Skip to content

Commit

Permalink
Various bugfixes
Browse files Browse the repository at this point in the history
* `X-FORWARD-FOR` header in django has a `HTTP` prefix
* use integer in yaml
  • Loading branch information
bbkz authored Jan 5, 2024
2 parents d02c968 + ac9b9b1 commit 91ba990
Show file tree
Hide file tree
Showing 4 changed files with 23 additions and 17 deletions.
14 changes: 10 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ Celery requires persistent volumes.
| `app.axes.failureLimit` | Limit of failed auth | String | `10` |
| `app.axes.cooloffTime` | in Minutes | String | `30` |
| `app.axes.ipwareProxyCount` | Count of proxies | String | `0` |
| `app.axes.ipwareMetaPrecedenceOrder` | Proxy header magnitude | List (comma separated string) | `"X_FORWARDED_FOR,REMOTE_ADDR"` |
| `app.axes.ipwareMetaPrecedenceOrder` | Proxy header magnitude | List (comma separated string) | `"HTTP_X_FORWARDED_FOR,REMOTE_ADDR"` |


### Nginx
Expand Down Expand Up @@ -185,7 +185,7 @@ Celery requires persistent volumes.

| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| `app.environment` | Array of objects, representing additional environment variables to set for the deployment. | Array | see [_helpers.yaml](charts/wger/templates/_helpers.yaml) and [values.yaml](charts/wger/values.yaml) |
| `app.environment` | Array of objects, representing additional environment variables to set for the deployment. | Array | see [_helpers.yaml](charts/wger/templates/_helpers.tpl) and [values.yaml](charts/wger/values.yaml) |

There are more possible ENV variables, than the ones used in the deployment. Please check [prod.env](https://github.com/wger-project/docker/blob/master/config/prod.env).

Expand Down Expand Up @@ -282,22 +282,28 @@ python3 manage.py axes_reset_ip [IP]
python3 manage.py axes_reset_username [USERNAME]
```

To temporary disable privacy mode to see the blocked ip in the log you can login to the container and add the following setting:

```bas
echo "AXES_SENSITIVE_PARAMETERS = []" >>settings.py
```


## Upgrading

wger is developped in a rolling release manner, so the docker image of the release is `:latest`, the hightest version tag `:X.x-dev` is the same as the `:latest` image. Older version tags are not changed or "bugfixed".

This means we cannot upgrade with changing the image tag.

As a consequence the default `values.yaml` has set `imagePullPolicy` to `Always`, this means on every restart of the pod the image will be downloaded.
As a consequence the default `values.yaml` has set `imagePullPolicy` to `Always`, this means if the kubelet has a container image with that exact digest cached locally, the kubelet uses its cached image; otherwise, the kubelet pulls the image with the resolved digest, and uses that image to launch the container.

To upgrade you can restart the deployment (k8s v1.15):

