnServers = array();
$wgCdnServers[] = "192.0.2.100";
$wgCdnServers[] = "192.0.2.107";
$wgCdnServers[] = "192.0.2.200";
$wgCdnServers[] = "some.internal.name";  // Also works if you have a DNS configured on every MW origins. But it's not recommended.
#$wgCdnServers[] = "192.0.2.0/24";       // WON’T WORK, refer to $wgCdnServersNoPurge
The following IP are for example purpose, defined in from RFC 5737.

TODO: Insert example of a valid IPv6 address that is part of 2001:DB8::/32 range as per RFC3849

Usage notes and history

edit
  • Specifying the port number of your proxy software is not necessary. This will be useful when you don't run your proxy software at port 80 (used by default).
  • Any IPs listed in this array will be treated as trusted surrogates (reverse proxies)
  • IP addresses displayed for users connected via these Squid/Varnish servers therefore will match individual user IPs, not the Squid's IP.

Format

edit
  • Each entry can be either IPv6/IPv4 addresses in octal format (e.g. 192.0.2.3)
  • CIDR notation and ranges should be configured in $wgCdnServersNoPurge

Anything described in includes/utils/IP.php should be valid.

See also

edit
  NODES
HOME 1
Idea 1
idea 1
Intern 1
languages 3
Note 3
os 2
server 25
text 2
todo 1
Users 1
web 2