Allow to set the SECURE_PROXY_SSL_HEADER django setting

Sometimes the django application is deployed behind a reverse-proxy
which manage HTTPS. In such case, django think the connection is plain
HTTP unless SECURE_PROXY_SSL_HEADER is set and the reverse-proxy sets
the appropriate header/value.
This commit is contained in:
Rodolphe Breard 2018-02-04 17:12:22 +01:00
parent 291f9f0910
commit fdf879a6b3
2 changed files with 14 additions and 0 deletions

View file

@ -45,3 +45,6 @@ You can set the following variables in the `.env` file:
* `KHAGANAT_EMAIL_USE_TLS`: Whether to use a TLS connection to the SMTP server, default is `False`.
* `KHAGANAT_EMAIL_SUBJECT_PREFIX`: Subject-line prefix for email, default is empty.
* `KHAGANAT_DEFAULT_FROM_EMAIL`: Default email address to use, default is `no-reply@localhost`.
* `KHAGANAT_FORCE_HTTPS`: If True, enable the use of `KHAGANAT_HTTPS_HEADER_NAME` and `KHAGANAT_HTTPS_HEADER_VALUE` to set the `SECURE_PROXY_SSL_HEADER` configuration option. Default is `False`.
* `KHAGANAT_HTTPS_HEADER_NAME`: Header name for `SECURE_PROXY_SSL_HEADER`, default is `HTTP_X_FORWARDED_PROTO`.
* `KHAGANAT_HTTPS_HEADER_VALUE`: Header value for `SECURE_PROXY_SSL_HEADER`, default is `https`.

View file

@ -176,6 +176,17 @@ USE_TZ = True
STATIC_URL = os.getenv('KHAGANAT_STATIC_URL', default='/static/')
STATIC_ROOT = os.getenv('KHAGANAT_STATIC_ROOT', default='') or None
# Logs configuration
KHAGANAT_LOGS_MIN_DAYS = int(os.getenv('KHAGANAT_LOGS_MIN_DAYS', default='0'))
KHAGANAT_LOGS_MAX_DAYS = int(os.getenv('KHAGANAT_LOGS_MAX_DAYS', default='7'))
# TLS
# https://docs.djangoproject.com/fr/2.0/ref/settings/#std:setting-SECURE_PROXY_SSL_HEADER
if get_config_bool('KHAGANAT_FORCE_HTTPS', default=False):
SECURE_PROXY_SSL_HEADER = (
os.getenv('KHAGANAT_HTTPS_HEADER_NAME', default='HTTP_X_FORWARDED_PROTO'),
os.getenv('KHAGANAT_HTTPS_HEADER_VALUE', default='https')
)