From f7f266b994a1b7d0e3b54e49e640be35b8078bf0 Mon Sep 17 00:00:00 2001 From: Astounds Date: Fri, 29 May 2026 21:28:22 -0500 Subject: Add hardened Docker support and multi-arch CI Multi-stage Dockerfile (non-root, Tor-ready), compose file, and entrypoints. Forgejo CI builds linux/amd64+arm64, scans with checksum-verified Grype, and pins all actions to commit SHA. Makefile gains venv bootstrap and docker targets; server.py gains a --bind flag. --- server.py | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) (limited to 'server.py') diff --git a/server.py b/server.py index 7f0100c..37a8c6b 100644 --- a/server.py +++ b/server.py @@ -276,17 +276,26 @@ class FilteredRequestLog: if __name__ == '__main__': - if settings.allow_foreign_addresses: - # Binding to all interfaces is opt-in via the - # `allow_foreign_addresses` setting and documented as discouraged. - server = WSGIServer(('0.0.0.0', settings.port_number), site_dispatch, - log=FilteredRequestLog()) + # Bind address: --bind flag overrides, then allow_foreign_addresses setting, + # then default to localhost only. + import argparse + parser = argparse.ArgumentParser(description='yt-local server') + parser.add_argument( + '--bind', default=None, metavar='ADDR', + help='Address to bind to (default: 127.0.0.1, or 0.0.0.0 if allow_foreign_addresses)', + ) + args = parser.parse_args() + + if args.bind: + ip_server = args.bind + elif settings.allow_foreign_addresses: ip_server = '0.0.0.0' else: - server = WSGIServer(('127.0.0.1', settings.port_number), site_dispatch, - log=FilteredRequestLog()) ip_server = '127.0.0.1' + server = WSGIServer((ip_server, settings.port_number), site_dispatch, + log=FilteredRequestLog()) + print('Starting httpserver at http://%s:%s/' % (ip_server, settings.port_number)) -- cgit v1.2.3