Closed mihai-sysbio closed 1 year ago
Great! I had looked into this and found similar but didn't get around to adding it yet :)
Not part of this PR, but the other related things we discussed in case I forget,
open-preview
in .gitpod.yml e.g. see what Galaxy do here https://github.com/galaxyproject/training-material/blob/main/.gitpod.ymlcp .env.default .env
) and cp postgres/postgres.env.default postgres/postgres.env
. I didn't initially know to do those steps as they're not something I've done before, maybe others are the same.Those were too good suggestions to wait with them @mblue9 so I've added them though commit dba8fa3.
Allowing all hosts by default is not a good idea.
@jonandernovella could you expand?
Here's my thinking: For development, the Dockerfile is now set up to only allow requests from the localhost. Imho, this should be more secure than the filter in Django. And for production, this filter should not matter. Also, I think accepting all hosts is required for Django to work in Gitpod - but perhaps not?
Allowing all hosts by default is not a good idea.
@jonandernovella could you expand?
Here's my thinking: For development, the Dockerfile is now set up to only allow requests from the localhost. Imho, this should be more secure than the filter in Django. And for production, this filter should not matter. Also, I think accepting all hosts is required for Django to work in Gitpod - but perhaps not?
If gitpod requires accepting all hosts that's OK. But we shouldn't need to change the default env values, which are secure by default. Instead I'd prefer if you can customize the actual env file to meet the requirements for gitpod.
But we shouldn't need to change the default env values, which are secure by default.
In my view, this Django-provided security is of little/no benefit over the Docker-provided security, and the project is now fully running inside Docker.
Instead I'd prefer if you can customize the actual env file to meet the requirements for gitpod.
Good idea, that is of course possible - another env/Dockerfile can be set up especially for Gitpod, and to me that is extra maintenance (and possible duplication) which is why I prefer to avoid it.
However, @jonandernovella if you feel strongly about these changes, please feel free to add them directly to this branch.
But we shouldn't need to change the default env values, which are secure by default.
In my view, this Django-provided security is of little/no benefit over the Docker-provided security, and the project is now fully running inside Docker.
Instead I'd prefer if you can customize the actual env file to meet the requirements for gitpod.
Good idea, that is of course possible - another env/Dockerfile can be set up especially for Gitpod, and to me that is extra maintenance (and possible duplication) which is why I prefer to avoid it.
However, @jonandernovella if you feel strongly about these changes, please feel free to add them directly to this branch.
It entirely depends on how Docker is set up and whether you trust your networks. I'd generally recommend applying a zero trust policy on this matter.
But we shouldn't need to change the default env values, which are secure by default.
In my view, this Django-provided security is of little/no benefit over the Docker-provided security, and the project is now fully running inside Docker.
Instead I'd prefer if you can customize the actual env file to meet the requirements for gitpod.
Good idea, that is of course possible - another env/Dockerfile can be set up especially for Gitpod, and to me that is extra maintenance (and possible duplication) which is why I prefer to avoid it.
However, @jonandernovella if you feel strongly about these changes, please feel free to add them directly to this branch.
I don't think a new Dockerfile is needed. You'd just need to modify that variable in the gitpod script.
Thanks @mihai-sysbio for this setup. I'm also a big fan of GitPod. Massive time saver.
This PR makes it possible to run the entire stack in Gitpod, and adds a label in the Readme for it. @mblue9 and I started to look into this during the hackathon but didn’t quite get it to work. It proved to be a restriction on the allowed hosts.