diff --git a/README.rst b/README.rst
index 2e4772adb9d0875b20e473c0f4b753a314267304..f39baead6748531aafff1f10f02308653b35921f 100644
--- a/README.rst
+++ b/README.rst
@@ -273,3 +273,11 @@ we will default to node1 as the name of your instance.
Assuming your project name is ``node1``, your server will be reachable
at ``https://node1.funkwhale.test/``. Not that you'll have to trust
the SSL Certificate as it's self signed.
+
+When working on federation with traefik, ensure you have this in your ``env``::
+
+ # This will ensure we don't bind any port on the host, and thus enable
+ # multiple instances of funkwhale to be spawned concurrently.
+ WEBPACK_DEVSERVER_PORT_BINDING=
+ # This disable certificate verification
+ EXTERNAL_REQUESTS_VERIFY_SSL=false
diff --git a/api/funkwhale_api/federation/activity.py b/api/funkwhale_api/federation/activity.py
index a674c70e3e3be77a4acff738dec562fd8354add0..24a1f782e0f807cc4931c05510159e438e0a992a 100644
--- a/api/funkwhale_api/federation/activity.py
+++ b/api/funkwhale_api/federation/activity.py
@@ -3,6 +3,8 @@ import json
import requests_http_signature
import uuid
+from django.conf import settings
+
from funkwhale_api.common import session
from . import models
@@ -74,6 +76,7 @@ def deliver(activity, on_behalf_of, to=[]):
json=activity,
url=recipient_actor.inbox_url,
timeout=5,
+ verify=settings.EXTERNAL_REQUESTS_VERIFY_SSL,
headers={
'Content-Type': 'application/activity+json'
}
diff --git a/api/funkwhale_api/federation/actors.py b/api/funkwhale_api/federation/actors.py
index d3a2093a9734d89d1024a88d6b732ad80560e09e..bb0b99cc2851bea6781cdc65eb21c225e39670e7 100644
--- a/api/funkwhale_api/federation/actors.py
+++ b/api/funkwhale_api/federation/actors.py
@@ -32,6 +32,7 @@ def get_actor_data(actor_url):
response = session.get_session().get(
actor_url,
timeout=5,
+ verify=settings.EXTERNAL_REQUESTS_VERIFY_SSL,
headers={
'Accept': 'application/activity+json',
}
diff --git a/api/funkwhale_api/federation/library.py b/api/funkwhale_api/federation/library.py
index 13608098b4137ea3afc55c37d0bd08a7ab8d3c45..f9a1de8f7b58cf0df770f617554c4bb153923e46 100644
--- a/api/funkwhale_api/federation/library.py
+++ b/api/funkwhale_api/federation/library.py
@@ -1,5 +1,7 @@
import requests
+from django.conf import settings
+
from funkwhale_api.common import session
from . import actors
@@ -69,6 +71,7 @@ def get_library_data(library_url):
library_url,
auth=auth,
timeout=5,
+ verify=settings.EXTERNAL_REQUESTS_VERIFY_SSL,
headers={
'Content-Type': 'application/activity+json'
}
diff --git a/api/funkwhale_api/federation/webfinger.py b/api/funkwhale_api/federation/webfinger.py
index d4170a4318f35c823d52d9c49871193f308826bd..f5cb996359fdfcd072d4715c06318230596692fa 100644
--- a/api/funkwhale_api/federation/webfinger.py
+++ b/api/funkwhale_api/federation/webfinger.py
@@ -47,7 +47,10 @@ def get_resource(resource_string):
username, hostname = clean_acct(resource, ensure_local=False)
url = 'https://{}/.well-known/webfinger?resource={}'.format(
hostname, resource_string)
- response = session.get_session().get(url, timeout=5)
+ response = session.get_session().get(
+ url,
+ verify=settings.EXTERNAL_REQUESTS_VERIFY_SSL,
+ timeout=5)
response.raise_for_status()
serializer = serializers.ActorWebfingerSerializer(data=response.json())
serializer.is_valid(raise_exception=True)
diff --git a/api/funkwhale_api/music/views.py b/api/funkwhale_api/music/views.py
index 6bbc21db7fc7771dd9880e742cc24f7053cf4aa9..98048b41d7edc41ac28749172feda426aaa03708 100644
--- a/api/funkwhale_api/music/views.py
+++ b/api/funkwhale_api/music/views.py
@@ -219,6 +219,7 @@ class TrackFileViewSet(viewsets.ReadOnlyModelViewSet):
auth=auth,
stream=True,
timeout=20,
+ verify=settings.EXTERNAL_REQUESTS_VERIFY_SSL,
headers={
'Content-Type': 'application/activity+json'
})