diff --git a/documentation/docs/get-started/setup.mdx b/documentation/docs/get-started/setup.mdx index 7b2866f4..36aefd08 100644 --- a/documentation/docs/get-started/setup.mdx +++ b/documentation/docs/get-started/setup.mdx @@ -189,10 +189,12 @@ Note: To start Khoj automatically in the background use [Task scheduler](https:/ ### Setup Notes -Optionally, you can use Khoj with a custom domain as well. To do so, you need to set the `KHOJ_DOMAIN` environment variable to your domain (e.g., `export KHOJ_DOMAIN=my-khoj-domain.com` or add it to your `docker-compose.yml`). By default, the Khoj server you set up will not be accessible outside of `localhost` or `127.0.0.1`. +You can use Khoj with a custom domain as well. To do so, you need to set the `KHOJ_DOMAIN` environment variable to your domain (e.g., `export KHOJ_DOMAIN=my-khoj-domain.com` or add it to your `docker-compose.yml`). By default, the Khoj server you set up will not be accessible outside of `localhost` or `127.0.0.1`. -:::warning[Must use an SSL certificate] -If you're using a custom domain, you must use an SSL certificate. You can use [Let's Encrypt](https://letsencrypt.org/) to get a free SSL certificate for your domain. +:::warning[Without HTTPS certificate] +To expose Khoj on a custom domain over the public internet, use of an SSL certificate is strongly recommended. You can use [Let's Encrypt](https://letsencrypt.org/) to get a free SSL certificate for your domain. + +To disable HTTPS, set the `KHOJ_NO_HTTPS` environment variable to `True`. This can be useful if Khoj is only accessible behind a secure, private network. ::: ### 2. Configure diff --git a/src/khoj/app/settings.py b/src/khoj/app/settings.py index c8840f1f..c49cdf6d 100644 --- a/src/khoj/app/settings.py +++ b/src/khoj/app/settings.py @@ -13,7 +13,7 @@ https://docs.djangoproject.com/en/4.2/ref/settings/ import os from pathlib import Path -from khoj.utils.helpers import in_debug_mode +from khoj.utils.helpers import in_debug_mode, is_env_var_true # Build paths inside the project like this: BASE_DIR / 'subdir'. BASE_DIR = Path(__file__).resolve().parent.parent @@ -50,8 +50,8 @@ else: CSRF_COOKIE_DOMAIN = KHOJ_DOMAIN SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") -SESSION_COOKIE_SECURE = True -CSRF_COOKIE_SECURE = True +SESSION_COOKIE_SECURE = not is_env_var_true("KHOJ_NO_HTTPS") +CSRF_COOKIE_SECURE = not is_env_var_true("KHOJ_NO_HTTPS") COOKIE_SAMESITE = "None" SESSION_COOKIE_SAMESITE = "None" diff --git a/src/khoj/main.py b/src/khoj/main.py index 432b364c..3f4b7a55 100644 --- a/src/khoj/main.py +++ b/src/khoj/main.py @@ -14,7 +14,7 @@ import threading import warnings from importlib.metadata import version -from khoj.utils.helpers import in_debug_mode +from khoj.utils.helpers import in_debug_mode, is_env_var_true # Ignore non-actionable warnings warnings.filterwarnings("ignore", message=r"snapshot_download.py has been made private", category=FutureWarning) @@ -73,7 +73,8 @@ app.add_middleware( "http://localhost", # To allow access from Obsidian Android app "http://localhost:*", "http://127.0.0.1:*", - f"https://{KHOJ_DOMAIN}", + f"https://{KHOJ_DOMAIN}" if not is_env_var_true("KHOJ_NO_HTTPS") else f"http://{KHOJ_DOMAIN}", + f"https://{KHOJ_DOMAIN}:*" if not is_env_var_true("KHOJ_NO_HTTPS") else f"http://{KHOJ_DOMAIN}:*", "app://khoj.dev", ], allow_credentials=True,