Bind lighttpd to $WEB_BIND_ADDR by default.

Signed-off-by: Nathan Gaberel <nathan@gnab.fr>
2023-01-21 17:15:31 -08:00 · 2023-01-21 17:15:31 -08:00 · 54d179c24b
parent 005b6495ec
commit 54d179c24b
2 changed files with 58 additions and 4 deletions
--- a/src/s6/debian-root/usr/local/bin/bash_functions.sh
+++ b/src/s6/debian-root/usr/local/bin/bash_functions.sh
@ -338,11 +338,24 @@ setup_FTL_ProcessDNSSettings(){
 }

 setup_lighttpd_bind() {
-    local serverip="${FTLCONF_LOCAL_IPV4}"
-    # if using '--net=host' only bind lighttpd on $FTLCONF_LOCAL_IPV4 and localhost
-    if grep -q "docker" /proc/net/dev && [[ $serverip != 0.0.0.0 ]]; then #docker (docker0 by default) should only be present on the host system
+    local bind_addr="${WEB_BIND_ADDR}"
+
+    if [[ -z "$bind_addr" ]]; then
+        # if using '--net=host' bind lighttpd on $FTLCONF_LOCAL_IPV4 (for backward compatibility with #154).
+        if grep -q "docker" /proc/net/dev && [[ $FTLCONF_LOCAL_IPV4 != 0.0.0.0 ]]; then #docker (docker0 by default) should only be present on the host system
+            echo "  [i] WARNING: running in host network mode forces lighttpd's bind address to \$FTLCONF_LOCAL_IPV4 ($FTLCONF_LOCAL_IPV4)."
+            echo "  [i] This behaviour is deprecated and will be removed in a future version. If your installation depends on a custom bind address (not 0.0.0.0) you should set the \$WEB_BIND_ADDR environment variable to the desired value."
+            bind_addr="${FTLCONF_LOCAL_IPV4}"
+        # bind on 0.0.0.0 by default
+        else
+            bind_addr="0.0.0.0"
+        fi
+    fi
+
+    # Overwrite lighttpd's bind address, always listen on localhost
+    if [[ $bind_addr != 0.0.0.0 ]]; then
        if ! grep -q "server.bind" /etc/lighttpd/lighttpd.conf ; then # if the declaration is already there, don't add it again
-            sed -i -E "s/server\.port\s+\=\s+([0-9]+)/server.bind\t\t = \"${serverip}\"\nserver.port\t\t = \1\n"\$SERVER"\[\"socket\"\] == \"127\.0\.0\.1:\1\" \{\}/" /etc/lighttpd/lighttpd.conf
+            sed -i -E "s/server\.port\s+\=\s+([0-9]+)/server.bind\t\t = \"${bind_addr}\"\nserver.port\t\t = \1\n"\$SERVER"\[\"socket\"\] == \"127\.0\.0\.1:\1\" \{\}/" /etc/lighttpd/lighttpd.conf
        fi
    fi
 }
--- a/test/tests/test_bash_functions.py
+++ b/test/tests/test_bash_functions.py
@ -247,3 +247,44 @@ def test_setupvars_trumps_random_password_if_set(docker, args_env, test_args):

    assert "Pre existing WEBPASSWORD found" in function.stdout
    assert docker.run(_grep("WEBPASSWORD=volumepass", SETUPVARS_LOC)).rc == 0
+
+
+@pytest.mark.parametrize(
+    "args_env,test_args,expected_bind,expect_warning",
+    [
+        ("-e FTLCONF_LOCAL_IPV4=192.0.2.10", "--net=host", "192.0.2.10", True),
+        ("-e FTLCONF_LOCAL_IPV4=192.0.2.10", "", "0.0.0.0", False),
+        (
+            "-e WEB_BIND_ADDR=192.0.2.20 -e FTLCONF_LOCAL_IPV4=192.0.2.10",
+            "--net=host",
+            "192.0.2.20",
+            False,
+        ),
+        (
+            "-e WEB_BIND_ADDR=192.0.2.20 -e FTLCONF_LOCAL_IPV4=192.0.2.10",
+            "",
+            "192.0.2.20",
+            False,
+        ),
+    ],
+)
+def test_setup_lighttpd_bind(
+    docker, args_env, test_args, expected_bind, expect_warning
+):
+    """Lighttpd's bind address is correctly set"""
+    WEB_CONFIG = "/etc/lighttpd/lighttpd.conf"
+    WARNING_EXTRACT = "[i] WARNING: running in host network mode forces"
+
+    function = docker.run(". /usr/local/bin/bash_functions.sh ; setup_lighttpd_bind")
+
+    if expect_warning:
+        assert WARNING_EXTRACT in function.stdout
+    else:
+        assert WARNING_EXTRACT not in function.stdout
+
+    config = docker.run(f"cat {WEB_CONFIG} | grep 'server.bind'")
+
+    if expected_bind == "0.0.0.0":
+        assert "server.bind" not in config.stdout
+    else:
+        assert f'server.bind		 = "{expected_bind}"' in config.stdout