Mercurial > kallithea

view init.d/celeryd-upstart.conf @ 8886:3d7ba590f6f5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
auth: only use X- headers instead of REMOTE_ADDR if explicitly told so in remote_addr_header Before, X-Forwarded-For (and others) headers would *always* be trusted blindly, also in setups without a proxy server. It would thus in some cases be possible for users to fake their IP, and thus potentially be possible to bypass IP restrictions configured in Kallithea. Fixed by making it configurable which WSGI environment variable to use for the remote address. Users can configure remote_addr_header to for example HTTP_X_FORWARDED_FOR instead of using the default REMOTE_ADDR. This change is a bit similar to what is going on in the https_fixup middleware, but is doing a bit more of what for example is happening in similar code in werkzeug/middleware/proxy_fix.py .
author Mads Kiilerich <mads@kiilerich.com>
date Sun, 09 May 2021 22:34:02 +0200
parents 1d539bb18165
children
line wrap: on
line source

# celeryd - run the celeryd daemon as an upstart job for kallithea
# Change variables/paths as necessary and place file /etc/init/celeryd.conf
# start/stop/restart as normal upstart job (ie: $ start celeryd)

description     "Celery for Kallithea Mercurial Server"
author          "Matt Zuba <matt.zuba@goodwillaz.org"

start on starting kallithea
stop on stopped kallithea

respawn

umask 0022

env PIDFILE=/tmp/celeryd.pid
env APPINI=/var/hg/kallithea/production.ini
env HOME=/var/hg
env USER=hg
# To use group (if different from user), you must edit sudoers file and change
# root's entry from (ALL) to (ALL:ALL)
# env GROUP=hg

script
    COMMAND="/var/hg/.virtualenvs/kallithea/bin/kallithea-cli celery-run -c $APPINI -- --pidfile=$PIDFILE"
    if [ -z "$GROUP" ]; then
        exec sudo -u $USER $COMMAND
    else
        exec sudo -u $USER -g $GROUP $COMMAND
    fi
end script

post-stop script
    rm -f $PIDFILE
end script