From 9f734dff179473c8fc46f1ddcd2d322fdedef095 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Mon, 1 Sep 2025 15:15:04 +0200 Subject: [PATCH] web-app-pretix: fix healthcheck and allowed hosts - Add Host header to curl healthcheck when container_hostname is defined - Use PRETIX_PRETIX_ALLOWED_HOSTS to fix Django 400 Bad Request during healthcheck - Centralize PRETIX_HOSTNAME from container_hostname var - Add Redis broker/result backend config for Celery See: https://chatgpt.com/share/68b59c42-c0fc-800f-9bfb-f1137c59b3de --- .../templates/healthcheck/curl.yml.j2 | 4 ++++ roles/web-app-pretix/templates/env.j2 | 9 +++++++-- roles/web-app-pretix/vars/main.yml | 16 ++++++++++++---- 3 files changed, 23 insertions(+), 6 deletions(-) diff --git a/roles/docker-container/templates/healthcheck/curl.yml.j2 b/roles/docker-container/templates/healthcheck/curl.yml.j2 index 033df84e..f98fa040 100644 --- a/roles/docker-container/templates/healthcheck/curl.yml.j2 +++ b/roles/docker-container/templates/healthcheck/curl.yml.j2 @@ -3,6 +3,10 @@ - "CMD" - "curl" - "-f" +{% if container_hostname %} + - "-H" + - "Host: {{ container_hostname }}" +{% endif %} - "http://127.0.0.1{{ (":" ~ container_port) if container_port is defined else '' }}/{{ container_healthcheck | default('') }}" interval: 1m timeout: 10s diff --git a/roles/web-app-pretix/templates/env.j2 b/roles/web-app-pretix/templates/env.j2 index 11ba5a10..4016dfc4 100644 --- a/roles/web-app-pretix/templates/env.j2 +++ b/roles/web-app-pretix/templates/env.j2 @@ -1,5 +1,6 @@ ## Pretix core PRETIX_PRETIX_INSTANCE_NAME="{{ PRIMARY_DOMAIN | upper }} Tickets" +PRETIX_PRETIX_ALLOWED_HOSTS="{{ PRETIX_HOSTNAME }},127.0.0.1,localhost" PRETIX_PRETIX_URL="{{ PRETIX_URL }}" PRETIX_PRETIX_AUTH_BACKENDS="pretix.base.auth.NativeAuthBackend{% if PRETIX_OIDC_ENABLED %},pretix_oidc.auth.OIDCAuthBackend{% endif %}" @@ -16,12 +17,16 @@ PRETIX_DATABASE_PORT="{{ database_port }}" PRETIX_WEB_CONCURRENCY="{{ POSTGRES_ALLOWED_AVG_CONNECTIONS }}" PRETIX_WORKER_THREADS="{{ (POSTGRES_ALLOWED_AVG_CONNECTIONS | int // 2 ) }}" +{% if PRETIX_REDIS_ENABLED %} ## Redis -PRETIX_REDIS_LOCATION="redis://redis:6379/1" PRETIX_REDIS_SESSIONS="true" +PRETIX_REDIS_LOCATION="redis://redis:6379/{{ PRETIX_REDIS_CACHE_DB }}" +CELERY_BROKER_URL="redis://redis:6379/{{ PRETIX_REDIS_BROKER_DB }}" +CELERY_RESULT_BACKEND="redis://redis:6379/{{ PRETIX_REDIS_RESULT_DB }}" +{% endif %} -## OIDC (plugin) {% if PRETIX_OIDC_ENABLED %} +## OIDC (plugin) PRETIX_OIDC_TITLE="{{ PRETIX_OIDC_LABEL | replace('\"','\\\"') }}" PRETIX_OIDC_ISSUER="{{ PRETIX_OIDC_ISSUER }}" PRETIX_OIDC_AUTHORIZATION_ENDPOINT="{{ PRETIX_OIDC_AUTH_URL }}" diff --git a/roles/web-app-pretix/vars/main.yml b/roles/web-app-pretix/vars/main.yml index b9cc1549..ae12c1e2 100644 --- a/roles/web-app-pretix/vars/main.yml +++ b/roles/web-app-pretix/vars/main.yml @@ -2,12 +2,14 @@ application_id: "web-app-pretix" database_type: "postgres" container_port: 80 +container_hostname: "{{ domains | get_domain(application_id) }}" -# URLs +# Pretix +## URLs PRETIX_URL: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}" -PRETIX_HOSTNAME: "{{ domains | get_domain(application_id) }}" +PRETIX_HOSTNAME: "{{ container_hostname }}" -# OIDC (mirrors GitLab’s pattern) +## OIDC (mirrors GitLab’s pattern) PRETIX_OIDC_ENABLED: "{{ applications | get_app_conf(application_id, 'features.oidc') }}" PRETIX_OIDC_LABEL: "{{ OIDC.BUTTON_TEXT }}" PRETIX_OIDC_CLIENT_ID: "{{ OIDC.CLIENT.ID }}" @@ -22,7 +24,13 @@ PRETIX_OIDC_SCOPES: "openid,email,profile" # Use Keycloak username claim by default (plugin default is 'sub') PRETIX_OIDC_UNIQUE_ATTRIBUTE: "{{ OIDC.ATTRIBUTES.USERNAME }}" -# Docker +## Redis +PRETIX_REDIS_ENABLED: "{{ applications | get_app_conf(application_id, 'docker.services.redis.enabled') }}" +PRETIX_REDIS_CACHE_DB: 1 +PRETIX_REDIS_BROKER_DB: 0 +PRETIX_REDIS_RESULT_DB: 2 + +## Docker PRETIX_IMAGE_CUSTOM: "pretix_custom" PRETIX_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.pretix.image') }}" PRETIX_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.pretix.version') }}"