adebaumann/labhelper
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert - actual ip information not available in headers
All checks were successful
Build containers when image tags change / build-if-image-changed (., web, containers, main container, git.baumann.gr/adebaumann/labhelper) (push) Successful in 27s
Details
Build containers when image tags change / build-if-image-changed (data-loader, loader, initContainers, init-container, git.baumann.gr/adebaumann/labhelper-data-loader) (push) Successful in 7s
Details

Browse Source
This commit is contained in:
Adrian A. Baumann
2026-01-28 09:55:00 +01:00
parent 20239242ce
commit dbfb38bb8a
3 changed files with 2 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
argocd/configmap.yaml
View File

@@ -17,6 +17,5 @@ data:
LOGIN_URL: "login" LOGIN_URL: "login"
LOGIN_REDIRECT_URL: "index" LOGIN_REDIRECT_URL: "index"
LOGOUT_REDIRECT_URL: "login" LOGOUT_REDIRECT_URL: "login"
TRUSTED_PROXIES: "192.168.17.44,192.168.17.53"
GUNICORN_OPTS: "--access-logfile -" GUNICORN_OPTS: "--access-logfile -"
IMAGE_TAG: "0.073" IMAGE_TAG: "0.074"

7
argocd/deployment.yaml
View File

@@ -27,7 +27,7 @@ spec:
mountPath: /data mountPath: /data
containers: containers:
- name: web - name: web
image: git.baumann.gr/adebaumann/labhelper:0.073 image: git.baumann.gr/adebaumann/labhelper:0.074
imagePullPolicy: Always imagePullPolicy: Always
ports: ports:
- containerPort: 8000 - containerPort: 8000
@@ -102,11 +102,6 @@ spec:
configMapKeyRef: configMapKeyRef:
name: django-config name: django-config
key: LOGOUT_REDIRECT_URL key: LOGOUT_REDIRECT_URL
- name: TRUSTED_PROXIES
valueFrom:
configMapKeyRef:
name: django-config
key: TRUSTED_PROXIES
- name: GUNICORN_OPTS - name: GUNICORN_OPTS
valueFrom: valueFrom:
configMapKeyRef: configMapKeyRef:

35
gunicorn.conf.py
View File

@@ -1,14 +1,7 @@
import logging import logging
import os
from gunicorn.glogging import Logger from gunicorn.glogging import Logger
TRUSTED_PROXIES = {
ip.strip()
for ip in os.environ.get("TRUSTED_PROXIES", "").split(",")
if ip.strip()
}
class HealthCheckFilter(logging.Filter): class HealthCheckFilter(logging.Filter):
def filter(self, record): def filter(self, record):
@@ -21,33 +14,5 @@ class CustomLogger(Logger):
super().setup(cfg) super().setup(cfg)
self.access_log.addFilter(HealthCheckFilter()) self.access_log.addFilter(HealthCheckFilter())
def atoms(self, resp, req, environ, request_time):
atoms = super().atoms(resp, req, environ, request_time)
atoms["{client-ip}e"] = self._get_client_ip(environ)
headers = {
k[5:].replace("_", "-").lower(): v
for k, v in environ.items()
if k.startswith("HTTP_")
}
atoms["{all-headers}e"] = " | ".join(
f"{k}: {v}" for k, v in sorted(headers.items())
)
return atoms
@staticmethod
def _get_client_ip(environ):
remote_addr = environ.get("REMOTE_ADDR", "-")
xff = environ.get("HTTP_X_FORWARDED_FOR", "")
if not xff:
return remote_addr
# Walk the chain from right to left, skipping trusted proxies
ips = [ip.strip() for ip in xff.split(",")]
for ip in reversed(ips):
if ip not in TRUSTED_PROXIES:
return ip
# All IPs in the chain are trusted; fall back to the leftmost
return ips[0]
logger_class = CustomLogger logger_class = CustomLogger
access_log_format = '%({client-ip}e)s %(l)s %(u)s %(t)s "%(r)s" %(s)s %(b)s "%(f)s" "%(a)s" headers:[%({all-headers}e)s]'