diff --git a/.env.example b/.env.example index a907de4..e2c2ed6 100644 --- a/.env.example +++ b/.env.example @@ -4,4 +4,9 @@ SERVER_ADDRESS=my_server_address DEBUG_MODE=False # Choose a timezone from https://en.wikipedia.org/wiki/List_of_tz_database_time_zones -TIMEZONE=America/Sao_Paulo \ No newline at end of file +TIMEZONE=America/Sao_Paulo + +# If you need additional hosts to be allowed, you can specify them here. +# The SERVER_ADDRESS will always be allowed. +# Example: EXTRA_ALLOWED_HOSTS=app1.example.com,app2.example.com:8443,app3.example.com +#EXTRA_ALLOWED_HOSTS=app1.example.com,app2.example.com:8443,app3.example.com \ No newline at end of file diff --git a/README.md b/README.md index 0a97065..582ec70 100644 --- a/README.md +++ b/README.md @@ -104,9 +104,16 @@ This mode is recommended for running the web admin interface. The container depl ```env # Configure SERVER_ADDRESS to match the address of the server. If you don't have a DNS name, you can use the IP address. - # A misconfigured SERVER_ADDRESS will cause the app to have CSRF errors. + # A missconfigured SERVER_ADDRESS will cause the app to have CSRF errors. SERVER_ADDRESS=my_server_address DEBUG_MODE=False + + # Choose a timezone from https://en.wikipedia.org/wiki/List_of_tz_database_time_zones + TIMEZONE=America/Sao_Paulo + + # If you need additional hosts to be allowed, you can specify them here. + # The SERVER_ADDRESS will always be allowed. + #EXTRA_ALLOWED_HOSTS=app1.example.com,app2.example.com:8443,app3.example.com ``` Replace `my_server_address` with your actual server address. diff --git a/docker-compose-no-nginx-dev.yml b/docker-compose-no-nginx-dev.yml index 5d24c87..2ae29b6 100644 --- a/docker-compose-no-nginx-dev.yml +++ b/docker-compose-no-nginx-dev.yml @@ -6,10 +6,11 @@ services: build: context: . environment: - - SERVER_ADDRESS=127.0.0.1 - - DEBUG_MODE=True + - SERVER_ADDRESS=${SERVER_ADDRESS} + - DEBUG_MODE=${DEBUG_MODE} - COMPOSE_VERSION=02r - TZ=${TIMEZONE} + - EXTRA_ALLOWED_HOSTS=${EXTRA_ALLOWED_HOSTS} volumes: - wireguard:/etc/wireguard - static_volume:/app_static_files/ diff --git a/docker-compose-no-nginx.yml b/docker-compose-no-nginx.yml index 09b6ecb..adddbea 100644 --- a/docker-compose-no-nginx.yml +++ b/docker-compose-no-nginx.yml @@ -5,10 +5,11 @@ services: restart: unless-stopped image: eduardosilva/wireguard_webadmin:latest environment: - - SERVER_ADDRESS=127.0.0.1 + - SERVER_ADDRESS=${SERVER_ADDRESS} - DEBUG_MODE=True - COMPOSE_VERSION=02r - TZ=${TIMEZONE} + - EXTRA_ALLOWED_HOSTS=${EXTRA_ALLOWED_HOSTS} volumes: - wireguard:/etc/wireguard - static_volume:/app_static_files/ diff --git a/docker-compose.yml b/docker-compose.yml index 7fda8ab..90c318e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,6 +9,7 @@ services: - DEBUG_MODE=${DEBUG_MODE} - COMPOSE_VERSION=02r - TZ=${TIMEZONE} + - EXTRA_ALLOWED_HOSTS=${EXTRA_ALLOWED_HOSTS} volumes: - wireguard:/etc/wireguard - static_volume:/app_static_files/ diff --git a/entrypoint.sh b/entrypoint.sh index 57f2c8b..efc6569 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -21,10 +21,21 @@ if [ ! -f /app_secrets/rrdtool_key ]; then cat /proc/sys/kernel/random/uuid > /app_secrets/rrdtool_key fi +SERVER_HOSTNAME=$(echo $SERVER_ADDRESS | cut -d ':' -f 1) +EXTRA_ALLOWED_HOSTS_STRING="" +CSRF_EXTRA_TRUSTED_ORIGINS="" +if [ -n "$EXTRA_ALLOWED_HOSTS" ]; then + IFS=',' read -ra ADDR <<< "$EXTRA_ALLOWED_HOSTS" + for i in "${ADDR[@]}"; do + EXTRA_ALLOWED_HOSTS_STRING+=", '$(echo $i | cut -d ':' -f 1)'" + CSRF_EXTRA_TRUSTED_ORIGINS+=", 'https://$i'" + done +fi + cat > /app/wireguard_webadmin/production_settings.py <