Feature: https only -- adds option to enforce https on running instances (#48)
* Adding HTTPS enforcement Command line runs of Whoogle Search through pip/pipx/etc will need the `--https-only` flag appended to the run command. Docker runs require the `use_https` build arg applied. * Update README.md Moved https-only note to top of docker run command, updated pip runner help output * Dockerfile: removed HTTPS enforcement, updated PORT setting Dockerfile no longer enforces an HTTPS connection, but still allows for setting via a build arg. The Flask server port is now configurable as a build arg as well, by setting a port number to "whoogle_port" * Fixed incorrect port assignmentmain
parent
afd5b9aa83
commit
1ed6178e9a
|
@ -10,8 +10,14 @@ RUN mkdir $config_dir
|
||||||
VOLUME $config_dir
|
VOLUME $config_dir
|
||||||
ENV CONFIG_VOLUME=$config_dir
|
ENV CONFIG_VOLUME=$config_dir
|
||||||
|
|
||||||
|
ARG use_https=''
|
||||||
|
ENV HTTPS_ONLY=$use_https
|
||||||
|
|
||||||
|
ARG whoogle_port=5000
|
||||||
|
ENV EXPOSE_PORT=$whoogle_port
|
||||||
|
|
||||||
COPY . .
|
COPY . .
|
||||||
|
|
||||||
EXPOSE 5000
|
EXPOSE $EXPOSE_PORT
|
||||||
|
|
||||||
CMD ["./whoogle-search"]
|
CMD ["./whoogle-search"]
|
||||||
|
|
|
@ -72,6 +72,7 @@ Sandboxed temporary instance:
|
||||||
```bash
|
```bash
|
||||||
$ whoogle-search --help
|
$ whoogle-search --help
|
||||||
usage: whoogle-search [-h] [--port <port number>] [--host <ip address>] [--debug]
|
usage: whoogle-search [-h] [--port <port number>] [--host <ip address>] [--debug]
|
||||||
|
[--https-only]
|
||||||
|
|
||||||
Whoogle Search console runner
|
Whoogle Search console runner
|
||||||
|
|
||||||
|
@ -79,7 +80,8 @@ optional arguments:
|
||||||
-h, --help show this help message and exit
|
-h, --help show this help message and exit
|
||||||
--port <port number> Specifies a port to run on (default 5000)
|
--port <port number> Specifies a port to run on (default 5000)
|
||||||
--host <ip address> Specifies the host address to use (default 127.0.0.1)
|
--host <ip address> Specifies the host address to use (default 127.0.0.1)
|
||||||
--debug Activates debug mode for the Flask server (default False)
|
--debug Activates debug mode for the server (default False)
|
||||||
|
--https-only Enforces HTTPS redirects for all requests (default False)
|
||||||
```
|
```
|
||||||
|
|
||||||
### D) Manual
|
### D) Manual
|
||||||
|
@ -124,7 +126,7 @@ docker build --tag whoogle-search:1.0 .
|
||||||
docker run --publish 5000:5000 --detach --name whoogle-search whoogle-search:1.0
|
docker run --publish 5000:5000 --detach --name whoogle-search whoogle-search:1.0
|
||||||
```
|
```
|
||||||
|
|
||||||
And kill with: `docker rm --force whooglesearch`
|
And kill with: `docker rm --force whoogle-search`
|
||||||
|
|
||||||
#### Using [Heroku CLI](https://devcenter.heroku.com/articles/heroku-cli)
|
#### Using [Heroku CLI](https://devcenter.heroku.com/articles/heroku-cli)
|
||||||
```bash
|
```bash
|
||||||
|
|
|
@ -20,6 +20,12 @@ CONFIG_PATH = os.getenv('CONFIG_VOLUME', app.config['STATIC_FOLDER']) + '/config
|
||||||
|
|
||||||
@app.before_request
|
@app.before_request
|
||||||
def before_request_func():
|
def before_request_func():
|
||||||
|
# Always redirect to https if HTTPS_ONLY is set
|
||||||
|
if os.getenv('HTTPS_ONLY', False) and request.url.startswith('http://'):
|
||||||
|
url = request.url.replace('http://', 'https://', 1)
|
||||||
|
code = 301
|
||||||
|
return redirect(url, code=code)
|
||||||
|
|
||||||
json_config = json.load(open(CONFIG_PATH)) if os.path.exists(CONFIG_PATH) else {'url': request.url_root}
|
json_config = json.load(open(CONFIG_PATH)) if os.path.exists(CONFIG_PATH) else {'url': request.url_root}
|
||||||
g.user_config = Config(**json_config)
|
g.user_config = Config(**json_config)
|
||||||
|
|
||||||
|
@ -162,7 +168,11 @@ def run_app():
|
||||||
help='Specifies the host address to use (default 127.0.0.1)')
|
help='Specifies the host address to use (default 127.0.0.1)')
|
||||||
parser.add_argument('--debug', default=False, action='store_true',
|
parser.add_argument('--debug', default=False, action='store_true',
|
||||||
help='Activates debug mode for the server (default False)')
|
help='Activates debug mode for the server (default False)')
|
||||||
|
parser.add_argument('--https-only', default=False, action='store_true',
|
||||||
|
help='Enforces HTTPS redirects for all requests')
|
||||||
args = parser.parse_args()
|
args = parser.parse_args()
|
||||||
|
os.environ['HTTPS_ONLY'] = '1' if args.https_only else ''
|
||||||
|
|
||||||
if args.debug:
|
if args.debug:
|
||||||
app.run(host=args.host, port=args.port, debug=args.debug)
|
app.run(host=args.host, port=args.port, debug=args.debug)
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -7,7 +7,7 @@ SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd -P)"
|
||||||
|
|
||||||
# Set default port if unavailable
|
# Set default port if unavailable
|
||||||
if [[ -z "${PORT}" ]]; then
|
if [[ -z "${PORT}" ]]; then
|
||||||
PORT=5000
|
PORT="${EXPOSE_PORT:-5000}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Set directory to serve static content from
|
# Set directory to serve static content from
|
||||||
|
|
Loading…
Reference in New Issue