Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: use uwsgi with http only #520

Open
wants to merge 4 commits into
base: develop
Choose a base branch
from
Open

feat: use uwsgi with http only #520

wants to merge 4 commits into from

Conversation

david-kn
Copy link

@david-kn david-kn commented Mar 6, 2025

Fixes: #519

To have an option to disable HTTPS communication within uWSGi.

Security of HTTPS can be handled by ingress which terminates TLS traffic and I find this useful / actually necessary when running in Kubernetes with only read-only filesystem that disallow processes to touch nautobot.crt and nautobot.key files defined within uwsgi.ini and cause an error during deployment (current state).

Of course other option is to enable nginx sidecar with nautobot but I think this could be useful for some scenarios.

Tried to update also docs and validation scheme which impacted quite many other lines...

gertzakis
gertzakis requested changes Mar 6, 2025
View reviewed changes
Copy link
Contributor

@gertzakis gertzakis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot for the PR! I think it makes total sense.
Is it possible to also change nautobot-deployment.yaml template so we don't expose unnecessary ports?

@david-kn
Copy link
Author

david-kn commented Mar 6, 2025
edited
Loading

Thanks a lot for the PR! I think it makes total sense. Is it possible to also change nautobot-deployment.yaml template so we don't expose unnecessary ports?

Happy to contribute :-)

Thanks for your proposals.

I think so ;-) I'll try to take a look at it how it is connected there...

@david-kn
Copy link
Author

david-kn commented Mar 7, 2025

Put condition around exposing 8443 port.

Please, take a look if it meet your standards and approach.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gertzakis gertzakis gertzakis requested changes

@ubajze ubajze Awaiting requested review from ubajze ubajze is a code owner

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

uWSGi without https
2 participants
@david-kn @gertzakis