web-app-pretix: fix healthcheck and allowed hosts

- Add Host header to curl healthcheck when container_hostname is defined
- Use PRETIX_PRETIX_ALLOWED_HOSTS to fix Django 400 Bad Request during healthcheck
- Centralize PRETIX_HOSTNAME from container_hostname var
- Add Redis broker/result backend config for Celery

See: https://chatgpt.com/share/68b59c42-c0fc-800f-9bfb-f1137c59b3de

roles/docker-container/templates/healthcheck/curl.yml.j2

@@ -3,6 +3,10 @@
         - "CMD"
         - "curl"
         - "-f"
+{% if container_hostname %}
+        - "-H"
+        - "Host: {{ container_hostname }}"
+{% endif %}
         - "http://127.0.0.1{{ (":" ~ container_port) if container_port is defined else '' }}/{{ container_healthcheck | default('') }}"
       interval: 1m
       timeout: 10s

roles/web-app-pretix/templates/env.j2

@@ -1,5 +1,6 @@
 ## Pretix core
 PRETIX_PRETIX_INSTANCE_NAME="{{ PRIMARY_DOMAIN | upper }} Tickets"
+PRETIX_PRETIX_ALLOWED_HOSTS="{{ PRETIX_HOSTNAME }},127.0.0.1,localhost"
 PRETIX_PRETIX_URL="{{ PRETIX_URL }}"
 PRETIX_PRETIX_AUTH_BACKENDS="pretix.base.auth.NativeAuthBackend{% if PRETIX_OIDC_ENABLED %},pretix_oidc.auth.OIDCAuthBackend{% endif %}"
 
@@ -16,12 +17,16 @@ PRETIX_DATABASE_PORT="{{ database_port }}"
 PRETIX_WEB_CONCURRENCY="{{ POSTGRES_ALLOWED_AVG_CONNECTIONS }}"
 PRETIX_WORKER_THREADS="{{ (POSTGRES_ALLOWED_AVG_CONNECTIONS | int // 2 ) }}"
 
+{% if PRETIX_REDIS_ENABLED %}
 ## Redis
-PRETIX_REDIS_LOCATION="redis://redis:6379/1"
 PRETIX_REDIS_SESSIONS="true"
+PRETIX_REDIS_LOCATION="redis://redis:6379/{{ PRETIX_REDIS_CACHE_DB }}"
+CELERY_BROKER_URL="redis://redis:6379/{{ PRETIX_REDIS_BROKER_DB }}"
+CELERY_RESULT_BACKEND="redis://redis:6379/{{ PRETIX_REDIS_RESULT_DB }}"
+{% endif %}
 
-## OIDC (plugin)
 {% if PRETIX_OIDC_ENABLED %}
+## OIDC (plugin)
 PRETIX_OIDC_TITLE="{{ PRETIX_OIDC_LABEL | replace('\"','\\\"') }}"
 PRETIX_OIDC_ISSUER="{{ PRETIX_OIDC_ISSUER }}"
 PRETIX_OIDC_AUTHORIZATION_ENDPOINT="{{ PRETIX_OIDC_AUTH_URL }}"

roles/web-app-pretix/vars/main.yml

@@ -2,12 +2,14 @@
 application_id:                 "web-app-pretix"
 database_type:                  "postgres"
 container_port:                 80
+container_hostname:             "{{ domains | get_domain(application_id) }}"
 
-# URLs
+# Pretix
+## URLs
 PRETIX_URL:                     "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
-PRETIX_HOSTNAME:                "{{ domains | get_domain(application_id) }}"
+PRETIX_HOSTNAME:                "{{ container_hostname }}"
 
-# OIDC (mirrors GitLab’s pattern)
+## OIDC (mirrors GitLab’s pattern)
 PRETIX_OIDC_ENABLED:            "{{ applications | get_app_conf(application_id, 'features.oidc') }}"
 PRETIX_OIDC_LABEL:              "{{ OIDC.BUTTON_TEXT }}"
 PRETIX_OIDC_CLIENT_ID:          "{{ OIDC.CLIENT.ID }}"
@@ -22,7 +24,13 @@ PRETIX_OIDC_SCOPES:             "openid,email,profile"
 # Use Keycloak username claim by default (plugin default is 'sub')
 PRETIX_OIDC_UNIQUE_ATTRIBUTE:   "{{ OIDC.ATTRIBUTES.USERNAME }}"
 
-# Docker
+## Redis
+PRETIX_REDIS_ENABLED:           "{{ applications | get_app_conf(application_id, 'docker.services.redis.enabled') }}"
+PRETIX_REDIS_CACHE_DB:          1
+PRETIX_REDIS_BROKER_DB:         0
+PRETIX_REDIS_RESULT_DB:         2
+
+## Docker
 PRETIX_IMAGE_CUSTOM:            "pretix_custom"
 PRETIX_IMAGE:                   "{{ applications | get_app_conf(application_id, 'docker.services.pretix.image') }}"
 PRETIX_VERSION:                 "{{ applications | get_app_conf(application_id, 'docker.services.pretix.version') }}"