diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py index c66989b93..33b655951 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/config/default.py @@ -249,6 +249,9 @@ config_from_env("SPIFFWORKFLOW_BACKEND_DEBUG_TASK_CONSISTENCY", default=False) # to make SpiffWorkflow aware that it should return https for the server urls etc rather than http. config_from_env("SPIFFWORKFLOW_BACKEND_USE_WERKZEUG_MIDDLEWARE_PROXY_FIX", default=False) +# how many proxies are in front of this flask server (for use with ProxyFix) +config_from_env("SPIFFWORKFLOW_BACKEND_PROXY_COUNT_FOR_PROXY_FIX", default=0) + # only for DEBUGGING - turn off threaded task execution. config_from_env("SPIFFWORKFLOW_BACKEND_USE_THREADS_FOR_TASK_EXECUTION", default=True) diff --git a/spiffworkflow-backend/wsgi.py b/spiffworkflow-backend/wsgi.py index 701678f7a..c17d515b7 100644 --- a/spiffworkflow-backend/wsgi.py +++ b/spiffworkflow-backend/wsgi.py @@ -5,10 +5,21 @@ from spiffworkflow_backend.services.acceptance_test_fixtures import load_accepta app = create_app() +num_proxies = 0 + +# this is the first configuration spiffworkflow-backend supported. +# you should use SPIFFWORKFLOW_BACKEND_PROXY_COUNT_FOR_PROXY_FIX instead, since it is more precise. if app.config["SPIFFWORKFLOW_BACKEND_USE_WERKZEUG_MIDDLEWARE_PROXY_FIX"]: + num_proxies = 1 + +if app.config["SPIFFWORKFLOW_BACKEND_PROXY_COUNT_FOR_PROXY_FIX"]: + num_proxies = int(app.config["SPIFFWORKFLOW_BACKEND_PROXY_COUNT_FOR_PROXY_FIX"]) + +if num_proxies > 0: from werkzeug.middleware.proxy_fix import ProxyFix - app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1) + # https://flask.palletsprojects.com/en/2.2.x/deploying/proxy_fix/ + app.wsgi_app = ProxyFix(app.wsgi_app, x_for=num_proxies, x_proto=num_proxies, x_host=num_proxies, x_prefix=num_proxies) # this is in here because when we put it in the create_app function, # it also loaded when we were running migrations, which resulted in a chicken/egg thing.