From c514feaa22005a184ca7ff3ccd034c242d43515c Mon Sep 17 00:00:00 2001 From: Alex Vandiver Date: Thu, 18 Nov 2021 14:50:24 -0800 Subject: [PATCH] puppet: Default go-camo to listening on localhost for standalone deploys. The default in the previous commit, inherited from camo, was to bind to 0.0.0.0:9292. In standalone deployments, camo is deployed on the same host as the nginx reverse proxy, and as such there is no need to open it up to other IPs. Make `zulip::camo` take an optional parameter, which allows overriding it in puppet, but skips a `zulip.conf` setting for it, since it is unlikely to be adjust by most users. --- puppet/zulip/manifests/camo.pp | 2 +- puppet/zulip/manifests/localhost_camo.pp | 4 +++- puppet/zulip/templates/supervisor/go-camo.conf.erb | 2 +- puppet/zulip_ops/manifests/camo.pp | 4 +++- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/puppet/zulip/manifests/camo.pp b/puppet/zulip/manifests/camo.pp index 54c63137b9..620b6e4a86 100644 --- a/puppet/zulip/manifests/camo.pp +++ b/puppet/zulip/manifests/camo.pp @@ -1,4 +1,4 @@ -class zulip::camo { +class zulip::camo (String $listen_address = '0.0.0.0') { # TODO/compatibility: Removed 2021-11 in version 5.0; these lines # can be removed once one must have upgraded through Zulip 5.0 or # higher to get to the next release. diff --git a/puppet/zulip/manifests/localhost_camo.pp b/puppet/zulip/manifests/localhost_camo.pp index aa4a55e36b..5c07ce0ab3 100644 --- a/puppet/zulip/manifests/localhost_camo.pp +++ b/puppet/zulip/manifests/localhost_camo.pp @@ -1,5 +1,7 @@ class zulip::localhost_camo { - include zulip::camo + class { 'zulip::camo': + listen_address => '127.0.0.1', + } # Install nginx configuration to run camo locally file { '/etc/nginx/zulip-include/app.d/camo.conf': diff --git a/puppet/zulip/templates/supervisor/go-camo.conf.erb b/puppet/zulip/templates/supervisor/go-camo.conf.erb index 6ff22597f1..72540102c0 100644 --- a/puppet/zulip/templates/supervisor/go-camo.conf.erb +++ b/puppet/zulip/templates/supervisor/go-camo.conf.erb @@ -1,5 +1,5 @@ [program:go-camo] -command=<%= @bin %> --listen=0.0.0.0:9292 -H "Strict-Transport-Security: max-age=15768000" -H "X-Frame-Options: DENY" --verbose +command=<%= @bin %> --listen=<%= @listen_address %>:9292 -H "Strict-Transport-Security: max-age=15768000" -H "X-Frame-Options: DENY" --verbose environment=GOCAMO_HMAC="<%= @camo_key %>" priority=15 autostart=true diff --git a/puppet/zulip_ops/manifests/camo.pp b/puppet/zulip_ops/manifests/camo.pp index edef457b7e..e2cde00611 100644 --- a/puppet/zulip_ops/manifests/camo.pp +++ b/puppet/zulip_ops/manifests/camo.pp @@ -1,5 +1,7 @@ class zulip_ops::camo { - include zulip::camo + class { 'zulip::camo': + listen_address => '0.0.0.0', + } zulip_ops::firewall_allow { 'camo': port => '9292' } }