Add a configuration flag for external TLS termination
This is necessary to ensure that we use the correct scheme when conducting health checks, setting cookies, etc. Fixes #1865
This commit is contained in:
Joseph Schorr
parent
bfaa46c499
commit
310eded8e6
2 changed files with 10 additions and 1 deletions
|
|
@ -77,6 +77,11 @@ class DefaultConfig(object):
|
|||
|
||||
DB_TRANSACTION_FACTORY = create_transaction
|
||||
|
||||
# If set to true, TLS is used, but is terminated by an external service (such as a load balancer).
|
||||
# Note that PREFERRED_URL_SCHEME must be `https` when this flag is set or it can lead to undefined
|
||||
# behavior.
|
||||
EXTERNAL_TLS_TERMINATION = False
|
||||
|
||||
# If true, CDN URLs will be used for our external dependencies, rather than the local
|
||||
# copies.
|
||||
USE_CDN = True
|
||||
|
|
|
|||
|
|
@ -16,7 +16,11 @@ def _check_registry_gunicorn(app):
|
|||
if len(hostname_parts) == 2:
|
||||
port = ':' + hostname_parts[1]
|
||||
|
||||
registry_url = '%s://localhost%s/v1/_internal_ping' % (app.config['PREFERRED_URL_SCHEME'], port)
|
||||
scheme = app.config['PREFERRED_URL_SCHEME']
|
||||
if app.config.get('EXTERNAL_TLS_TERMINATION', False):
|
||||
scheme = 'http'
|
||||
|
||||
registry_url = '%s://localhost%s/v1/_internal_ping' % (scheme, port)
|
||||
try:
|
||||
return client.get(registry_url, verify=False, timeout=2).status_code == 200
|
||||
except Exception:
|
||||
|
|
|
|||
Reference in a new issue