The app needs to accept incoming connections from an internal IP address to run the health checks given by app.json. However, this internal IP address could change. Dokku-provided nginx decides which incoming connections make it to the app,^1 so we rely on it (rather than on Django) for host header validation.
For more information, see the equivalent commit in job-server (2b30ddc09), Django's "ALLOWED_HOSTS" documentation, and Dokku's "Nginx Proxy" documentation.
This PR is required by #2129, which was reverted by #2139. After we merge it, we should either cherry-pick from the former or revert the latter.
[^1]: To see the configuration, run dokku nginx:show-config opencodelists.
The app needs to accept incoming connections from an internal IP address to run the health checks given by
app.json. However, this internal IP address could change. Dokku-provided nginx decides which incoming connections make it to the app,^1 so we rely on it (rather than on Django) for host header validation.For more information, see the equivalent commit in job-server (2b30ddc09), Django's "ALLOWED_HOSTS" documentation, and Dokku's "Nginx Proxy" documentation.
This PR is required by #2129, which was reverted by #2139. After we merge it, we should either cherry-pick from the former or revert the latter.
[^1]: To see the configuration, run
dokku nginx:show-config opencodelists.