run-dev: Add flag to allow JSON requests through HTTPS proxy.

2023-03-13 03:06:55 +00:00 · 2023-03-13 03:06:55 +00:00 · f8a74831b0
parent 2ce3f52030
commit f8a74831b0
3 changed files with 21 additions and 7 deletions
--- a/docs/development/remote.md
+++ b/docs/development/remote.md
@ -314,11 +314,7 @@ different.
   service nginx reload  # Actually enabled your nginx configuration
   ```

-1. Edit `zproject/dev_settings.py` to set
-   `EXTERNAL_URI_SCHEME = "https://"`, so that URLs served by the
-   development environment will be HTTPS.
-
-1. Start the Zulip development environment with the following command:
+1. Start the Zulip development environment in HTTPS mode with the following command:
   ```bash
-   env EXTERNAL_HOST="hostname.example.com" ./tools/run-dev --interface=''
+   env EXTERNAL_HOST="hostname.example.com" ./tools/run-dev --behind-https-proxy --interface=''
   ```
--- a/tools/run-dev
+++ b/tools/run-dev
@ -59,6 +59,11 @@ parser.add_argument(
    action="store_true",
    help="Enable access logs from tornado proxy server.",
 )
+parser.add_argument(
+    "--behind-https-proxy",
+    action="store_true",
+    help="Start app server in HTTPS mode, using reverse proxy",
+)
 add_provision_check_override_param(parser)
 options = parser.parse_args()

@ -95,6 +100,9 @@ else:
 manage_args = [f"--settings={settings_module}"]
 os.environ["DJANGO_SETTINGS_MODULE"] = settings_module

+if options.behind_https_proxy:
+    os.environ["BEHIND_HTTPS_PROXY"] = "1"
+
 from scripts.lib.zulip_tools import CYAN, ENDC

 proxy_port = base_port
@ -334,7 +342,10 @@ def print_listeners() -> None:
    else:
        default_hostname = "localhost"
    external_host = os.getenv("EXTERNAL_HOST", f"{default_hostname}:{proxy_port}")
-    print(f"\nStarting Zulip on:\n\n\t{CYAN}http://{external_host}/{ENDC}\n\nInternal ports:")
+    http_protocol = "https" if options.behind_https_proxy else "http"
+    print(
+        f"\nStarting Zulip on:\n\n\t{CYAN}{http_protocol}://{external_host}/{ENDC}\n\nInternal ports:"
+    )
    ports = [
        (proxy_port, "Development server proxy (connect here)"),
        (django_port, "Django"),
--- a/zproject/dev_settings.py
+++ b/zproject/dev_settings.py
@ -62,6 +62,13 @@ AUTHENTICATION_BACKENDS: Tuple[str, ...] = (
 )

 EXTERNAL_URI_SCHEME = "http://"
+
+if os.getenv("BEHIND_HTTPS_PROXY"):
+    # URLs served by the development environment will be HTTPS
+    EXTERNAL_URI_SCHEME = "https://"
+    # Trust requests from this host (required due to Nginx proxy)
+    CSRF_TRUSTED_ORIGINS = [EXTERNAL_URI_SCHEME + EXTERNAL_HOST]
+
 EMAIL_GATEWAY_PATTERN = "%s@" + EXTERNAL_HOST_WITHOUT_PORT
 NOTIFICATION_BOT = "notification-bot@zulip.com"
 EMAIL_GATEWAY_BOT = "emailgateway@zulip.com"