01203e7188
The change in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/24199 caused requests coming from a load balancer to arrive as 127.0.0.1 instead of the actual IP. `Rack::Request#ip` behaves slightly differently different than `ActionDispatch::Request#remote_ip`: the former will return the first X-Forwarded-For IP if all of the IPs are trusted proxies, while the second one filters out all proxies and falls back to REMOTE_ADDR, which is 127.0.0.1. For now, we can revert back to using `Rack::Request` because these middlewares don't manipulate parameters. The actual fix problem involves fixing Rails: https://github.com/rails/rails/issues/28436. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/58573
49 lines
1.6 KiB
Ruby
49 lines
1.6 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
# This middleware provides a health check that does not hit the database. Its purpose
|
|
# is to notify the prober that the application server is handling requests, but a 200
|
|
# response does not signify that the database or other services are ready.
|
|
#
|
|
# See https://thisdata.com/blog/making-a-rails-health-check-that-doesnt-hit-the-database/ for
|
|
# more details.
|
|
|
|
module Gitlab
|
|
module Middleware
|
|
class BasicHealthCheck
|
|
# This can't be frozen because Rails::Rack::Logger wraps the body
|
|
# rubocop:disable Style/MutableConstant
|
|
OK_RESPONSE = [200, { 'Content-Type' => 'text/plain' }, ["GitLab OK"]]
|
|
EMPTY_RESPONSE = [404, { 'Content-Type' => 'text/plain' }, [""]]
|
|
# rubocop:enable Style/MutableConstant
|
|
HEALTH_PATH = '/-/health'
|
|
|
|
def initialize(app)
|
|
@app = app
|
|
end
|
|
|
|
def call(env)
|
|
return @app.call(env) unless env['PATH_INFO'] == HEALTH_PATH
|
|
|
|
# We should be using ActionDispatch::Request instead of
|
|
# Rack::Request to be consistent with Rails, but due to a Rails
|
|
# bug described in
|
|
# https://gitlab.com/gitlab-org/gitlab-ce/issues/58573#note_149799010
|
|
# hosts behind a load balancer will only see 127.0.0.1 for the
|
|
# load balancer's IP.
|
|
request = Rack::Request.new(env)
|
|
|
|
return OK_RESPONSE if client_ip_whitelisted?(request)
|
|
|
|
EMPTY_RESPONSE
|
|
end
|
|
|
|
def client_ip_whitelisted?(request)
|
|
ip_whitelist.any? { |e| e.include?(request.ip) }
|
|
end
|
|
|
|
def ip_whitelist
|
|
@ip_whitelist ||= Settings.monitoring.ip_whitelist.map(&IPAddr.method(:new))
|
|
end
|
|
end
|
|
end
|
|
end
|