From 884560678521d735de77bdb11e78aa206da7004e Mon Sep 17 00:00:00 2001
From: bgrozev <boris@jitsi.org>
Date: Thu, 4 Jan 2024 15:37:18 -0600
Subject: [PATCH] Move trusted_proxies from visitors to main prosody config
 file. (#1699)

---
 prosody/rootfs/defaults/conf.d/visitors.cfg.lua | 8 --------
 prosody/rootfs/defaults/prosody.cfg.lua         | 7 +++++++
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/prosody/rootfs/defaults/conf.d/visitors.cfg.lua b/prosody/rootfs/defaults/conf.d/visitors.cfg.lua
index 35fd209..96b4677 100644
--- a/prosody/rootfs/defaults/conf.d/visitors.cfg.lua
+++ b/prosody/rootfs/defaults/conf.d/visitors.cfg.lua
@@ -15,8 +15,6 @@
 {{ $RELEASE_NUMBER := .Env.RELEASE_NUMBER | default "" -}}
 {{ $SHARD_NAME := .Env.SHARD | default "default" -}}
 {{ $S2S_PORT := .Env.PROSODY_S2S_PORT | default "5269" -}}
-{{ $TRUSTED_PROXIES := .Env.PROSODY_TRUSTED_PROXIES | default "127.0.0.1,::1" -}}
-{{ $TRUSTED_PROXY_LIST := splitList "," $TRUSTED_PROXIES -}}
 {{ $TURN_HOST := .Env.TURN_HOST | default "" -}}
 {{ $TURN_HOSTS := splitList "," $TURN_HOST -}}
 {{ $TURN_PORT := .Env.TURN_PORT | default "443" -}}
@@ -92,12 +90,6 @@ consider_websocket_secure = true;
 consider_bosh_secure = true;
 bosh_max_inactivity = 60;
 
-trusted_proxies = {
-{{ range $index, $proxy := $TRUSTED_PROXY_LIST }}
-  "{{ $proxy }}";
-{{ end }}
-}
-
 -- this is added to make certs_s2soutinjection work
 s2sout_override = {
     ["{{ $XMPP_MUC_DOMAIN }}"] = "tcp://{{ $XMPP_SERVER }}:{{ $XMPP_SERVER_S2S_PORT }}"; -- needed for visitors to send messages to main room
diff --git a/prosody/rootfs/defaults/prosody.cfg.lua b/prosody/rootfs/defaults/prosody.cfg.lua
index a1ec9ca..8864b8b 100644
--- a/prosody/rootfs/defaults/prosody.cfg.lua
+++ b/prosody/rootfs/defaults/prosody.cfg.lua
@@ -15,6 +15,8 @@
 {{ $PROSODY_HTTP_PORT := .Env.PROSODY_HTTP_PORT | default "5280" -}}
 {{ $PROSODY_ADMINS := .Env.PROSODY_ADMINS | default "" -}}
 {{ $PROSODY_ADMIN_LIST := splitList "," $PROSODY_ADMINS -}}
+{{ $TRUSTED_PROXIES := .Env.PROSODY_TRUSTED_PROXIES | default "127.0.0.1,::1" -}}
+{{ $TRUSTED_PROXY_LIST := splitList "," $TRUSTED_PROXIES -}}
 {{ $PROSODY_S2S_LIMIT := .Env.PROSODY_S2S_LIMIT | default "30kb/s" -}}
 {{ $S2S_PORT := .Env.PROSODY_S2S_PORT | default "5269" }}
 {{ $VISITORS_MUC_PREFIX := .Env.PROSODY_VISITORS_MUC_PREFIX | default "muc" -}}
@@ -114,6 +116,11 @@ modules_enabled = {
 component_ports = { }
 https_ports = { }
 
+trusted_proxies = {
+{{ range $index, $proxy := $TRUSTED_PROXY_LIST }}
+  "{{ $proxy }}";
+{{ end }}
+}
 
 {{ if eq .Env.PROSODY_MODE "brewery" -}}
 firewall_scripts = {