From f8a74831b0484549d758c93b7a9fa55ae686eb0f Mon Sep 17 00:00:00 2001 From: Tam Le Date: Mon, 13 Mar 2023 03:06:55 +0000 Subject: [PATCH] run-dev: Add flag to allow JSON requests through HTTPS proxy. --- docs/development/remote.md | 8 ++------ tools/run-dev | 13 ++++++++++++- zproject/dev_settings.py | 7 +++++++ 3 files changed, 21 insertions(+), 7 deletions(-) diff --git a/docs/development/remote.md b/docs/development/remote.md index e9f464805a..c7879c5aad 100644 --- a/docs/development/remote.md +++ b/docs/development/remote.md @@ -314,11 +314,7 @@ different. service nginx reload # Actually enabled your nginx configuration ``` -1. Edit `zproject/dev_settings.py` to set - `EXTERNAL_URI_SCHEME = "https://"`, so that URLs served by the - development environment will be HTTPS. - -1. Start the Zulip development environment with the following command: +1. Start the Zulip development environment in HTTPS mode with the following command: ```bash - env EXTERNAL_HOST="hostname.example.com" ./tools/run-dev --interface='' + env EXTERNAL_HOST="hostname.example.com" ./tools/run-dev --behind-https-proxy --interface='' ``` diff --git a/tools/run-dev b/tools/run-dev index 95fc2ea22e..9ae47714e4 100755 --- a/tools/run-dev +++ b/tools/run-dev @@ -59,6 +59,11 @@ parser.add_argument( action="store_true", help="Enable access logs from tornado proxy server.", ) +parser.add_argument( + "--behind-https-proxy", + action="store_true", + help="Start app server in HTTPS mode, using reverse proxy", +) add_provision_check_override_param(parser) options = parser.parse_args() @@ -95,6 +100,9 @@ else: manage_args = [f"--settings={settings_module}"] os.environ["DJANGO_SETTINGS_MODULE"] = settings_module +if options.behind_https_proxy: + os.environ["BEHIND_HTTPS_PROXY"] = "1" + from scripts.lib.zulip_tools import CYAN, ENDC proxy_port = base_port @@ -334,7 +342,10 @@ def print_listeners() -> None: else: default_hostname = "localhost" external_host = os.getenv("EXTERNAL_HOST", f"{default_hostname}:{proxy_port}") - print(f"\nStarting Zulip on:\n\n\t{CYAN}http://{external_host}/{ENDC}\n\nInternal ports:") + http_protocol = "https" if options.behind_https_proxy else "http" + print( + f"\nStarting Zulip on:\n\n\t{CYAN}{http_protocol}://{external_host}/{ENDC}\n\nInternal ports:" + ) ports = [ (proxy_port, "Development server proxy (connect here)"), (django_port, "Django"), diff --git a/zproject/dev_settings.py b/zproject/dev_settings.py index e9c50e6bbb..80d75cf1e4 100644 --- a/zproject/dev_settings.py +++ b/zproject/dev_settings.py @@ -62,6 +62,13 @@ AUTHENTICATION_BACKENDS: Tuple[str, ...] = ( ) EXTERNAL_URI_SCHEME = "http://" + +if os.getenv("BEHIND_HTTPS_PROXY"): + # URLs served by the development environment will be HTTPS + EXTERNAL_URI_SCHEME = "https://" + # Trust requests from this host (required due to Nginx proxy) + CSRF_TRUSTED_ORIGINS = [EXTERNAL_URI_SCHEME + EXTERNAL_HOST] + EMAIL_GATEWAY_PATTERN = "%s@" + EXTERNAL_HOST_WITHOUT_PORT NOTIFICATION_BOT = "notification-bot@zulip.com" EMAIL_GATEWAY_BOT = "emailgateway@zulip.com"