takes care of point 3

Only one allowed host is enough in the container environment. All traffic is coming from Nginx. Do not set the Host header in Nginx it will screw with the ALLOWED_HOSTS in Python. The TUBESYNC_HOSTS now only affects the CSRF_TRUSTED_ORIGINS. If there is a *need* the hosts are required in ALLOWED_HOSTS I would like to know in which scenario.
2021-12-08 10:48:29 +01:00 · 2021-12-08 10:48:29 +01:00 · 95b77765c7
parent c37bbadc61
commit 95b77765c7
3 changed files with 3 additions and 7 deletions
--- a/README.md
+++ b/README.md
@ -376,7 +376,7 @@ useful if you are manually installing TubeSync in some other environment. These
 | DJANGO_FORCE_SCRIPT_NAME | Django's FORCE_SCRIPT_NAME                                   | /somepath                            |
 | TUBESYNC_DEBUG           | Enable debugging                                             | True                                 |
 | TUBESYNC_WORKERS         | Number of background workers, default is 2, max allowed is 8 | 2                                    |
-| TUBESYNC_HOSTS           | Django's ALLOWED_HOSTS, do not include `localhost`, `127.0.0.1` or `::1`                                       | tubesync.example.com,otherhost.com   |
+| TUBESYNC_HOSTS           | Django's ALLOWED_HOSTS                                       | tubesync.example.com,otherhost.com   |
 | GUNICORN_WORKERS         | Number of gunicorn workers to spawn                          | 3                                    |
 | LISTEN_HOST              | IP address for gunicorn to listen on                         | 127.0.0.1                            |
 | LISTEN_PORT              | Port number for gunicorn to listen on                        | 8080                                 |
--- a/config/root/etc/nginx/nginx.conf
+++ b/config/root/etc/nginx/nginx.conf
@ -61,7 +61,6 @@ http {

        location / {
            proxy_pass http://127.0.0.1:8080;
-            proxy_set_header Host localhost;
            proxy_set_header X-Forwarded-Proto $real_proto;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real-IP $remote_addr;
--- a/tubesync/tubesync/local_settings.py.container
+++ b/tubesync/tubesync/local_settings.py.container
@ -15,12 +15,9 @@ SECRET_KEY = str(os.getenv('DJANGO_SECRET_KEY', 'tubesync-django-secret'))


 ALLOWED_HOSTS_STR = os.getenv('TUBESYNC_HOSTS', '')
-if len(ALLOWED_HOSTS_STR) > 0:
-    ALLOWED_HOSTS_STR += ','
-ALLOWED_HOSTS_STR += '127.0.0.1,localhost,::1'
-
-ALLOWED_HOSTS = ALLOWED_HOSTS_STR.split(',')
 CSRF_TRUSTED_ORIGINS = ALLOWED_HOSTS_STR.split(',')
+ALLOWED_HOSTS = [127.0.0.1]
+

 DEBUG = True if os.getenv('TUBESYNC_DEBUG', False) else False
 FORCE_SCRIPT_NAME = os.getenv('DJANGO_FORCE_SCRIPT_NAME', None)