mirror of
https://github.com/khoj-ai/khoj.git
synced 2024-11-27 09:25:06 +01:00
Fix access to Khoj admin panel from non HTTPS custom domains
To access the Khoj admin panel from a non HTTPS custom domain the `KHOJ_NO_SSL' and `KHOJ_DOMAIN' env vars need to be explictly set. See the updated setup docs for details. Resolves #662
This commit is contained in:
parent
46210695b6
commit
e9f608174b
3 changed files with 11 additions and 8 deletions
|
@ -189,10 +189,12 @@ Note: To start Khoj automatically in the background use [Task scheduler](https:/
|
|||
|
||||
### Setup Notes
|
||||
|
||||
Optionally, you can use Khoj with a custom domain as well. To do so, you need to set the `KHOJ_DOMAIN` environment variable to your domain (e.g., `export KHOJ_DOMAIN=my-khoj-domain.com` or add it to your `docker-compose.yml`). By default, the Khoj server you set up will not be accessible outside of `localhost` or `127.0.0.1`.
|
||||
You can use Khoj with a custom domain as well. To do so, you need to set the `KHOJ_DOMAIN` environment variable to your domain (e.g., `export KHOJ_DOMAIN=my-khoj-domain.com` or add it to your `docker-compose.yml`). By default, the Khoj server you set up will not be accessible outside of `localhost` or `127.0.0.1`.
|
||||
|
||||
:::warning[Must use an SSL certificate]
|
||||
If you're using a custom domain, you must use an SSL certificate. You can use [Let's Encrypt](https://letsencrypt.org/) to get a free SSL certificate for your domain.
|
||||
:::warning[Without HTTPS certificate]
|
||||
To expose Khoj on a custom domain over the public internet, use of an SSL certificate is strongly recommended. You can use [Let's Encrypt](https://letsencrypt.org/) to get a free SSL certificate for your domain.
|
||||
|
||||
To disable HTTPS, set the `KHOJ_NO_HTTPS` environment variable to `True`. This can be useful if Khoj is only accessible behind a secure, private network.
|
||||
:::
|
||||
|
||||
### 2. Configure
|
||||
|
|
|
@ -13,7 +13,7 @@ https://docs.djangoproject.com/en/4.2/ref/settings/
|
|||
import os
|
||||
from pathlib import Path
|
||||
|
||||
from khoj.utils.helpers import in_debug_mode
|
||||
from khoj.utils.helpers import in_debug_mode, is_env_var_true
|
||||
|
||||
# Build paths inside the project like this: BASE_DIR / 'subdir'.
|
||||
BASE_DIR = Path(__file__).resolve().parent.parent
|
||||
|
@ -50,8 +50,8 @@ else:
|
|||
CSRF_COOKIE_DOMAIN = KHOJ_DOMAIN
|
||||
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
|
||||
|
||||
SESSION_COOKIE_SECURE = True
|
||||
CSRF_COOKIE_SECURE = True
|
||||
SESSION_COOKIE_SECURE = not is_env_var_true("KHOJ_NO_HTTPS")
|
||||
CSRF_COOKIE_SECURE = not is_env_var_true("KHOJ_NO_HTTPS")
|
||||
COOKIE_SAMESITE = "None"
|
||||
SESSION_COOKIE_SAMESITE = "None"
|
||||
|
||||
|
|
|
@ -14,7 +14,7 @@ import threading
|
|||
import warnings
|
||||
from importlib.metadata import version
|
||||
|
||||
from khoj.utils.helpers import in_debug_mode
|
||||
from khoj.utils.helpers import in_debug_mode, is_env_var_true
|
||||
|
||||
# Ignore non-actionable warnings
|
||||
warnings.filterwarnings("ignore", message=r"snapshot_download.py has been made private", category=FutureWarning)
|
||||
|
@ -73,7 +73,8 @@ app.add_middleware(
|
|||
"http://localhost", # To allow access from Obsidian Android app
|
||||
"http://localhost:*",
|
||||
"http://127.0.0.1:*",
|
||||
f"https://{KHOJ_DOMAIN}",
|
||||
f"https://{KHOJ_DOMAIN}" if not is_env_var_true("KHOJ_NO_HTTPS") else f"http://{KHOJ_DOMAIN}",
|
||||
f"https://{KHOJ_DOMAIN}:*" if not is_env_var_true("KHOJ_NO_HTTPS") else f"http://{KHOJ_DOMAIN}:*",
|
||||
"app://khoj.dev",
|
||||
],
|
||||
allow_credentials=True,
|
||||
|
|
Loading…
Reference in a new issue