kallithea: init.d/kallithea-daemon-arch annotate

annotate init.d/kallithea-daemon-arch @ 8886:3d7ba590f6f5

auth: only use X- headers instead of REMOTE_ADDR if explicitly told so in remote_addr_header Before, X-Forwarded-For (and others) headers would *always* be trusted blindly, also in setups without a proxy server. It would thus in some cases be possible for users to fake their IP, and thus potentially be possible to bypass IP restrictions configured in Kallithea. Fixed by making it configurable which WSGI environment variable to use for the remote address. Users can configure remote_addr_header to for example HTTP_X_FORWARDED_FOR instead of using the default REMOTE_ADDR. This change is a bit similar to what is going on in the https_fixup middleware, but is doing a bit more of what for example is happening in similar code in werkzeug/middleware/proxy_fix.py .

author	Mads Kiilerich <mads@kiilerich.com>
date	Sun, 09 May 2021 22:34:02 +0200
parents	2c3d30095d5e
children

rev	line source
2114 0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	1 #!/bin/bash
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	2 ###########################################
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	3 #### THIS IS AN ARCH LINUX RC.D SCRIPT ####
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	4 ###########################################
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	5
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	6 . /etc/rc.conf
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	7 . /etc/rc.d/functions
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	8
4190 99ad9d0af1a3 Rename init scripts and fix references inside them Bradley M. Kuhn <bkuhn@sfconservancy.org> parents: 2114 diff changeset	9 DAEMON=kallithea
2114 0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	10 APP_HOMEDIR="/srv"
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	11 APP_PATH="$APP_HOMEDIR/$DAEMON"
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	12 CONF_NAME="production.ini"
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	13 LOG_FILE="/var/log/$DAEMON.log"
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	14 PID_FILE="/run/daemons/$DAEMON"
6554 2c3d30095d5e gearbox: replace paster with something TurboGears2-ish that still works with the Pylons stack Mads Kiilerich <madski@unity3d.com> parents: 6370 diff changeset	15 APPL=/usr/bin/gearbox
2114 0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	16 RUN_AS="*****"
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	17
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	18 ARGS="serve --daemon \
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	19 --user=$RUN_AS \
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	20 --group=$RUN_AS \
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	21 --pid-file=$PID_FILE \
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	22 --log-file=$LOG_FILE \
6554 2c3d30095d5e gearbox: replace paster with something TurboGears2-ish that still works with the Pylons stack Mads Kiilerich <madski@unity3d.com> parents: 6370 diff changeset	23 -c $APP_PATH/$CONF_NAME"
2114 0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	24
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	25 [ -r /etc/conf.d/$DAEMON ] && . /etc/conf.d/$DAEMON
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	26
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	27 if [[ -r $PID_FILE ]]; then
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	28 read -r PID < "$PID_FILE"
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	29 if [[ $PID && ! -d /proc/$PID ]]; then
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	30 unset PID
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	31 rm_daemon $DAEMON
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	32 fi
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	33 fi
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	34
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	35 case "$1" in
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	36 start)
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	37 stat_busy "Starting $DAEMON"
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	38 export HOME=$APP_PATH
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	39 [ -z "$PID" ] && $APPL $ARGS &>/dev/null
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	40 if [ $? = 0 ]; then
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	41 add_daemon $DAEMON
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	42 stat_done
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	43 else
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	44 stat_fail
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	45 exit 1
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	46 fi
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	47 ;;
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	48 stop)
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	49 stat_busy "Stopping $DAEMON"
6370 e285bb7abb28 scripts: apply whitespace cleanup to more files - opt out instead of opt in Mads Kiilerich <mads@kiilerich.com> parents: 4190 diff changeset	50 [ -n "$PID" ] && kill $PID &>/dev/null
2114 0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	51 if [ $? = 0 ]; then
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	52 rm_daemon $DAEMON
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	53 stat_done
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	54 else
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	55 stat_fail
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	56 exit 1
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	57 fi
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	58 ;;
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	59 restart)
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	60 $0 stop
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	61 sleep 1
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	62 $0 start
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	63 ;;
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	64 status)
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	65 stat_busy "Checking $name status";
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	66 ck_status $name
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	67 ;;
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	68 *)
0dc18e9a3150 added arch example init.d Marcin Kuzminski <marcin@python-works.com> parents: diff changeset	69 echo "usage: $0 {start\|stop\|restart\|status}"
6370 e285bb7abb28 scripts: apply whitespace cleanup to more files - opt out instead of opt in Mads Kiilerich <mads@kiilerich.com> parents: 4190 diff changeset	70 esac

Mercurial > kallithea

annotate init.d/kallithea-daemon-arch @ 8886:3d7ba590f6f5