Re: [pylons-devel] Waitress 1.2.0 beta 1

[Bert JW Regeer]

The docs assume you are passing the parameters directly to `waitress.serve()`, 
waitress itself has no ini support.

Bert

> On Jan 6, 2019, at 17:55, Lance Edgar  wrote:
> 
> I tried it out on a local dev environment and was able to get it to work, 
> fine from what I can tell.
> 
> The only hiccup was that the docs 
> 
>  show quotes around the value for `trusted_proxy_headers` - which didn't work 
> in my ini file.  Maybe the docs assume something other than ini file for the 
> config definition, anyway it was a small gotcha until I removed the quotes.
> 
> Lance
> 
> 
> 
> On 12/31/18 3:12 PM, Bert JW Regeer wrote:
>> Hey all,
>> 
>> As a new years gift, I have just released a beta version of waitress 1.2.0, 
>> hopefully with a bit of luck this will be the only beta release with minimal 
>> or no changes and 1.2.0 should follow shortly.
>> 
>> This release has some major changes to the proxy handling in Waitress, which 
>> will be of note for those of you that use Waitress behind a reverse proxy 
>> such as NGINX/HAProxy/Apache or others.
>> 
>> Waitress is now able to manipulate and change the WSGI environment to match 
>> what the proxy headers are sending, and has full support for the new 
>> Forwarded header.
>> 
>> Documentation is available here: 
>> https://docs.pylonsproject.org/projects/waitress/en/latest/reverse-proxy.html
>>  
>> 
>> 
>> Please note that in the future Waitress is going to be more secure by 
>> default, and will strip known proxy headers before forwarding them on in the 
>> WSGI environ to help protect WSGI applications from accidentally using 
>> attacker provider proxy headers and their values.
>> 
>> Waitress will warn if you don't explicitly opt-in to the following:
>> 
>> If trusted_proxy is set, trusted_proxy_headers should be set to the values 
>> you explicitly want Waitress to use (and are known valid from an upstream 
>> proxy), and clear_untrusted_proxy_headers should be set to either True or 
>> False. See 
>> https://docs.pylonsproject.org/projects/waitress/en/latest/arguments.html 
>>  
>> for more information on what these knobs are and valid values.
>> 
>> I am hoping to get some feedback from testing, if you can, deploy this and 
>> remove any middleware you may have that is manipulating the environ and test 
>> if waitress matches expectations.
>> 
>> 
>> https://pypi.org/project/waitress/1.2.0b1/ 
>> 
>> 
>> pip install waitress=1.2.0b1
>> 
>> Thank you,
>> Bert JW Regeer
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "pylons-devel" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to pylons-devel+unsubscr...@googlegroups.com 
>> .
>> To post to this group, send email to pylons-devel@googlegroups.com 
>> .
>> Visit this group at https://groups.google.com/group/pylons-devel 
>> .
>> For more options, visit https://groups.google.com/d/optout 
>> .
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "pylons-devel" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to pylons-devel+unsubscr...@googlegroups.com 
> .
> To post to this group, send email to pylons-devel@googlegroups.com 
> .
> Visit this group at https://groups.google.com/group/pylons-devel 
> .
> For more options, visit https://groups.google.com/d/optout 
> .

-- 
You received this message because you are subscribed to the Google Groups 
"pylons-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-devel+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-devel@googlegroups.com.
Visit this group at https://groups.google.com/group/pylons-devel.
For more options, visit https://groups.google.com/d/optout.

Re: [pylons-devel] Waitress 1.2.0 beta 1

[Lance Edgar]

I tried it out on a local dev environment and was able to get it to 
work, fine from what I can tell.


The only hiccup was that the docs 
 
show quotes around the value for `trusted_proxy_headers` - which didn't 
work in my ini file.  Maybe the docs assume something other than ini 
file for the config definition, anyway it was a small gotcha until I 
removed the quotes.


Lance


On 12/31/18 3:12 PM, Bert JW Regeer wrote:

Hey all,

As a new years gift, I have just released a beta version of waitress 
1.2.0, hopefully with a bit of luck this will be the only beta release 
with minimal or no changes and 1.2.0 should follow shortly.


This release has some major changes to the proxy handling in Waitress, 
which will be of note for those of you that use Waitress behind a 
reverse proxy such as NGINX/HAProxy/Apache or others.


Waitress is now able to manipulate and change the WSGI environment to 
match what the proxy headers are sending, and has full support for the 
new Forwarded header.


Documentation is available here: 
https://docs.pylonsproject.org/projects/waitress/en/latest/reverse-proxy.html


Please note that in the future Waitress is going to be more secure by 
default, and will strip known proxy headers before forwarding them on 
in the WSGI environ to help protect WSGI applications from 
accidentally using attacker provider proxy headers and their values.


Waitress will warn if you don't explicitly opt-in to the following:

If trusted_proxy is set, trusted_proxy_headers should be set to the 
values you explicitly want Waitress to use (and are known valid from 
an upstream proxy), and clear_untrusted_proxy_headers should be set to 
either True or False. See 
https://docs.pylonsproject.org/projects/waitress/en/latest/arguments.html for 
more information on what these knobs are and valid values.


I am hoping to get some feedback from testing, if you can, deploy this 
and remove any middleware you may have that is manipulating the 
environ and test if waitress matches expectations.



https://pypi.org/project/waitress/1.2.0b1/

pip install waitress=1.2.0b1

Thank you,
Bert JW Regeer
--
You received this message because you are subscribed to the Google 
Groups "pylons-devel" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to pylons-devel+unsubscr...@googlegroups.com 
.
To post to this group, send email to pylons-devel@googlegroups.com 
.

Visit this group at https://groups.google.com/group/pylons-devel.
For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups 
"pylons-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to pylons-devel+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-devel@googlegroups.com.
Visit this group at https://groups.google.com/group/pylons-devel.
For more options, visit https://groups.google.com/d/optout.