Add required settings when running behind a proxy.

2021-01-08 17:12:52 +01:00 · 2021-01-08 17:12:52 +01:00 · 10b13ff505
parent 283c1a6ae7
commit 10b13ff505
3 changed files with 19 additions and 2 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -15,8 +15,13 @@ inception_project_haproxy_public_net: 'haproxy-public'
 # Settings
 inception_project_server_port: 8080
 inception_project_server_address: '0.0.0.0'
+inception_project_server_endpoint: 'inception.localdomain'
+inception_project_server_behind_reverse_proxy: True
 inception_project_backup_interval: 300
 inception_project_backup_keep_number: 10
+inception_project_debug_enabled: 'false'
+# Required when running behind a reverse proxy
+inception_project_disable_crsf: True
 # In seconds
 inception_project_backup_keep_time: 0
 inception_project_server_auth_mode: 'database'
@ -37,7 +42,7 @@ inception_project_db_volume: 'inception_db_data'
 inception_project_db_constraints: 'node.labels.mysql_data==inception_project'

 inception_project_settings:
-  - 'debug.showExceptionPage=false'
+  - 'debug.showExceptionPage={{ inception_project_debug_enabled }}'
  - 'user.profile.accessible=true'
  - 'user-selection.hideUsers=false'
  - 'server.port={{ inception_project_server_port }}'
--- a/templates/inception-project-docker-compose.yml.j2
+++ b/templates/inception-project-docker-compose.yml.j2
@ -27,6 +27,7 @@ services:
      - INCEPTION_DB_URL=jdbc:mysql://{{ inception_project_db_host }}:{{ inception_project_db_port }}/{{ inception_project_db_name }}?useUnicode=true&characterEncoding=UTF-8
      - INCEPTION_DB_USERNAME={{ inception_project_db_user }}
      - INCEPTION_DB_PASSWORD={{ inception_project_db_pwd }}
+      - VIRTUAL_HOST={{ inception_project_server_endpoint }}
    volumes:
      - {{ inception_project_service_volume }}:/export
    depends_on:
--- a/templates/settings.properties.j2
+++ b/templates/settings.properties.j2
@ -5,4 +5,15 @@ warnings.unsupportedBrowser=false
 {% for user_role in inception_project_server_preauth_users_roles %}
 auth.user.{{ user_role.username }}.roles={{ user_role.roles }}
 {% endfor %}
-
+{% if inception_project_disable_crsf %}
+wicket.core.csrf.enabled=false
+wicket.core.csrf.no-origin-action=allow
+wicket.core.csrf.conflicting-origin-action=allow
+{% endif %}
+{% if inception_project_server_behind_reverse_proxy %}
+#server.tomcat.internal-proxies=127\.0\.[0-1]\.1
+server.tomcat.remote-ip-header=x-forwarded-for
+server.tomcat.accesslog.request-attributes-enabled=true
+server.tomcat.protocol-header=x-forwarded-proto
+server.tomcat.protocol-header-https-value=https
+{% endif %}