Felix Niederwanger
121ab40b02
Adds the `uid` and `gid` settings in the main configuration file, which allows weblug to run under a unprivileged user account. This comes with the limitation, that unless the program runs as root, custom webhook `uid/gid` settings are not possible.
59 lines
2.2 KiB
YAML
59 lines
2.2 KiB
YAML
---
|
|
## Weblug example config
|
|
|
|
settings:
|
|
#bind: "127.0.0.1:2088" # bind address for webserver
|
|
bind: ":2088" # bind to all addresses
|
|
# Note: Due to current limitations, weblug needs to run as root when you use custom uid,gid settings per webhook
|
|
# This is a known issue, see https://codeberg.org/grisu48/weblug/issues/9
|
|
uid: 0 # run under specified user id
|
|
gid: 0 # run under specified group id
|
|
|
|
# hook definitions. A hook needs to define the HTTP endpoint ("route") and the command
|
|
# See the following examples for more possible options.
|
|
hooks:
|
|
- name: 'hook one'
|
|
route: "/webhooks/1"
|
|
command: "sleep 5"
|
|
background: True # Terminate http request immediately
|
|
concurrency: 2 # At most 2 parallel processes are allowed
|
|
env: # Define environment variables
|
|
KEY1: "VALUE1"
|
|
KEY2: "VALUE2"
|
|
|
|
- name: 'hook two'
|
|
route: "/webhooks/2"
|
|
command: "bash -c 'sleep 5'"
|
|
concurrency: 5 # At most 5 parallel processes are allowed
|
|
|
|
- name: 'hook 3'
|
|
route: "/webhooks/data/3"
|
|
command: "bash -c 'echo $UID $GID'"
|
|
uid: 100 # Run command as system user id (uid) 100
|
|
gid: 200 # Run command with system group id (gid) 200
|
|
concurrency: 1 # No concurrency. Returns 500 on parallel requests
|
|
output: True # Print program output to console
|
|
|
|
- name: 'hook 4'
|
|
route: "/webhooks/restricted/4"
|
|
command: "true"
|
|
# Allow only requests from localhost
|
|
allowed: ["127.0.0.1/8", "::1/128"]
|
|
|
|
- name: 'hook 5'
|
|
route: "/webhooks/restricted/5"
|
|
command: "true"
|
|
# Allow everything, except those two subnets
|
|
blocked: ["192.168.0.0/16", "10.0.0.0/8"]
|
|
|
|
- name: 'hook auth'
|
|
route: "/webhooks/restricted/auth"
|
|
command: "true"
|
|
# Require basic auth for this webhook
|
|
basic_auth:
|
|
# Username is optional. If defined, the following username must match
|
|
# If not defined, any user will be accepted
|
|
username: 'user'
|
|
# Password is obligatory to enable basic_auth. If defined, a request must authenticate with the given password (cleartext)
|
|
password: 'password'
|