From 37364585031f1cdc82edbec923882d0dd42e5074 Mon Sep 17 00:00:00 2001 From: Alvaro Ollero Date: Sat, 4 Oct 2025 22:21:06 +0200 Subject: [PATCH 1/2] Uvicorn exposes a configuration option to enable reverse proxying from a trusted ip. This PR exposes it downstreams to end clients --- whisperlivekit/basic_server.py | 2 ++ whisperlivekit/parse_args.py | 1 + whisperlivekit/web/live_transcription.js | 5 ++--- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/whisperlivekit/basic_server.py b/whisperlivekit/basic_server.py index 2ca52ff..c1b682e 100644 --- a/whisperlivekit/basic_server.py +++ b/whisperlivekit/basic_server.py @@ -118,6 +118,8 @@ def main(): if ssl_kwargs: uvicorn_kwargs = {**uvicorn_kwargs, **ssl_kwargs} + if args.forwarded_allow_ips: + uvicorn_kwargs = { **uvicorn_kwargs, "forwarded_allow_ips" : args.forwarded_allow_ips } uvicorn.run(**uvicorn_kwargs) diff --git a/whisperlivekit/parse_args.py b/whisperlivekit/parse_args.py index 7af1564..fe50023 100644 --- a/whisperlivekit/parse_args.py +++ b/whisperlivekit/parse_args.py @@ -175,6 +175,7 @@ def parse_args(): ) parser.add_argument("--ssl-certfile", type=str, help="Path to the SSL certificate file.", default=None) parser.add_argument("--ssl-keyfile", type=str, help="Path to the SSL private key file.", default=None) + parser.add_argument("--forwarded-allow-ips", type=str, help="Allowed ips for reverse proxying.", default=None) parser.add_argument( "--pcm-input", action="store_true", diff --git a/whisperlivekit/web/live_transcription.js b/whisperlivekit/web/live_transcription.js index 3a1e1da..2d61e41 100644 --- a/whisperlivekit/web/live_transcription.js +++ b/whisperlivekit/web/live_transcription.js @@ -178,14 +178,13 @@ function fmt1(x) { } let host, port, protocol; - +port = 8000; if (isExtension) { host = "localhost"; - port = 8000; protocol = "ws"; } else { host = window.location.hostname || "localhost"; - port = window.location.port || 8000; + port = window.location.port; protocol = window.location.protocol === "https:" ? "wss" : "ws"; } const defaultWebSocketUrl = `${protocol}://${host}${port ? ":" + port : ""}/asr`; From 5832d7433db7479b6d2354e7493c15697c2eee2d Mon Sep 17 00:00:00 2001 From: Alvaro Ollero Date: Sat, 4 Oct 2025 23:18:10 +0200 Subject: [PATCH 2/2] update documentation --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 88a219c..7747206 100644 --- a/README.md +++ b/README.md @@ -153,6 +153,7 @@ async def websocket_endpoint(websocket: WebSocket): | `--port` | Server port | `8000` | | `--ssl-certfile` | Path to the SSL certificate file (for HTTPS support) | `None` | | `--ssl-keyfile` | Path to the SSL private key file (for HTTPS support) | `None` | +| `--forwarded-allow-ips` | Ip or Ips allowed to reverse proxy the whisperlivekit-server. Supported types are IP Addresses (e.g. 127.0.0.1), IP Networks (e.g. 10.100.0.0/16), or Literals (e.g. /path/to/socket.sock) | `None` | | `--pcm-input` | raw PCM (s16le) data is expected as input and FFmpeg will be bypassed. Frontend will use AudioWorklet instead of MediaRecorder | `False` | | Translation options | Description | Default |