From dbfb38bb8a99027e3613fff9e379cfc821365db9 Mon Sep 17 00:00:00 2001
From: "Adrian A. Baumann" <ade@adebaumann.com>
Date: Wed, 28 Jan 2026 09:55:00 +0100
Subject: [PATCH] Revert - actual ip information not available in headers

---
 argocd/configmap.yaml  |  3 +--
 argocd/deployment.yaml |  7 +------
 gunicorn.conf.py       | 35 -----------------------------------
 3 files changed, 2 insertions(+), 43 deletions(-)

diff --git a/argocd/configmap.yaml b/argocd/configmap.yaml
index 758e15f..7c7c364 100644
--- a/argocd/configmap.yaml
+++ b/argocd/configmap.yaml
@@ -17,6 +17,5 @@ data:
   LOGIN_URL: "login"
   LOGIN_REDIRECT_URL: "index"
   LOGOUT_REDIRECT_URL: "login"
-  TRUSTED_PROXIES: "192.168.17.44,192.168.17.53"
   GUNICORN_OPTS: "--access-logfile -"
-  IMAGE_TAG: "0.073"
+  IMAGE_TAG: "0.074"
diff --git a/argocd/deployment.yaml b/argocd/deployment.yaml
index 8569fe9..0ab0449 100644
--- a/argocd/deployment.yaml
+++ b/argocd/deployment.yaml
@@ -27,7 +27,7 @@ spec:
               mountPath: /data
       containers:
         - name: web
-          image: git.baumann.gr/adebaumann/labhelper:0.073
+          image: git.baumann.gr/adebaumann/labhelper:0.074
           imagePullPolicy: Always
           ports:
             - containerPort: 8000
@@ -102,11 +102,6 @@ spec:
                 configMapKeyRef:
                   name: django-config
                   key: LOGOUT_REDIRECT_URL
-            - name: TRUSTED_PROXIES
-              valueFrom:
-                configMapKeyRef:
-                  name: django-config
-                  key: TRUSTED_PROXIES
             - name: GUNICORN_OPTS
               valueFrom:
                 configMapKeyRef:
diff --git a/gunicorn.conf.py b/gunicorn.conf.py
index f7b1521..d00d52b 100644
--- a/gunicorn.conf.py
+++ b/gunicorn.conf.py
@@ -1,14 +1,7 @@
 import logging
-import os
 
 from gunicorn.glogging import Logger
 
-TRUSTED_PROXIES = {
-    ip.strip()
-    for ip in os.environ.get("TRUSTED_PROXIES", "").split(",")
-    if ip.strip()
-}
-
 
 class HealthCheckFilter(logging.Filter):
     def filter(self, record):
@@ -21,33 +14,5 @@ class CustomLogger(Logger):
         super().setup(cfg)
         self.access_log.addFilter(HealthCheckFilter())
 
-    def atoms(self, resp, req, environ, request_time):
-        atoms = super().atoms(resp, req, environ, request_time)
-        atoms["{client-ip}e"] = self._get_client_ip(environ)
-        headers = {
-            k[5:].replace("_", "-").lower(): v
-            for k, v in environ.items()
-            if k.startswith("HTTP_")
-        }
-        atoms["{all-headers}e"] = " | ".join(
-            f"{k}: {v}" for k, v in sorted(headers.items())
-        )
-        return atoms
-
-    @staticmethod
-    def _get_client_ip(environ):
-        remote_addr = environ.get("REMOTE_ADDR", "-")
-        xff = environ.get("HTTP_X_FORWARDED_FOR", "")
-        if not xff:
-            return remote_addr
-        # Walk the chain from right to left, skipping trusted proxies
-        ips = [ip.strip() for ip in xff.split(",")]
-        for ip in reversed(ips):
-            if ip not in TRUSTED_PROXIES:
-                return ip
-        # All IPs in the chain are trusted; fall back to the leftmost
-        return ips[0]
-
 
 logger_class = CustomLogger
-access_log_format = '%({client-ip}e)s %(l)s %(u)s %(t)s "%(r)s" %(s)s %(b)s "%(f)s" "%(a)s" headers:[%({all-headers}e)s]'