django-DefectDojo
django-DefectDojo copied to clipboard
DefectDojo
Run under a context path
I am deploying defectdojo in a k8s cluster and am using Ambassador to manage TLS and routing. I'd like to deploy it at an endpoint like https://cluster.tld/defectdojo/. How can I configure defectdojo to prepend all uris in the app with /defectdojo/ such that navigating to https://cluster.tld/defectdojo/ properly redirects to https://cluster.tld/defectdojo/login and so forth?
Have you tried setting the parameter DD_SITE_URL? Not sure if it works with the extra /defectdojo/ bit.
There's actually a super old setting "DD_URL_PREFIX" from the very early days of DefectDojo that allows you to move the base URL of DefectDojo off the web servers root directory. See https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/settings/settings.dist.py#L398
I'd set that as an environmental variable or with the local_settings.py file.
Way back in the VM days, it allowed you to run DefectDojo on the same VM as other apps where you had URLs like: mydomain.example.com/dojo => DefectDojo mydomain.example.com/otherApp => Another app running on the same VM
If you sent DD_SITE_URL to "https://cluster.tld" and DD_URL_PREFIX to "defectdojo", I believe you'll get the configuration you're looking for.
HTH
Thanks. I updated the values.yml file with these values:
extraConfigs:
DD_SITE_URL: "https://cluster.tld"
DD_URL_PREFIX: "defectdojo"
And I have a k8s mapping:
NAME PREFIX SERVICE STATE REASON
defectdojo-mapping /defectdojo/ defectdojo-django.prod Running
But now when I navigate to https://cluster.tld/defectdojo/ I am redirected to https://cluster.tld/login?next=/defectdojo/ which isn't a routable path.
Two things come to mind: (1) Was DefectDojo/uwsgi container restarted to those new configs would be seen? and/or Are you sure those setting changes took? There's always the Django manage.py shell to really poke around on the inside to debug this
(2) It's possible that that very old 'feature' of DD_URL_PREFIX has been inadvertently deprecated due to lack of use. I haven't used it for ~7 years and DefectDojo has changed a bunch. Maybe trace the source for DD_URL_PREFIX and make sure it's actually used for the login redirect still?
If you haven't asked in the Slack channel, that's another good place to see if someone else had and solved a similar need.
I terminated the pods and restarted them with the new configuration. I exec'd into the uwsgi container and confirmed that both env vars are set correctly. I asked this question on slack as well and was directed to the DD_URL_PREFIX variable. I'll poke around in the code and see how this variable is being used.
Okay I exec'd into the uwsgi container and ran the manage.py shell script.
>>> from dojo.utils import get_system_setting
>>> get_system_setting('url_prefix')
''
Also:
$ cat dojo/fixtures/system_settings.json | grep prefix
"url_prefix": "",
It looks like the URL_PREFIX variable is not being set in the app from the environment. I'm a little confused how this works though. We have:
https://github.com/DefectDojo/django-DefectDojo/blob/d07c007f24b1c6f0509b32e5aad3f2a2765b4581/dojo/settings/settings.dist.py#L398
But then at no point is the URL_PREFIX variable referenced anywhere else in the code except for docs/content/en/getting_started/upgrading.md. I see that the System_Settings class has a url_prefix attribute which is loaded from the database but I don't see how that variable is set in the db.
From what I remember from earlier discussions around this the URL_PREFIX stuff doesn't work. Or maybe it works, but I think it all depended on SCRIPT_NAME being set correctly in/for uwsgi. (no straightforward answer if you google that)
We are also facing same challenge. @mike-lloyd03 Did you managed to to get it working?
No I was not able to get it to work with a prefix. I ended up deploying it at its own url.