From fdf879a6b3672d13f81d826239ce8758b770a6a4 Mon Sep 17 00:00:00 2001 From: Rodolphe Breard Date: Sun, 4 Feb 2018 17:12:22 +0100 Subject: [PATCH] Allow to set the SECURE_PROXY_SSL_HEADER django setting Sometimes the django application is deployed behind a reverse-proxy which manage HTTPS. In such case, django think the connection is plain HTTP unless SECURE_PROXY_SSL_HEADER is set and the reverse-proxy sets the appropriate header/value. --- README.md | 3 +++ khaganat/settings.py | 11 +++++++++++ 2 files changed, 14 insertions(+) diff --git a/README.md b/README.md index df8ce64..68f9f59 100644 --- a/README.md +++ b/README.md @@ -45,3 +45,6 @@ You can set the following variables in the `.env` file: * `KHAGANAT_EMAIL_USE_TLS`: Whether to use a TLS connection to the SMTP server, default is `False`. * `KHAGANAT_EMAIL_SUBJECT_PREFIX`: Subject-line prefix for email, default is empty. * `KHAGANAT_DEFAULT_FROM_EMAIL`: Default email address to use, default is `no-reply@localhost`. +* `KHAGANAT_FORCE_HTTPS`: If True, enable the use of `KHAGANAT_HTTPS_HEADER_NAME` and `KHAGANAT_HTTPS_HEADER_VALUE` to set the `SECURE_PROXY_SSL_HEADER` configuration option. Default is `False`. +* `KHAGANAT_HTTPS_HEADER_NAME`: Header name for `SECURE_PROXY_SSL_HEADER`, default is `HTTP_X_FORWARDED_PROTO`. +* `KHAGANAT_HTTPS_HEADER_VALUE`: Header value for `SECURE_PROXY_SSL_HEADER`, default is `https`. diff --git a/khaganat/settings.py b/khaganat/settings.py index 8be946e..0efeb00 100644 --- a/khaganat/settings.py +++ b/khaganat/settings.py @@ -176,6 +176,17 @@ USE_TZ = True STATIC_URL = os.getenv('KHAGANAT_STATIC_URL', default='/static/') STATIC_ROOT = os.getenv('KHAGANAT_STATIC_ROOT', default='') or None + # Logs configuration KHAGANAT_LOGS_MIN_DAYS = int(os.getenv('KHAGANAT_LOGS_MIN_DAYS', default='0')) KHAGANAT_LOGS_MAX_DAYS = int(os.getenv('KHAGANAT_LOGS_MAX_DAYS', default='7')) + + +# TLS +# https://docs.djangoproject.com/fr/2.0/ref/settings/#std:setting-SECURE_PROXY_SSL_HEADER + +if get_config_bool('KHAGANAT_FORCE_HTTPS', default=False): + SECURE_PROXY_SSL_HEADER = ( + os.getenv('KHAGANAT_HTTPS_HEADER_NAME', default='HTTP_X_FORWARDED_PROTO'), + os.getenv('KHAGANAT_HTTPS_HEADER_VALUE', default='https') + )