diff --git a/README.md b/README.md index 5ab3318..2de4d58 100644 --- a/README.md +++ b/README.md @@ -124,7 +124,7 @@ Celery requires persistent volumes. | `app.axes.failureLimit` | Limit of failed auth | String | `10` | | `app.axes.cooloffTime` | in Minutes | String | `30` | | `app.axes.ipwareProxyCount` | Count of proxies | String | `0` | -| `app.axes.ipwareMetaPrecedenceOrder` | Proxy header magnitude | List (comma separated string) | `"X_FORWARDED_FOR,REMOTE_ADDR"` | +| `app.axes.ipwareMetaPrecedenceOrder` | Proxy header magnitude | List (comma separated string) | `"HTTP_X_FORWARDED_FOR,REMOTE_ADDR"` | ### Nginx @@ -185,7 +185,7 @@ Celery requires persistent volumes. | Name | Description | Type | Default Value | |------|-------------|------|---------------| -| `app.environment` | Array of objects, representing additional environment variables to set for the deployment. | Array | see [_helpers.yaml](charts/wger/templates/_helpers.yaml) and [values.yaml](charts/wger/values.yaml) | +| `app.environment` | Array of objects, representing additional environment variables to set for the deployment. | Array | see [_helpers.yaml](charts/wger/templates/_helpers.tpl) and [values.yaml](charts/wger/values.yaml) | There are more possible ENV variables, than the ones used in the deployment. Please check [prod.env](https://github.com/wger-project/docker/blob/master/config/prod.env). @@ -282,6 +282,12 @@ python3 manage.py axes_reset_ip [IP] python3 manage.py axes_reset_username [USERNAME] ``` +To temporary disable privacy mode to see the blocked ip in the log you can login to the container and add the following setting: + +```bas +echo "AXES_SENSITIVE_PARAMETERS = []" >>settings.py +``` + ## Upgrading @@ -289,7 +295,7 @@ wger is developped in a rolling release manner, so the docker image of the relea This means we cannot upgrade with changing the image tag. -As a consequence the default `values.yaml` has set `imagePullPolicy` to `Always`, this means on every restart of the pod the image will be downloaded. +As a consequence the default `values.yaml` has set `imagePullPolicy` to `Always`, this means if the kubelet has a container image with that exact digest cached locally, the kubelet uses its cached image; otherwise, the kubelet pulls the image with the resolved digest, and uses that image to launch the container. To upgrade you can restart the deployment (k8s v1.15): @@ -297,7 +303,7 @@ To upgrade you can restart the deployment (k8s v1.15): kubectl -n wger rollout restart deploy wger-app wger-celery wger-celery-worker ``` -For PostgreSQL and Redis upgrades, please check the Groundhog2k documentation, linked at the end of the README. +For PostgreSQL and Redis upgrades, please check the Groundhog2k documentation, linked at the end. ### Postgres Upgrade Notes diff --git a/charts/wger/Chart.yaml b/charts/wger/Chart.yaml index dd3605b..241265a 100644 --- a/charts/wger/Chart.yaml +++ b/charts/wger/Chart.yaml @@ -1,6 +1,6 @@ --- apiVersion: v2 -version: 0.1.10 +version: 0.1.11 appVersion: latest name: wger description: A Helm chart for Wger installation on Kubernetes diff --git a/charts/wger/templates/_helpers.tpl b/charts/wger/templates/_helpers.tpl index 1894ffc..c3f2112 100644 --- a/charts/wger/templates/_helpers.tpl +++ b/charts/wger/templates/_helpers.tpl @@ -32,16 +32,16 @@ environment: - name: DJANGO_DB_HOST value: "{{ .Release.Name }}-postgres" - name: DJANGO_DB_PORT - value: {{ .Values.postgres.service.port | quote }} + value: {{ int .Values.postgres.service.port | quote }} # django cache - name: DJANGO_CACHE_BACKEND value: "django_redis.cache.RedisCache" - name: DJANGO_CACHE_LOCATION - value: "redis://{{ .Release.Name }}-redis:{{ .Values.redis.service.serverPort }}/1" + value: "redis://{{ .Release.Name }}-redis:{{ int .Values.redis.service.serverPort }}/1" - name: DJANGO_CACHE_CLIENT_CLASS value: "django_redis.client.DefaultClient" - name: DJANGO_CACHE_TIMEOUT - value: {{ .Values.app.django.secret.name | default "1296000" | quote }} + value: {{ int .Values.app.django.cache.timeout | default "1296000" | quote }} # django general {{- if .Values.ingress.enabled }} - name: SITE_URL @@ -75,21 +75,21 @@ environment: - name: AXES_LOCKOUT_PARAMETERS value: {{ .Values.app.axes.lockoutParameters | default "ip_address" | quote }} - name: AXES_FAILURE_LIMIT - value: {{ .Values.app.axes.failureLimit | default "10" | quote }} + value: {{ int .Values.app.axes.failureLimit | default "10" | quote }} - name: AXES_COOLOFF_TIME - value: {{ .Values.app.axes.cooloffTime | default "30" | quote }} + value: {{ int .Values.app.axes.cooloffTime | default "30" | quote }} - name: AXES_IPWARE_PROXY_COUNT - value: {{ .Values.app.axes.ipwareProxyCount | default "0" }} + value: {{ int .Values.app.axes.ipwareProxyCount | default "0" | quote }} # @todo bad default, use the default from axes REMOTE_ADDR only - name: AXES_IPWARE_META_PRECEDENCE_ORDER - value: {{ .Values.app.axes.ipwareMetaPrecedenceOrder | default "X_FORWARDED_FOR,REMOTE_ADDR" | quote }} + value: {{ .Values.app.axes.ipwareMetaPrecedenceOrder | default "HTTP_X_FORWARDED_FOR,REMOTE_ADDR" | quote }} - name: AXES_HANDLER value: "axes.handlers.cache.AxesCacheHandler" # jwt auth - name: ACCESS_TOKEN_LIFETIME - value: {{ .Values.app.jwt.accessTokenLifetime | default "10" | quote }} + value: {{ int .Values.app.jwt.accessTokenLifetime | default "10" | quote }} - name: REFRESH_TOKEN_LIFETIME - value: {{ .Values.app.jwt.refreshTokenLifetime | default "24" | quote }} + value: {{ int .Values.app.jwt.refreshTokenLifetime | default "24" | quote }} # others {{- if .Values.app.nginx.enabled }} - name: WGER_USE_GUNICORN @@ -133,9 +133,9 @@ environment: - name: DOWNLOAD_INGREDIENTS_FROM value: {{ .Values.celery.ingredientsFrom | default "WGER" | quote }} - name: CELERY_BROKER - value: "redis://{{ .Release.Name }}-redis:{{ .Values.redis.service.serverPort }}/2" + value: "redis://{{ .Release.Name }}-redis:{{ int .Values.redis.service.serverPort }}/2" - name: CELERY_BACKEND - value: "redis://{{ .Release.Name }}-redis:{{ .Values.redis.service.serverPort }}/2" + value: "redis://{{ .Release.Name }}-redis:{{ int .Values.redis.service.serverPort }}/2" {{- end }} {{- end }} diff --git a/charts/wger/values.yaml b/charts/wger/values.yaml index 4f002a2..8ad274c 100644 --- a/charts/wger/values.yaml +++ b/charts/wger/values.yaml @@ -74,7 +74,7 @@ app: # number of reverse proxies involved ipwareProxyCount: 0 # order of magnitude from last proxy for the real ip - ipwareMetaPrecedenceOrder: "X_FORWARDED_FOR,REMOTE_ADDR" + ipwareMetaPrecedenceOrder: "HTTP_X_FORWARDED_FOR,REMOTE_ADDR" # # celery synchronisation