```bash
kubectl -n wger rollout restart deploy wger-app wger-celery wger-celery-worker
```

For PostgreSQL and Redis upgrades, please check the Groundhog2k documentation, linked at the end of the README.
For PostgreSQL and Redis upgrades, please check the Groundhog2k documentation, linked at the end.


### Postgres Upgrade Notes
Expand Down
2 changes: 1 addition & 1 deletion charts/wger/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
apiVersion: v2
version: 0.1.10
version: 0.1.11
appVersion: latest
name: wger
description: A Helm chart for Wger installation on Kubernetes
Expand Down
22 changes: 11 additions & 11 deletions charts/wger/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -32,16 +32,16 @@ environment:
- name: DJANGO_DB_HOST
value: "{{ .Release.Name }}-postgres"
- name: DJANGO_DB_PORT
value: {{ .Values.postgres.service.port | quote }}
value: {{ int .Values.postgres.service.port | quote }}
# django cache
- name: DJANGO_CACHE_BACKEND
value: "django_redis.cache.RedisCache"
- name: DJANGO_CACHE_LOCATION
value: "redis://{{ .Release.Name }}-redis:{{ .Values.redis.service.serverPort }}/1"
value: "redis://{{ .Release.Name }}-redis:{{ int .Values.redis.service.serverPort }}/1"
- name: DJANGO_CACHE_CLIENT_CLASS
value: "django_redis.client.DefaultClient"
- name: DJANGO_CACHE_TIMEOUT
value: {{ .Values.app.django.secret.name | default "1296000" | quote }}
value: {{ int .Values.app.django.cache.timeout | default "1296000" | quote }}
# django general
{{- if .Values.ingress.enabled }}
- name: SITE_URL
Expand Down Expand Up @@ -75,21 +75,21 @@ environment:
- name: AXES_LOCKOUT_PARAMETERS
value: {{ .Values.app.axes.lockoutParameters | default "ip_address" | quote }}
- name: AXES_FAILURE_LIMIT
value: {{ .Values.app.axes.failureLimit | default "10" | quote }}
value: {{ int .Values.app.axes.failureLimit | default "10" | quote }}
- name: AXES_COOLOFF_TIME
value: {{ .Values.app.axes.cooloffTime | default "30" | quote }}
value: {{ int .Values.app.axes.cooloffTime | default "30" | quote }}
- name: AXES_IPWARE_PROXY_COUNT
value: {{ .Values.app.axes.ipwareProxyCount | default "0" }}
value: {{ int .Values.app.axes.ipwareProxyCount | default "0" | quote }}
# @todo bad default, use the default from axes REMOTE_ADDR only
- name: AXES_IPWARE_META_PRECEDENCE_ORDER
value: {{ .Values.app.axes.ipwareMetaPrecedenceOrder | default "X_FORWARDED_FOR,REMOTE_ADDR" | quote }}
value: {{ .Values.app.axes.ipwareMetaPrecedenceOrder | default "HTTP_X_FORWARDED_FOR,REMOTE_ADDR" | quote }}
- name: AXES_HANDLER
value: "axes.handlers.cache.AxesCacheHandler"
# jwt auth
- name: ACCESS_TOKEN_LIFETIME
value: {{ .Values.app.jwt.accessTokenLifetime | default "10" | quote }}
value: {{ int .Values.app.jwt.accessTokenLifetime | default "10" | quote }}
- name: REFRESH_TOKEN_LIFETIME
value: {{ .Values.app.jwt.refreshTokenLifetime | default "24" | quote }}
value: {{ int .Values.app.jwt.refreshTokenLifetime | default "24" | quote }}
# others
{{- if .Values.app.nginx.enabled }}
- name: WGER_USE_GUNICORN
Expand Down Expand Up @@ -133,9 +133,9 @@ environment:
- name: DOWNLOAD_INGREDIENTS_FROM
value: {{ .Values.celery.ingredientsFrom | default "WGER" | quote }}
- name: CELERY_BROKER
value: "redis://{{ .Release.Name }}-redis:{{ .Values.redis.service.serverPort }}/2"
value: "redis://{{ .Release.Name }}-redis:{{ int .Values.redis.service.serverPort }}/2"
- name: CELERY_BACKEND
value: "redis://{{ .Release.Name }}-redis:{{ .Values.redis.service.serverPort }}/2"
value: "redis://{{ .Release.Name }}-redis:{{ int .Values.redis.service.serverPort }}/2"
{{- end }}
{{- end }}

Expand Down
2 changes: 1 addition & 1 deletion charts/wger/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ app:
# number of reverse proxies involved
ipwareProxyCount: 0
# order of magnitude from last proxy for the real ip
ipwareMetaPrecedenceOrder: "X_FORWARDED_FOR,REMOTE_ADDR"
ipwareMetaPrecedenceOrder: "HTTP_X_FORWARDED_FOR,REMOTE_ADDR"

#
# celery synchronisation
Expand Down

0 comments on commit 91ba990

Please sign in to comment.