Skip to content

Dev environment: Add settings necessary for https and reverse proxy #10265

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Dev environment: Add settings necessary for https and reverse proxy #10265

wants to merge 1 commit into from

Conversation

benjaoming
Copy link
Contributor

@benjaoming benjaoming commented Apr 21, 2023
edited
Loading

Why

Depends on: readthedocs/common#176

This setup enables a developer to:

  • Run development environments behind HTTPS
  • Use a custom production domain and subdomains
  • Test developer's own GitHub OAuth applications
  • Finally set DEBUG=False via an option for invoke docker.up 🎉

What

Changes to docker-compose setup:

  • Storage HTTPS compatibility: Docker container for storage needs additional configuration
  • Custom domain w/ https possible: Additional settings to traverse from inv to settings.docker_compose
  • New socialauth options in settings.docker_compose to enable https
  • New setting to disable a suspicious host check in new unresolver

Changes

This PR was originally intended to add https compatibility to the storage container, but turned out a few more things beyond the inv docker.up --ngrok=custom.dev.example have been necessary

@benjaoming
Copy link
Contributor Author

benjaoming commented Apr 22, 2023
edited
Loading

(deleted a comment about using AWS_S3_CUSTOM_DOMAIN instead - yes, that worked for my setup with static files storage - but we have a different storage classes for media, so can't use a global setting)

@benjaoming benjaoming changed the title Allow to force https protocol on storage Dev environment: Add settings necessary for https and reverse proxy May 16, 2023
@benjaoming benjaoming mentioned this pull request May 16, 2023
Closed
@benjaoming benjaoming force-pushed the https-s3-override branch 3 times, most recently from 269c9b1 to 2eec87e Compare May 16, 2023 13:17
@benjaoming benjaoming force-pushed the https-s3-override branch from 2eec87e to caff0fb Compare May 16, 2023 13:30
@benjaoming benjaoming marked this pull request as ready for review May 16, 2023 13:30
@benjaoming benjaoming requested review from a team as code owners May 16, 2023 13:30
@benjaoming benjaoming requested a review from ericholscher May 16, 2023 13:30
@benjaoming benjaoming requested review from humitos and removed request for ericholscher May 16, 2023 13:30
@humitos
Copy link
Member

humitos commented May 22, 2023

What's the best way to run this PR locally and check that everything works as expected? What's the inv command I should run to spin up the instance?

benjaoming
benjaoming commented May 22, 2023
View reviewed changes
docs/dev/install.rst
* ``--ngrok`` is useful when it's required to access the local instance from outside (e.g. GitHub webhook)
* ``--no-django-debug`` runs all containers with ``DEBUG=False``
* ``--http-domain`` configures an external domain for the environment (useful for Ngrok or other https proxy)
* ``--https`` if using an HTTPS proxy, you may need to force the ``https://`` protocol for settings that otherwise automatically detect it as ``http://``
Copy link
Contributor Author

@benjaoming benjaoming May 22, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@humitos I forgot to add in the PR description that this depends on readthedocs/common#176

But yes, it would be nice if you can check that it works with your previous usage of --ngrok -- no reason that it shouldn't!

So a full demo would be: inv docker.up --no-django-debug --http-domain=<your-ngrok-domain> --https

Note that --https adds some new stuff that might have worked fine with your ngrok proxy - I have been running with an extra Nginx proxy in front that might have interfered more.

@benjaoming benjaoming mentioned this pull request May 23, 2023
Merged
3 tasks
@humitos
Copy link
Member

humitos commented May 29, 2023

Run development environments behind HTTPS

Is this required for any particular reason? This is the chunk of code that makes me more noise from this PR (touches production code and adds complexity) and I'd try to avoid it unless it's strictly needed for a particular task. I've never required to run our development instance over HTTPS, even when working with GitHub webhooks and other stuffs.

I'd be happy if we split this PR in two and remove from this one the --https option so we can keep discussing that in another PR and we don't block this one.

@benjaoming
Copy link
Contributor Author

benjaoming commented May 31, 2023
edited
Loading

Note to self: We have areas in the code-base using protocol = 'http' if settings.DEBUG else 'https', these should also be fixed when adding --https in another PR.

This was referenced Jun 5, 2023
Merged
Closed
@benjaoming
Copy link
Contributor Author

New PRs:

@benjaoming benjaoming closed this Jun 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@humitos humitos humitos left review comments

Assignees

@benjaoming benjaoming

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@benjaoming @humitos