Revert - actual ip information not available in headers
All checks were successful
Build containers when image tags change / build-if-image-changed (., web, containers, main container, git.baumann.gr/adebaumann/labhelper) (push) Successful in 27s
Build containers when image tags change / build-if-image-changed (data-loader, loader, initContainers, init-container, git.baumann.gr/adebaumann/labhelper-data-loader) (push) Successful in 7s
All checks were successful
Build containers when image tags change / build-if-image-changed (., web, containers, main container, git.baumann.gr/adebaumann/labhelper) (push) Successful in 27s
Build containers when image tags change / build-if-image-changed (data-loader, loader, initContainers, init-container, git.baumann.gr/adebaumann/labhelper-data-loader) (push) Successful in 7s
This commit is contained in:
@@ -17,6 +17,5 @@ data:
|
||||
LOGIN_URL: "login"
|
||||
LOGIN_REDIRECT_URL: "index"
|
||||
LOGOUT_REDIRECT_URL: "login"
|
||||
TRUSTED_PROXIES: "192.168.17.44,192.168.17.53"
|
||||
GUNICORN_OPTS: "--access-logfile -"
|
||||
IMAGE_TAG: "0.073"
|
||||
IMAGE_TAG: "0.074"
|
||||
|
||||
@@ -27,7 +27,7 @@ spec:
|
||||
mountPath: /data
|
||||
containers:
|
||||
- name: web
|
||||
image: git.baumann.gr/adebaumann/labhelper:0.073
|
||||
image: git.baumann.gr/adebaumann/labhelper:0.074
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 8000
|
||||
@@ -102,11 +102,6 @@ spec:
|
||||
configMapKeyRef:
|
||||
name: django-config
|
||||
key: LOGOUT_REDIRECT_URL
|
||||
- name: TRUSTED_PROXIES
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: django-config
|
||||
key: TRUSTED_PROXIES
|
||||
- name: GUNICORN_OPTS
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
|
||||
@@ -1,14 +1,7 @@
|
||||
import logging
|
||||
import os
|
||||
|
||||
from gunicorn.glogging import Logger
|
||||
|
||||
TRUSTED_PROXIES = {
|
||||
ip.strip()
|
||||
for ip in os.environ.get("TRUSTED_PROXIES", "").split(",")
|
||||
if ip.strip()
|
||||
}
|
||||
|
||||
|
||||
class HealthCheckFilter(logging.Filter):
|
||||
def filter(self, record):
|
||||
@@ -21,33 +14,5 @@ class CustomLogger(Logger):
|
||||
super().setup(cfg)
|
||||
self.access_log.addFilter(HealthCheckFilter())
|
||||
|
||||
def atoms(self, resp, req, environ, request_time):
|
||||
atoms = super().atoms(resp, req, environ, request_time)
|
||||
atoms["{client-ip}e"] = self._get_client_ip(environ)
|
||||
headers = {
|
||||
k[5:].replace("_", "-").lower(): v
|
||||
for k, v in environ.items()
|
||||
if k.startswith("HTTP_")
|
||||
}
|
||||
atoms["{all-headers}e"] = " | ".join(
|
||||
f"{k}: {v}" for k, v in sorted(headers.items())
|
||||
)
|
||||
return atoms
|
||||
|
||||
@staticmethod
|
||||
def _get_client_ip(environ):
|
||||
remote_addr = environ.get("REMOTE_ADDR", "-")
|
||||
xff = environ.get("HTTP_X_FORWARDED_FOR", "")
|
||||
if not xff:
|
||||
return remote_addr
|
||||
# Walk the chain from right to left, skipping trusted proxies
|
||||
ips = [ip.strip() for ip in xff.split(",")]
|
||||
for ip in reversed(ips):
|
||||
if ip not in TRUSTED_PROXIES:
|
||||
return ip
|
||||
# All IPs in the chain are trusted; fall back to the leftmost
|
||||
return ips[0]
|
||||
|
||||
|
||||
logger_class = CustomLogger
|
||||
access_log_format = '%({client-ip}e)s %(l)s %(u)s %(t)s "%(r)s" %(s)s %(b)s "%(f)s" "%(a)s" headers:[%({all-headers}e)s]'
|
||||
|
||||
Reference in New Issue
Block a user