1) Gunicorn has SSL settings but I am not familiar with them myself: https://docs.gunicorn.org/en/latest/settings.html#ssl It is very common and recommended to run a local proxy in front of gunicorn and have that handle https: http://docs.gunicorn.org/en/latest/deploy.html
2) Make sure to set `base_url` in your config to include https, so that when full links are generated, they include https. 3) Allura itself doesn't have mechanisms for network access control, but you could do it at the OS level. Run allura/gunicorn on some port number that is internal only (e.g firewalled by the OS or network configuration) and then your https proxy runs on port 443 publicly and routes back to the private port. Regarding, Ingo's suggestions and other ideas, another idea is to implement a custom AuthenticationProvider, see https://forge-allura.apache.org/docs/development/extending.html There are a lot of hooks to use there, including login/logout/etc and probably could read & write the main session cookie to make someone become logged in. Probably more work, but could be a more integrated option. --- ** [tickets:#8275] Proxy server configuration for Single Sign-On** **Status:** open **Milestone:** unreleased **Created:** Thu Apr 04, 2019 05:36 PM UTC by Vrinda **Last Updated:** Fri Apr 05, 2019 05:17 AM UTC **Owner:** nobody Hello, I am looking at setting up a proxy server in front of Allura's gunicorn to enable single sign-on. Could you please help me with a few things: 1. To support 'https' protocol, how do I install SSL certificate for gunicorn? 2. Is there any other configuration I need to do in the application to support https? 3. How can I configure Allura to accept requests only from the proxy server? --- Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/ To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
