Tom Haddon has proposed merging ~mthaddon/charm-k8s-wordpress/+git/charm-k8s-wordpress:admin-not-tls into charm-k8s-wordpress:master.
Commit message: Don't force TLS on the admin site if don't have a tls_secret_name configured, to avoid one step in local set up Requested reviews: Canonical IS Reviewers (canonical-is-reviewers) Wordpress Charmers (wordpress-charmers) For more details, see: https://code.launchpad.net/~mthaddon/charm-k8s-wordpress/+git/charm-k8s-wordpress/+merge/396185 Don't force TLS on the admin site if don't have a tls_secret_name configured, to avoid one step in local set up -- Your team Wordpress Charmers is requested to review the proposed merge of ~mthaddon/charm-k8s-wordpress/+git/charm-k8s-wordpress:admin-not-tls into charm-k8s-wordpress:master.
diff --git a/image-builder/files/wp-config.php b/image-builder/files/wp-config.php index b47b161..696b14d 100644 --- a/image-builder/files/wp-config.php +++ b/image-builder/files/wp-config.php @@ -21,8 +21,15 @@ if ( getenv("WORDPRESS_DEBUG") ) { /** Fixes for mixed content when WordPress is behind nginx TLS reverse proxy. * https://ahenriksson.com/2020/01/27/how-to-set-up-wordpress-behind-a-reverse-proxy-when-using-nginx/ + * Check if we have a WORDPRESS_TLS_DISABLED environment variable, and if so + * don't force logins to the admin site to be via TLS (this can be done to + * make local testing one step easier). * */ -define('FORCE_SSL_ADMIN', true); +if ( getenv("WORDPRESS_TLS_DISABLED") ){ + define('FORCE_SSL_ADMIN', false); +} else { + define('FORCE_SSL_ADMIN', true); +} if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') $_SERVER['HTTPS']='on'; diff --git a/src/charm.py b/src/charm.py index f1a2252..919a85e 100755 --- a/src/charm.py +++ b/src/charm.py @@ -33,6 +33,8 @@ def generate_pod_config(config, secured=True): pod_config["WORDPRESS_DB_HOST"] = config["db_host"] pod_config["WORDPRESS_DB_NAME"] = config["db_name"] pod_config["WORDPRESS_DB_USER"] = config["db_user"] + if not config["tls_secret_name"]: + pod_config["WORDPRESS_TLS_DISABLED"] = "true" if config.get("wp_plugin_openid_team_map"): pod_config["WP_PLUGIN_OPENID_TEAM_MAP"] = config["wp_plugin_openid_team_map"] diff --git a/tests/unit/test_wordpress.py b/tests/unit/test_wordpress.py index 92712e7..47cf8be 100644 --- a/tests/unit/test_wordpress.py +++ b/tests/unit/test_wordpress.py @@ -82,6 +82,15 @@ class HelperTest(unittest.TestCase): test_container_config = yaml.safe_load(self.test_model_config["container_config"]) self.assertEqual(test_container_config["test-key"], result["test-key"]) + # Test we pass set WORDPRESS_TLS_ENABLED if we have `tls_secret_name`. + result = charm.generate_pod_config(self.test_model_config) + self.assertNotIn("WORDPRESS_TLS_DISABLED", result) + # Remove `tls_secret_name` and test again. + non_tls_secret_config = copy.deepcopy(self.test_model_config) + non_tls_secret_config["tls_secret_name"] = "" + result = charm.generate_pod_config(non_tls_secret_config) + self.assertEqual(result["WORDPRESS_TLS_DISABLED"], "true") + class WordpressTest(unittest.TestCase):
-- Mailing list: https://launchpad.net/~wordpress-charmers Post to : wordpress-charmers@lists.launchpad.net Unsubscribe : https://launchpad.net/~wordpress-charmers More help : https://help.launchpad.net/ListHelp