[08:20:54] <wm-bot>	 !log m7@tools-bastion-15 tools.stewardbots stewardbots/StewardBot/manage.sh restart  # Disconnected
[08:20:56] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.stewardbots/SAL
[17:48:02] <wm-bb>	 <lucaswerkmeister> interesting difference… python3.11 tool sees itself as having an HTTPS URL: https://lucaswerkmeister-test.toolforge.org/url
[17:48:09] <wm-bb>	 <lucaswerkmeister> build service tool meanwhile sees itself as having an HTTP URL: https://lexeme-forms.toolforge.org/url
[17:48:21] <wm-bb>	 <lucaswerkmeister> (both of those are just `return flask.request.url`)
[17:48:53] <wm-bb>	 <lucaswerkmeister> I guess python3.11 has something magical in the uWSGI config which my build service setup (gunicorn) is missing? trusting X-Forwarded-Protocol or whatever?
[17:52:03] <wm-bb>	 <lucaswerkmeister> (IIUC, what I need in Gunicorn is https://gunicorn.org/reference/settings/#forwarded_allow_ips, but I’d have to figure out what to set it to first
[17:53:47] <wm-bb>	 <lucaswerkmeister> /me tries to find the uWSGI config
[17:54:44] <wm-bb>	 <lucaswerkmeister> ok, https://gerrit.wikimedia.org/g/operations/docker-images/toollabs-images/+/33f33fca21/shared/python/webservice-runner is probably what I was looking for
[17:56:52] <wm-bb>	 <lucaswerkmeister> but I don’t see what part of that makes it trust X-Forwarded-Whatever
[17:57:36] <wm-bb>	 <lucaswerkmeister> …I wonder if, just like Gunicorn, it trusts that header from 127.0.0.1 by default – but in webservice-runner, unlike in the build service, the proxied request actually comes from localhost, and so it gets trusted by default?
[18:12:54] <wm-bb>	 <lucaswerkmeister> (after some testing: `X-Forwarded-Proto: https` is the header actually received, ftr)
[18:13:10] <wm-bb>	 <lucaswerkmeister> I can’t figure out how that works under uWSGI, but somehow it does
[18:14:54] <wm-bb>	 <lucaswerkmeister> but based on https://wikitech.wikimedia.org/wiki/Help:Cloud_VPS_IP_space I probably want `--forwarded-allow-ips=172.16.0.0/17` in my Procfile
[18:15:33] <wm-bb>	 <lucaswerkmeister> (and I feel like this, unlike other options, really should be in the Procfile and not in `gunicorn.conf.py`, because it’s very specific to Toolforge and shouldn’t be applied if anyone runs the tool in another way)
[18:16:56] <taavi>	 actually, you'll want 192.168.0.0/16 as the trusted range
[18:17:32] <wm-bb>	 <lucaswerkmeister> hm, ok
[18:18:13] <taavi>	 (that being the range used for pod IPs inside the k8s cluster. your pod sees traffic originating from the Istio gateway layer in k8s)
[18:19:22] <wm-bb>	 <lucaswerkmeister> /me adds another temporary endpoint to log the remote_addr
[18:21:17] <wm-bb>	 <lucaswerkmeister> you’re right, thank you!
[18:21:26] <wm-bb>	 <lucaswerkmeister> I misinterpreted the X-Forwarded-For: header
[18:22:45] <wm-bb>	 <lucaswerkmeister> taavi: is that last traffic hop likely to stay IPv4-only? :D
[18:23:06] <taavi>	 yesn't
[18:23:17] <wm-bb>	 <lucaswerkmeister> no further questions your honor
[18:23:46] <taavi>	 so, yes for the short term, no for the long term
[18:24:00] <wm-bb>	 <lucaswerkmeister> (I torched the whole feature that complained about the “http” URL anyway, so this is mostly just me being curious ^^ https://gitlab.wikimedia.org/toolforge-repos/lexeme-forms/-/commit/43b18b8299)
[18:24:31] <wm-bb>	 <lucaswerkmeister> any guess what the IPv6 originating range will look like?
[18:25:12] <taavi>	 no
[18:25:22] <wm-bb>	 <lucaswerkmeister> ok, then I’ll just put the IPv4 in the Procfile for now
[18:25:24] <wm-bb>	 <lucaswerkmeister> thanks!
[18:35:53] <wm-bb>	 <lucaswerkmeister> “Error: '192.168.0.0/16' does not appear to be an IPv4 or IPv6 address”
[18:35:55] <wm-bb>	 <lucaswerkmeister> wtf gunicorn
[18:36:24] <wm-bb>	 <lucaswerkmeister> 192.168.0.0/16 is literally one of the example values on https://gunicorn.org/reference/settings/#forwarded_allow_ips
[18:39:58] <wm-bb>	 <lucaswerkmeister> oh wow, that support is new in 24.1.0 (and I’m pinned to 23) https://github.com/benoitc/gunicorn/releases/tag/24.1.0
[18:43:40] <wm-bb>	 <lucaswerkmeister> yay, now it works
[18:46:29] <wm-bot>	 !log lucaswerkmeister@tools-bastion-15 tools.lexeme-forms deployed a42e65b596 (configure Gunicorn --forwarded-allow-ips)
[18:46:32] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.lexeme-forms/SAL
[18:50:54] <wm-bot>	 !log lucaswerkmeister@tools-bastion-15 tools.lexeme-forms deployed 5b92917005 (upgrade dependencies)
[18:50:56] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.lexeme-forms/SAL
[18:54:34] <wm-bb>	 <lucaswerkmeister> /me tests unicode handling in dologmsg and bridgebot a bit
[18:55:24] <wm-bot>	 !log lucaswerkmeister@tools-bastion-15 tools.lexeme-forms deployed dfc101f3e0 (Python 3.14, aka 𝜋thon)
[18:55:26] <stashbot>	 Logged the message at https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools.lexeme-forms/SAL
[18:55:28] <wm-bb>	 <lucaswerkmeister> yay
[20:30:37] <wm-bb>	 <Camylevsky> Greetings all. For sometime now, I have been trying to get the number of uploaders using Toolforge, but the chart has not been appearing. I'm not sure whether this is a technical challenge that can be fixed soon.
[20:30:38] <wm-bb>	 <Camylevsky> (Toolforge link: https://ptools.toolforge.org/uploadersincat.php?category=Images+from+Wiki+Loves+Africa+2026+in+the+Tyap+community)
[20:30:40] <wm-bb>	 <Camylevsky> But if there is an alternative tool that can do the same job, I'd be glad to know.
[20:30:41] <wm-bb>	 <Camylevsky> Thanks!
[20:40:26] <wm-bb>	 <jeremy_b> idk why it's broken but it should stop loading Google JS on toolforge...