Add support for additional allowed hosts in environment configuration

2025-06-21 01:25:56 +02:00 · 2025-04-22 17:02:43 -03:00 · 2025-04-22 17:02:43 -03:00 · 8708850143
commit 8708850143
parent 06068fdc4c
8 changed files with 36 additions and 10 deletions
--- a/.env.example
+++ b/.env.example
@ -4,4 +4,9 @@ SERVER_ADDRESS=my_server_address
 DEBUG_MODE=False

 # Choose a timezone from https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
-TIMEZONE=America/Sao_Paulo
+TIMEZONE=America/Sao_Paulo
+
+# If you need additional hosts to be allowed, you can specify them here.
+# The SERVER_ADDRESS will always be allowed.
+# Example: EXTRA_ALLOWED_HOSTS=app1.example.com,app2.example.com:8443,app3.example.com
+#EXTRA_ALLOWED_HOSTS=app1.example.com,app2.example.com:8443,app3.example.com
--- a/README.md
+++ b/README.md
@ -104,9 +104,16 @@ This mode is recommended for running the web admin interface. The container depl

   ```env
   # Configure SERVER_ADDRESS to match the address of the server. If you don't have a DNS name, you can use the IP address.
-   # A misconfigured SERVER_ADDRESS will cause the app to have CSRF errors.
+   # A missconfigured SERVER_ADDRESS will cause the app to have CSRF errors.
   SERVER_ADDRESS=my_server_address
   DEBUG_MODE=False
+   
+   # Choose a timezone from https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
+   TIMEZONE=America/Sao_Paulo
+   
+   # If you need additional hosts to be allowed, you can specify them here.
+   # The SERVER_ADDRESS will always be allowed.
+   #EXTRA_ALLOWED_HOSTS=app1.example.com,app2.example.com:8443,app3.example.com
   ```

   Replace `my_server_address` with your actual server address.
--- a/docker-compose-no-nginx-dev.yml
+++ b/docker-compose-no-nginx-dev.yml
@ -6,10 +6,11 @@ services:
    build:
      context: .
    environment:
-      - SERVER_ADDRESS=127.0.0.1
-      - DEBUG_MODE=True
+      - SERVER_ADDRESS=${SERVER_ADDRESS}
+      - DEBUG_MODE=${DEBUG_MODE}
      - COMPOSE_VERSION=02r
      - TZ=${TIMEZONE}
+      - EXTRA_ALLOWED_HOSTS=${EXTRA_ALLOWED_HOSTS}
    volumes:
      - wireguard:/etc/wireguard
      - static_volume:/app_static_files/
--- a/docker-compose-no-nginx.yml
+++ b/docker-compose-no-nginx.yml
@ -5,10 +5,11 @@ services:
    restart: unless-stopped
    image: eduardosilva/wireguard_webadmin:latest
    environment:
-      - SERVER_ADDRESS=127.0.0.1
+      - SERVER_ADDRESS=${SERVER_ADDRESS}
      - DEBUG_MODE=True
      - COMPOSE_VERSION=02r
      - TZ=${TIMEZONE}
+      - EXTRA_ALLOWED_HOSTS=${EXTRA_ALLOWED_HOSTS}
    volumes:
      - wireguard:/etc/wireguard
      - static_volume:/app_static_files/
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -9,6 +9,7 @@ services:
      - DEBUG_MODE=${DEBUG_MODE}
      - COMPOSE_VERSION=02r
      - TZ=${TIMEZONE}
+      - EXTRA_ALLOWED_HOSTS=${EXTRA_ALLOWED_HOSTS}
    volumes:
      - wireguard:/etc/wireguard
      - static_volume:/app_static_files/
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -21,10 +21,21 @@ if [ ! -f /app_secrets/rrdtool_key ]; then
    cat /proc/sys/kernel/random/uuid > /app_secrets/rrdtool_key
 fi

+SERVER_HOSTNAME=$(echo $SERVER_ADDRESS | cut -d ':' -f 1)
+EXTRA_ALLOWED_HOSTS_STRING=""
+CSRF_EXTRA_TRUSTED_ORIGINS=""
+if [ -n "$EXTRA_ALLOWED_HOSTS" ]; then
+    IFS=',' read -ra ADDR <<< "$EXTRA_ALLOWED_HOSTS"
+    for i in "${ADDR[@]}"; do
+        EXTRA_ALLOWED_HOSTS_STRING+=", '$(echo $i | cut -d ':' -f 1)'"
+        CSRF_EXTRA_TRUSTED_ORIGINS+=", 'https://$i'"
+    done
+fi
+
 cat > /app/wireguard_webadmin/production_settings.py <<EOL
 DEBUG = $DEBUG_VALUE
-ALLOWED_HOSTS = ['wireguard-webadmin', '$SERVER_ADDRESS']
-CSRF_TRUSTED_ORIGINS = ['http://wireguard-webadmin', 'https://$SERVER_ADDRESS']
+ALLOWED_HOSTS = ['wireguard-webadmin', '${SERVER_HOSTNAME}'${EXTRA_ALLOWED_HOSTS_STRING}]
+CSRF_TRUSTED_ORIGINS = ['http://wireguard-webadmin', 'https://$SERVER_ADDRESS'${CSRF_EXTRA_TRUSTED_ORIGINS}]
 SECRET_KEY = '$(openssl rand -base64 32)'
 EOL

--- a/requirements.txt
+++ b/requirements.txt
@ -3,9 +3,9 @@ certifi==2025.1.31
 charset-normalizer==3.4.1
 crispy-bootstrap4==2024.10
 Django==5.2
-django-crispy-forms==2.3
+django-crispy-forms==2.4
 idna==3.10
-pillow==11.2.0
+pillow==11.2.1
 pypng==0.20220715.0
 pytz==2025.2
 qrcode==8.1
--- a/wireguard_webadmin/settings.py
+++ b/wireguard_webadmin/settings.py
@ -147,6 +147,6 @@ STATICFILES_DIRS = [
 DNS_CONFIG_FILE = '/etc/dnsmasq/wireguard_webadmin_dns.conf'
 DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'

-WIREGUARD_WEBADMIN_VERSION = 9965
+WIREGUARD_WEBADMIN_VERSION = 9966

 from wireguard_webadmin.production_settings import *