You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description: Gunicorn is python package that serves Django application as WSGI HTTP server. The existing configuration for Gunicorn is from the cmd line: gunicorn tdpservice.wsgi:application --bind 0.0.0.0:8080 --timeout 10 --workers 3 --log-file=- --log-level $LOGGING_LEVEL
Due to security compliance issues with RFC3875 Gunicorn shows REMOTE_ADDR as IP address and additionally drops any header that is coming from an untrusted proxy. We have to add Nginx as a trusted source for forwarded headers and additionally change setting to receive all headers securely (should we decide to use them in the logic).
This issue is ultimately related to Nginx (issue #1544 ) settings to have the headers being forwarded to Gunicorn.
Acceptance Criteria:
Django receives client http headers
Django receives custom http headers
Testing Checklist has been run and all tests pass
README is updated, if necessary
Tasks:
add --forwarded-allow-ips="*" to Gunicorn start cmd
Run Testing Checklist and confirm all tests pass
Notes:
During deployment, Nginx's IP address should replace '*' to add more security
Supporting Documentation: Please include any relevant log snippets/files/screen shots
Description:
Gunicorn is python package that serves Django application as WSGI HTTP server. The existing configuration for Gunicorn is from the cmd line:
gunicorn tdpservice.wsgi:application --bind 0.0.0.0:8080 --timeout 10 --workers 3 --log-file=- --log-level $LOGGING_LEVEL
Due to security compliance issues with RFC3875 Gunicorn shows REMOTE_ADDR as IP address and additionally drops any header that is coming from an untrusted proxy. We have to add Nginx as a trusted source for forwarded headers and additionally change setting to receive all headers securely (should we decide to use them in the logic).
This issue is ultimately related to Nginx (issue #1544 ) settings to have the headers being forwarded to Gunicorn.
Acceptance Criteria:
Tasks:
--forwarded-allow-ips="*"
to Gunicorn start cmdNotes:
Supporting Documentation:
Please include any relevant log snippets/files/screen shots
Open Questions:
The text was updated successfully, but these errors were encountered: