add HTTPS_REDIRECT_POLICY. Now it's possible to serve in http without forced redirect to https

.env.example

@@ -15,3 +15,7 @@ POSTGRES_DB=routerfleet
 POSTGRES_USER=routerfleet
 POSTGRES_PASSWORD=your_database_password
 
+# If you need to serve the app using HTTP and HTTPS, change the following variable to 'never'
+# Using HTTP is not recommended, as it is less secure and your passwords will be sent in plain text.
+# Use with caution.
+# HTTPS_REDIRECT_POLICY=always

.gitignore

@@ -9,3 +9,4 @@ routerfleet/production_settings.py
 db.sqlite3
 backups/
 containers/*/.venv
+.env

containers/nginx/Dockerfile-nginx

@@ -1,7 +1,8 @@
 FROM nginx:alpine
 RUN apk --no-cache add openssl
 COPY nginx_entrypoint.sh /nginx_entrypoint.sh
-COPY virtualhost.conf /etc/nginx/conf.d/default.conf
+COPY virtualhost.conf /etc/nginx/virtualhost.conf.disabled
+COPY virtualhost_noredirect.conf /etc/nginx/virtualhost_noredirect.conf.disabled
 RUN chmod +x /nginx_entrypoint.sh
 ENTRYPOINT ["/nginx_entrypoint.sh"]
 CMD ["nginx", "-g", "daemon off;"]

containers/nginx/nginx_entrypoint.sh

@@ -9,4 +9,13 @@ else
     echo "Skipping self signed certificate creation, files already exist."
 fi
 
+if [ "$HTTPS_REDIRECT_POLICY" = "never" ]; then
+    echo "Copying /etc/nginx/virtualhost_noredirect.conf to /etc/nginx/conf.d/default.conf..."
+    cp /etc/nginx/virtualhost_noredirect.conf.disabled /etc/nginx/conf.d/default.conf
+else
+    echo "Copying /etc/nginx/virtualhost.conf to /etc/nginx/conf.d/default.conf..."
+    cp /etc/nginx/virtualhost.conf.disabled /etc/nginx/conf.d/default.conf
+fi
+
+
 exec "$@"

containers/nginx/virtualhost_noredirect.conf

@@ -0,0 +1,35 @@
+server {
+    listen 80;
+
+    location /static/ {
+        alias /static/;
+    }
+
+    location / {
+        proxy_pass http://routerfleet:8001;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}
+
+server {
+    listen 443 ssl;
+    ssl_certificate        /certificate/nginx.pem;
+    ssl_certificate_key    /certificate/nginx.key;
+
+    # if you are using cloudflare, you can use this enable authenticated origin pull. Dont forget to activate it in cloudflare
+    #ssl_client_certificate /certificate/cloudflare_authenticated_origin_pull_ca.pem;
+    #ssl_verify_client on;
+
+    location /static/ {
+        alias /static/;
+    }
+
+    location / {
+        proxy_pass http://routerfleet:8001;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}

docker-compose-dev.yml

@@ -60,6 +60,8 @@ services:
     build:
       context: ./containers/nginx
       dockerfile: Dockerfile-nginx
+    environment:
+      - HTTPS_REDIRECT_POLICY=${HTTPS_REDIRECT_POLICY}
     volumes:
       - static_volume:/static
       - https_cert:/certificate

docker-compose-no-postgres.yml

@@ -38,6 +38,8 @@ services:
     container_name: routerfleet-nginx
     restart: unless-stopped
     image: eduardosilva/routerfleet-nginx:latest
+    environment:
+      - HTTPS_REDIRECT_POLICY=${HTTPS_REDIRECT_POLICY}
     volumes:
       - static_volume:/static
       - https_cert:/certificate

docker-compose.yml

@@ -51,6 +51,8 @@ services:
     container_name: routerfleet-nginx
     restart: unless-stopped
     image: eduardosilva/routerfleet-nginx:latest
+    environment:
+      - HTTPS_REDIRECT_POLICY=${HTTPS_REDIRECT_POLICY}
     volumes:
       - static_volume:/static
       - https_cert:/certificate

entrypoint.sh

@@ -64,7 +64,7 @@ fi
 cat > $PRODUCTION_SETTINGS_FILE <<EOL
 DEBUG = $DEBUG_VALUE
 ALLOWED_HOSTS = ['routerfleet', '$SERVER_ADDRESS']
-CSRF_TRUSTED_ORIGINS = ['http://routerfleet', 'https://$SERVER_ADDRESS']
+CSRF_TRUSTED_ORIGINS = ['http://routerfleet', 'https://$SERVER_ADDRESS', 'http://$SERVER_ADDRESS']
 SECRET_KEY = '$(openssl rand -base64 32)'
 $DATABASES_CONFIG
 EOL

routerfleet/settings.py

@@ -140,6 +140,6 @@ STATICFILES_DIRS = [
 
 DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
 MEDIA_ROOT = '/var/lib/routerfleet/'
-ROUTERFLEET_VERSION = 7005
+ROUTERFLEET_VERSION = 7006
 
 from routerfleet.production_settings import *