diff --git a/doc/installing/server.md b/doc/installing/server.md index 795bf6bd887d..f44f3afdc510 100644 --- a/doc/installing/server.md +++ b/doc/installing/server.md @@ -144,6 +144,11 @@ $ sudo oq webui collectstatic *nginx* must be configured to act as a reverse proxy for *gunicorn* and to provide static content. A [sample configuration file](examples/nginx.md) is provided. +When the reverse proxy is configured, add the following to `openquake/server/local_settings.py`: +```python +USE_REVERSE_PROXY = True +``` + *** ## Getting help diff --git a/openquake/server/local_settings.py.aelo b/openquake/server/local_settings.py.aelo index 2aae9d8c7ba0..d0cdf162b0bb 100644 --- a/openquake/server/local_settings.py.aelo +++ b/openquake/server/local_settings.py.aelo @@ -10,6 +10,7 @@ APPLICATION_MODE = 'aelo' # turn on USE_X_FORWARDED_HOST to expose the webui via a proxy server # USE_X_FORWARDED_HOST = True +# USE_X_FORWARDED_PORT = True # enable WEBUI_PATHPREFIX to place webui pages below a specific path # WEBUI_PATHPREFIX='/path/prefix' @@ -28,6 +29,11 @@ SERVER_NAME = SERVER_PORT = <8800> USE_HTTPS = +# Set to True if using NGINX or some other reverse proxy +# Externally visible url and port number is different from Django visible +# values +USE_REVERSE_PROXY = + WEBUI_ACCESS_LOG_DIR = '/var/log/oq-engine' # Local time zone for this installation. Choices can be found here: diff --git a/openquake/server/management/commands/createnormaluser.py b/openquake/server/management/commands/createnormaluser.py index a905c7c8c278..88c52bac0de6 100644 --- a/openquake/server/management/commands/createnormaluser.py +++ b/openquake/server/management/commands/createnormaluser.py @@ -45,6 +45,13 @@ def handle(self, *args, **kwargs): request = HttpRequest() request.META['SERVER_NAME'] = settings.SERVER_NAME request.META['SERVER_PORT'] = settings.SERVER_PORT + if settings.USE_REVERSE_PROXY: + if settings.USE_HTTPS: + request.META['SERVER_PORT'] = '443' + else: + request.META['SERVER_PORT'] = '80' + else: + request.META['SERVER_PORT'] = settings.SERVER_PORT if settings.APPLICATION_MODE.upper() == 'AELO': password_reset_subject = ( 'registration/normal_user_creation_email_subject_aelo.txt') @@ -56,6 +63,8 @@ def handle(self, *args, **kwargs): email_template_name = ( 'registration/normal_user_creation_email.txt') form.save( + domain_override=(settings.SERVER_NAME + if settings.USE_REVERSE_PROXY else None), request=request, use_https=settings.USE_HTTPS, from_email=settings.EMAIL_HOST_USER, diff --git a/openquake/server/settings.py b/openquake/server/settings.py index 44e703e728ee..6031cce206b7 100644 --- a/openquake/server/settings.py +++ b/openquake/server/settings.py @@ -180,6 +180,11 @@ # case insensitive APPLICATION_MODE = 'public' +# Set to True if using NGINX or some other reverse proxy +# Externally visible url and port number is different from Django visible +# values +USE_REVERSE_PROXY = False + # Expose the WebUI interface, otherwise only the REST API will be available WEBUI = True @@ -251,7 +256,6 @@ f' must all be defined') if LOCKDOWN: - # do not log to file unless running through the webui if getpass.getuser() == 'openquake': # the user that runs the webui try: