Federation: restrict HTTP client proxy settings to only affect outgoing federation
I am running pleroma behind a reverse proxy (nginx), with the backend on a different physical location, linked up by a VPN tunnel. Naturally I would like for outgoing federation to be proxied to this fronted server, so I set all that up and got federation flowing through the proxy. Everything worked as intended.
However, an unintended side effect (rather what I should have suspected based on the setting name) is that this routes all HTTP requests, not just server to server federation across the proxy. The documentation page it is detailed under is named to imply this impacts only such requests. How to configure upstream proxy for federation For me, this is a problem as my media upload server is also on the same cluster of VMs as the backend.
- It is not only slow but wasteful proxying those requests across the network only for them to come right back when they are in the same virtual network (I have found no way to override this)
- The required firewall configurations on the proxy server to make this work are not straightforward or even really safe. Thus I have left the proxy on and intentionally broken my media upload for the time being.
I suspect that many who enable the HTTP proxy settings intend mainly to do so for outbound federation, and even if not, for areas where HTTP connections are made, would it not be useful to at least be able to override the global default? Or alternatively to line up the code behavior with the documentation behavior by limiting the impact of this setting to outgoing federation only?
Thanks regardless, I hope this is improved somewhat in the future.