hackclub/burrow
1
0
Fork 0
Code Pull requests Releases Packages Activity Actions

Force https-only Zulip SAML login

Browse source
This commit is contained in:
Conrad Kramer 2026-04-19 01:43:43 -07:00
parent 2af7618f52
commit 4c3dcdd17b
1 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
nixos/modules/burrow-zulip.nix
View file

@ -340,13 +340,18 @@ services:
SETTING_ZULIP_ADMINISTRATOR: "${cfg.administratorEmail}" SETTING_ZULIP_ADMINISTRATOR: "${cfg.administratorEmail}"
TRUST_GATEWAY_IP: "True" TRUST_GATEWAY_IP: "True"
SETTING_SEND_LOGIN_EMAILS: "False" SETTING_SEND_LOGIN_EMAILS: "False"
ZULIP_AUTH_BACKENDS: "EmailAuthBackend,SAMLAuthBackend" ZULIP_AUTH_BACKENDS: "SAMLAuthBackend"
CONFIG_application_server__http_only: true CONFIG_application_server__http_only: true
CONFIG_application_server__nginx_listen_port: ${toString cfg.port} CONFIG_application_server__nginx_listen_port: ${toString cfg.port}
CONFIG_application_server__queue_workers_multiprocess: false CONFIG_application_server__queue_workers_multiprocess: false
ZULIP_CUSTOM_SETTINGS: | ZULIP_CUSTOM_SETTINGS: |
EMAIL_BACKEND = "django.core.mail.backends.filebased.EmailBackend" EMAIL_BACKEND = "django.core.mail.backends.filebased.EmailBackend"
EMAIL_FILE_PATH = "/data/logs/emails" EMAIL_FILE_PATH = "/data/logs/emails"
EXTERNAL_URI_SCHEME = "https://"
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
USE_X_FORWARDED_HOST = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SOCIAL_AUTH_SAML_ORG_INFO = { SOCIAL_AUTH_SAML_ORG_INFO = {
"en-US": { "en-US": {
"displayname": "Burrow Zulip", "displayname": "Burrow Zulip",