Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps - Status | Demo | Docs | Install
  1. Cloudron Forum
  2. Change Detection
  3. Allow to pass env variables to python runtime for Changedetection

Allow to pass env variables to python runtime for Changedetection

Scheduled Pinned Locked Moved Unsolved Change Detection
5 Posts 3 Posters 16 Views 3 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • SansGuidonS Offline
    SansGuidonS Offline
    SansGuidon
    wrote last edited by SansGuidon
    #1

    Hey
    I notice some watches in my changedetection instance are errored with a message about an environment variable to set somewhere
    9f77506b-a0b9-4ca4-bd1b-cb641645493c-image.jpeg

    After I set this variable in env.sh, the variable is available in the container but is not passed to the context of the python3 runtime / changedetection.py, if someone can confirm my assumption?
    https://git.cloudron.io/packages/changedetection-app/-/blob/master/start.sh?ref_type=heads so the error persists in changedetection

    If I'm not mistaken then, it could be enough to adapt the package's Dockerfile around https://git.cloudron.io/packages/changedetection-app/-/blob/master/start.sh?ref_type=heads#L25 so the env variables sourced from env.sh are taken into account by the python runtime?

    Refs / examples usage

    • https://github.com/dgtlmoon/changedetection.io/commit/bf3f8eae45b2be7bb54e10cf74f8bf8456456b42
    • https://github.com/dgtlmoon/changedetection.io/commit/fe7aa38c651d73fe5f41ce09855fa8f97193747b

    Thanks for reading and review/feedback! I hope this is not a case of a https://xyproblem.info/

    About me / Now

    1 Reply Last reply
    1
    • jamesJ Offline
      jamesJ Offline
      james
      Staff
      wrote last edited by
      #2

      Hello @sansguidon
      Can you give me a step by step guide to reproduce this issue?

      1 Reply Last reply
      0
      • SansGuidonS Offline
        SansGuidonS Offline
        SansGuidon
        wrote last edited by
        #3

        @james I've sent you in PM an example problematic url

        About me / Now

        1 Reply Last reply
        0
        • SansGuidonS Offline
          SansGuidonS Offline
          SansGuidon
          wrote last edited by SansGuidon
          #4

          changedetection watch fails with:

          Fetch blocked: 'https://my.domain.tld/' resolves to a private/reserved IP address

          However the domain resolves to public IPs:

          A <redacted public ipv4>
          AAAA <redacted public ipv6>

          Inside the container:

          dig my.domain.tld -> <redacted public ipv4>
          getent hosts -> <redacted public ipv6>

          Both IPv4 and IPv6 connectivity work (curl -4 and curl -6 succeed).

          So DNS and networking are fine. The issue appears to be the SSRF protection in changedetection misclassifying the resolved IPv6 address as private/reserved.

          Setting:

          ALLOW_IANA_RESTRICTED_ADDRESSES=true

          should bypass the block and the fetch works but if I set that in env.sh, nothing changes because the changedetection python command that is run does not read those env

          Looks like a false positive triggered when the resolver prefers the IPv6 address.

          About me / Now

          1 Reply Last reply
          0
          • robiR Offline
            robiR Offline
            robi
            wrote last edited by
            #5

            Something has to run env.sh
            Does the startup script do it?

            Does it work if you set it manually?

            Conscious tech

            1 Reply Last reply
            0

            Hello! It looks like you're interested in this conversation, but you don't have an account yet.

            Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

            With your input, this post could be even better 💗

            Register Login
            Reply
            • Reply as topic
            Log in to reply
            • Oldest to Newest
            • Newest to Oldest
            • Most Votes

            • Login
            • Don't have an account? Register
            • Login or register to search.
            • First post
              Last post
            0
            • Categories
            • Recent
            • Tags
            • Popular
            • Bookmarks
            • Search