fix(security): bind 127.0.0.1 par défaut via RPA_BIND_HOST (plus de host=0.0.0.0 en dur)
Les 4 entrypoints HTTP (api_stream 5005, api_upload 8000, VWB backend 5002,
dashboard 5001) bindaient host=0.0.0.0 en dur -> exposés sur tout le réseau.
Désormais host=os.environ.get('RPA_BIND_HOST','127.0.0.1') : local-only par
défaut, configurable. Découvert à la mise en service DGX local-only.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -7649,4 +7649,5 @@ if __name__ == "__main__":
|
|||||||
level=logging.INFO,
|
level=logging.INFO,
|
||||||
format="%(asctime)s [API-STREAM] %(message)s",
|
format="%(asctime)s [API-STREAM] %(message)s",
|
||||||
)
|
)
|
||||||
uvicorn.run(app, host="0.0.0.0", port=5005)
|
import os as _os
|
||||||
|
uvicorn.run(app, host=_os.environ.get("RPA_BIND_HOST", "127.0.0.1"), port=5005)
|
||||||
|
|||||||
@@ -471,9 +471,10 @@ if __name__ == "__main__":
|
|||||||
logger.info(f"Encryption password: {'***' if ENCRYPTION_PASSWORD != 'rpa_vision_v3_default_key' else 'DEFAULT (changer!)'}")
|
logger.info(f"Encryption password: {'***' if ENCRYPTION_PASSWORD != 'rpa_vision_v3_default_key' else 'DEFAULT (changer!)'}")
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
import os as _os
|
||||||
uvicorn.run(
|
uvicorn.run(
|
||||||
app,
|
app,
|
||||||
host="0.0.0.0",
|
host=_os.environ.get("RPA_BIND_HOST", "127.0.0.1"),
|
||||||
port=8000,
|
port=8000,
|
||||||
log_level="info"
|
log_level="info"
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -443,9 +443,10 @@ if __name__ == '__main__':
|
|||||||
# Désactivation du mode debug pour stabiliser le laboratoire
|
# Désactivation du mode debug pour stabiliser le laboratoire
|
||||||
debug = False
|
debug = False
|
||||||
|
|
||||||
|
import os as _os
|
||||||
socketio.run(
|
socketio.run(
|
||||||
app,
|
app,
|
||||||
host='0.0.0.0',
|
host=_os.environ.get('RPA_BIND_HOST', '127.0.0.1'),
|
||||||
port=port,
|
port=port,
|
||||||
debug=False,
|
debug=False,
|
||||||
use_reloader=False,
|
use_reloader=False,
|
||||||
|
|||||||
@@ -2866,9 +2866,10 @@ if __name__ == '__main__':
|
|||||||
print("=" * 50)
|
print("=" * 50)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
import os as _os
|
||||||
socketio.run(
|
socketio.run(
|
||||||
app,
|
app,
|
||||||
host='0.0.0.0',
|
host=_os.environ.get('RPA_BIND_HOST', '127.0.0.1'),
|
||||||
port=5001,
|
port=5001,
|
||||||
debug=False,
|
debug=False,
|
||||||
allow_unsafe_werkzeug=True
|
allow_unsafe_werkzeug=True
|
||||||
|
|||||||
Reference in New Issue
Block a user