search

CraigS2 / SpeciesNet

Aquatic Species Network site providing Aquarists a means share info and availability of Aquarium Fish Species
1 stars 1 forks source link

Fix allowed hosts for production server deployment #3

Open iragm opened 1 month ago

iragm commented 1 month ago

In settings.py we are setting ALLOWED_HOSTS = ['*'], and there's a line commented out:

#ALLOWED_HOSTS = os.environ.get('ALLOWED_HOSTS').split(' ') --> Fails because of Django header mismatch

Don't allow * in production, read the allowed host from the ENV. If the headers aren't working, figure out why the nginx conf isn't passing along the right ones and fix it there. This is a config that I have used, remember that the env cannot be used in an nginx conf easily:

    location / {
        proxy_pass http://ASN_DJANGO:8000;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        client_max_body_size 20M;
    }
    location /static/ {
        alias your/static/files;
    }
    location /media/ {
        alias your/media/files;
    }

Same issue with CSRF_TRUSTED_ORIGINS

iragm commented 1 month ago

This should be fixed in the currently open PR