Add a configuration flag for external TLS termination
This is necessary to ensure that we use the correct scheme when conducting health checks, setting cookies, etc. Fixes #1865
This commit is contained in:
Joseph Schorr
parent
bfaa46c499
commit
310eded8e6
2 changed files with 10 additions and 1 deletions
|
|
@ -77,6 +77,11 @@ class DefaultConfig(object):
|
||||||
|
|
||||||
DB_TRANSACTION_FACTORY = create_transaction
|
DB_TRANSACTION_FACTORY = create_transaction
|
||||||
|
|
||||||
|
# If set to true, TLS is used, but is terminated by an external service (such as a load balancer).
|
||||||
|
# Note that PREFERRED_URL_SCHEME must be `https` when this flag is set or it can lead to undefined
|
||||||
|
# behavior.
|
||||||
|
EXTERNAL_TLS_TERMINATION = False
|
||||||
|
|
||||||
# If true, CDN URLs will be used for our external dependencies, rather than the local
|
# If true, CDN URLs will be used for our external dependencies, rather than the local
|
||||||
# copies.
|
# copies.
|
||||||
USE_CDN = True
|
USE_CDN = True
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,11 @@ def _check_registry_gunicorn(app):
|
||||||
if len(hostname_parts) == 2:
|
if len(hostname_parts) == 2:
|
||||||
port = ':' + hostname_parts[1]
|
port = ':' + hostname_parts[1]
|
||||||
|
|
||||||
registry_url = '%s://localhost%s/v1/_internal_ping' % (app.config['PREFERRED_URL_SCHEME'], port)
|
scheme = app.config['PREFERRED_URL_SCHEME']
|
||||||
|
if app.config.get('EXTERNAL_TLS_TERMINATION', False):
|
||||||
|
scheme = 'http'
|
||||||
|
|
||||||
|
registry_url = '%s://localhost%s/v1/_internal_ping' % (scheme, port)
|
||||||
try:
|
try:
|
||||||
return client.get(registry_url, verify=False, timeout=2).status_code == 200
|
return client.get(registry_url, verify=False, timeout=2).status_code == 200
|
||||||
except Exception:
|
except Exception:
|
||||||
|
|
|
||||||
Reference in a new issue