From 876a6ca7ba2fa670932029ad425d95f6c118634d Mon Sep 17 00:00:00 2001
From: Johan Bloemberg <git@ijohan.nl>
Date: Thu, 21 Nov 2024 15:41:22 +0100
Subject: [PATCH] Fix allowed_hosts

---
 compose.yml                | 38 +++++++++++++++++---------------------
 src/ctlssa/app/settings.py |  4 ++--
 2 files changed, 19 insertions(+), 23 deletions(-)

diff --git a/compose.yml b/compose.yml
index 9602d42..3abc029 100644
--- a/compose.yml
+++ b/compose.yml
@@ -19,17 +19,13 @@ services:
     ports:
       - 8001:8001
     environment:
-      DEBUG: "False"
-      CTLSSA_SECRET_KEY: '1'
-      CTLSSA_DJANGO_DATABASE: production
-      CTLSSA_DB_ENGINE: postgresql_psycopg2
-      CTLSSA_DB_HOST: db
-      CTLSSA_CERTSTREAM_SERVER_URL: ws://certstream:4000
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.ctlssa.rule='Host(`${CTLSSA_HOSTNAME}`) && PathPrefix(`/ctlssa`)"
-      - "traefik.http.routers.ctlssa.priority=20"
-      - "traefik.http.routers.ctlssa.entrypoints=websecure"
+      - DEBUG="False"
+      - CTLSSA_SECRET_KEY
+      - CTLSSA_DJANGO_DATABASE=production
+      - CTLSSA_DB_ENGINE=postgresql_psycopg2
+      - CTLSSA_DB_HOST=db
+      - CTLSSA_CERTSTREAM_SERVER_URL=ws://certstream:4000
+      - CTLSSA_HOSTNAMES
 
     # uwsgi reloads on SIGTERM, so use SIGINT instead
     # https://uwsgi-docs.readthedocs.io/en/latest/Management.html#signals-for-controlling-uwsgi
@@ -54,12 +50,12 @@ services:
     develop: *app_develop
     image: ghcr.io/internetstandards/ctlssa:latest
     environment:
-      DEBUG: "False"
-      CTLSSA_SECRET_KEY: '1'
-      CTLSSA_DJANGO_DATABASE: production
-      CTLSSA_DB_ENGINE: postgresql_psycopg2
-      CTLSSA_DB_HOST: db
-      CTLSSA_CERTSTREAM_SERVER_URL: ws://certstream:4000
+      - DEBUG="False"
+      - CTLSSA_SECRET_KEY
+      - CTLSSA_DJANGO_DATABASE=production
+      - CTLSSA_DB_ENGINE=postgresql_psycopg2
+      - CTLSSA_DB_HOST=db
+      - CTLSSA_CERTSTREAM_SERVER_URL=ws://certstream:4000
     entrypoint: ctlssa
     command: ingest
     restart: always
@@ -125,10 +121,10 @@ services:
     build:
       target: dev
     environment:
-      CTLSSA_SECRET_KEY: '1'
-      CTLSSA_DJANGO_DATABASE: production
-      CTLSSA_DB_ENGINE: postgresql_psycopg2
-      CTLSSA_DB_HOST: db
+      - CTLSSA_SECRET_KEY=1
+      - CTLSSA_DJANGO_DATABASE=production
+      - CTLSSA_DB_ENGINE=postgresql_psycopg2
+      - CTLSSA_DB_HOST=db
     volumes:
       - .:/src
       - ./.root:/root
diff --git a/src/ctlssa/app/settings.py b/src/ctlssa/app/settings.py
index e550152..53735ac 100644
--- a/src/ctlssa/app/settings.py
+++ b/src/ctlssa/app/settings.py
@@ -26,8 +26,8 @@
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = os.environ.get("DEBUG", "False").lower() == "true"
 
-CTLSSA_HOSTNAME = os.environ.get("CTLSSA_HOSTNAME", "localhost:8001")
-ALLOWED_HOSTS = os.environ.get("CTLSSA_ALLOWED_HOSTS", f"{CTLSSA_HOSTNAME}").split(",")
+CTLSSA_HOSTNAMES = os.environ.get("CTLSSA_HOSTNAMES", "localhost")
+ALLOWED_HOSTS = os.environ.get("CTLSSA_ALLOWED_HOSTS", f"{CTLSSA_HOSTNAMES},127.0.0.1").split(",")
 
 
 # Application definition