From 14c8073e2697fb52ce2aa724bcd1179cabc08bee Mon Sep 17 00:00:00 2001
From: Eliot Berriot <contact@eliotberriot.com>
Date: Sat, 2 Jun 2018 09:17:32 +0200
Subject: [PATCH] Ensure we can serve images securely locally

---
 .env.dev                          | 1 +
 api/config/settings/common.py     | 3 +++
 api/config/settings/production.py | 4 ----
 docker/nginx/entrypoint.sh        | 1 +
 4 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/.env.dev b/.env.dev
index e117dbe5..7037b1db 100644
--- a/.env.dev
+++ b/.env.dev
@@ -11,3 +11,4 @@ WEBPACK_DEVSERVER_PORT=8080
 MUSIC_DIRECTORY_PATH=/music
 BROWSABLE_API_ENABLED=True
 CACHEOPS_ENABLED=False
+FORWARDED_PROTO=http
diff --git a/api/config/settings/common.py b/api/config/settings/common.py
index 50c62e9d..6ab2a830 100644
--- a/api/config/settings/common.py
+++ b/api/config/settings/common.py
@@ -303,6 +303,9 @@ ROOT_URLCONF = 'config.urls'
 WSGI_APPLICATION = 'config.wsgi.application'
 ASGI_APPLICATION = "config.routing.application"
 
+# This ensures that Django will be able to detect a secure connection
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+
 # AUTHENTICATION CONFIGURATION
 # ------------------------------------------------------------------------------
 AUTHENTICATION_BACKENDS = (
diff --git a/api/config/settings/production.py b/api/config/settings/production.py
index 2866e910..39be40dc 100644
--- a/api/config/settings/production.py
+++ b/api/config/settings/production.py
@@ -22,10 +22,6 @@ from .common import *  # noqa
 # Raises ImproperlyConfigured exception if DJANGO_SECRET_KEY not in os.environ
 SECRET_KEY = env("DJANGO_SECRET_KEY")
 
-# This ensures that Django will be able to detect a secure connection
-# properly on Heroku.
-SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
-
 # django-secure
 # ------------------------------------------------------------------------------
 # INSTALLED_APPS += ("djangosecure", )
diff --git a/docker/nginx/entrypoint.sh b/docker/nginx/entrypoint.sh
index 14e072a7..ea6a3322 100755
--- a/docker/nginx/entrypoint.sh
+++ b/docker/nginx/entrypoint.sh
@@ -12,6 +12,7 @@ cp /etc/nginx/funkwhale_proxy.conf{.template,}
 sed -i "s/X-Forwarded-Host \$host:\$server_port/X-Forwarded-Host ${FUNKWHALE_HOSTNAME}:${FORWARDED_PORT}/" /etc/nginx/funkwhale_proxy.conf
 sed -i "s/proxy_set_header Host \$host/proxy_set_header Host ${FUNKWHALE_HOSTNAME}/" /etc/nginx/funkwhale_proxy.conf
 sed -i "s/proxy_set_header X-Forwarded-Port \$server_port/proxy_set_header X-Forwarded-Port ${FORWARDED_PORT}/" /etc/nginx/funkwhale_proxy.conf
+sed -i "s/proxy_set_header X-Forwarded-Proto \$scheme/proxy_set_header X-Forwarded-Proto ${FORWARDED_PROTO}/" /etc/nginx/funkwhale_proxy.conf
 
 cat /etc/nginx/funkwhale_proxy.conf
 nginx -g "daemon off;"
-- 
GitLab