wordpress-charmers team mailing list archive
-
wordpress-charmers team
-
Mailing list archive
-
Message #00611
[Merge] ~mthaddon/charm-k8s-wordpress/+git/charm-k8s-wordpress:admin-not-tls into charm-k8s-wordpress:master
Tom Haddon has proposed merging ~mthaddon/charm-k8s-wordpress/+git/charm-k8s-wordpress:admin-not-tls into charm-k8s-wordpress:master.
Commit message:
Don't force TLS on the admin site if don't have a tls_secret_name configured, to avoid one step in local set up
Requested reviews:
Canonical IS Reviewers (canonical-is-reviewers)
Wordpress Charmers (wordpress-charmers)
For more details, see:
https://code.launchpad.net/~mthaddon/charm-k8s-wordpress/+git/charm-k8s-wordpress/+merge/396185
Don't force TLS on the admin site if don't have a tls_secret_name configured, to avoid one step in local set up
--
Your team Wordpress Charmers is requested to review the proposed merge of ~mthaddon/charm-k8s-wordpress/+git/charm-k8s-wordpress:admin-not-tls into charm-k8s-wordpress:master.
diff --git a/image-builder/files/wp-config.php b/image-builder/files/wp-config.php
index b47b161..696b14d 100644
--- a/image-builder/files/wp-config.php
+++ b/image-builder/files/wp-config.php
@@ -21,8 +21,15 @@ if ( getenv("WORDPRESS_DEBUG") ) {
/** Fixes for mixed content when WordPress is behind nginx TLS reverse proxy.
* https://ahenriksson.com/2020/01/27/how-to-set-up-wordpress-behind-a-reverse-proxy-when-using-nginx/
+ * Check if we have a WORDPRESS_TLS_DISABLED environment variable, and if so
+ * don't force logins to the admin site to be via TLS (this can be done to
+ * make local testing one step easier).
* */
-define('FORCE_SSL_ADMIN', true);
+if ( getenv("WORDPRESS_TLS_DISABLED") ){
+ define('FORCE_SSL_ADMIN', false);
+} else {
+ define('FORCE_SSL_ADMIN', true);
+}
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS']='on';
diff --git a/src/charm.py b/src/charm.py
index f1a2252..919a85e 100755
--- a/src/charm.py
+++ b/src/charm.py
@@ -33,6 +33,8 @@ def generate_pod_config(config, secured=True):
pod_config["WORDPRESS_DB_HOST"] = config["db_host"]
pod_config["WORDPRESS_DB_NAME"] = config["db_name"]
pod_config["WORDPRESS_DB_USER"] = config["db_user"]
+ if not config["tls_secret_name"]:
+ pod_config["WORDPRESS_TLS_DISABLED"] = "true"
if config.get("wp_plugin_openid_team_map"):
pod_config["WP_PLUGIN_OPENID_TEAM_MAP"] = config["wp_plugin_openid_team_map"]
diff --git a/tests/unit/test_wordpress.py b/tests/unit/test_wordpress.py
index 92712e7..47cf8be 100644
--- a/tests/unit/test_wordpress.py
+++ b/tests/unit/test_wordpress.py
@@ -82,6 +82,15 @@ class HelperTest(unittest.TestCase):
test_container_config = yaml.safe_load(self.test_model_config["container_config"])
self.assertEqual(test_container_config["test-key"], result["test-key"])
+ # Test we pass set WORDPRESS_TLS_ENABLED if we have `tls_secret_name`.
+ result = charm.generate_pod_config(self.test_model_config)
+ self.assertNotIn("WORDPRESS_TLS_DISABLED", result)
+ # Remove `tls_secret_name` and test again.
+ non_tls_secret_config = copy.deepcopy(self.test_model_config)
+ non_tls_secret_config["tls_secret_name"] = ""
+ result = charm.generate_pod_config(non_tls_secret_config)
+ self.assertEqual(result["WORDPRESS_TLS_DISABLED"], "true")
+
class WordpressTest(unittest.TestCase):
References
