Skip to content

feat: use uwsgi with http only #520

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Mar 20, 2025
Merged

feat: use uwsgi with http only #520

merged 5 commits into from
Mar 20, 2025

Conversation

david-kn
Copy link
Contributor

@david-kn david-kn commented Mar 6, 2025

Fixes: #519

To have an option to disable HTTPS communication within uWSGi.

Security of HTTPS can be handled by ingress which terminates TLS traffic and I find this useful / actually necessary when running in Kubernetes with only read-only filesystem that disallow processes to touch nautobot.crt and nautobot.key files defined within uwsgi.ini and cause an error during deployment (current state).

Of course other option is to enable nginx sidecar with nautobot but I think this could be useful for some scenarios.

Tried to update also docs and validation scheme which impacted quite many other lines...

gertzakis
gertzakis requested changes Mar 6, 2025
View reviewed changes
Copy link
Contributor

@gertzakis gertzakis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot for the PR! I think it makes total sense.
Is it possible to also change nautobot-deployment.yaml template so we don't expose unnecessary ports?

@david-kn
Copy link
Contributor Author

david-kn commented Mar 6, 2025
edited
Loading

Thanks a lot for the PR! I think it makes total sense. Is it possible to also change nautobot-deployment.yaml template so we don't expose unnecessary ports?

Happy to contribute :-)

Thanks for your proposals.

I think so ;-) I'll try to take a look at it how it is connected there...

@david-kn
Copy link
Contributor Author

david-kn commented Mar 7, 2025

Put condition around exposing 8443 port.

Please, take a look if it meet your standards and approach.

ubajze
ubajze approved these changes Mar 20, 2025
View reviewed changes
Copy link
Contributor

@ubajze ubajze left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@gertzakis gertzakis merged commit 549bd1c into nautobot:develop Mar 20, 2025
3 of 4 checks passed
@gertzakis gertzakis mentioned this pull request Mar 21, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ubajze ubajze ubajze approved these changes

@gertzakis gertzakis gertzakis approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

uWSGi without https
3 participants
@david-kn @ubajze @gertzakis