Skip to content

Commit

Permalink
added healthcheck middleware for ALBs
Browse files Browse the repository at this point in the history
  • Loading branch information
lme-nca authored and pna-nca committed Apr 7, 2024
1 parent 5fbc893 commit 1dfcc3f
Show file tree
Hide file tree
Showing 5 changed files with 36 additions and 1 deletion.
19 changes: 19 additions & 0 deletions dojo/middleware.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
from threading import local
from django.db import models
from django.urls import reverse
from django.http import HttpResponse


logger = logging.getLogger(__name__)
Expand Down Expand Up @@ -164,3 +165,21 @@ def __init__(self, get_response):
def __call__(self, request):
request.META.update(settings.ADDITIONAL_HEADERS)
return self.get_response(request)


class HealthCheckMiddleware:
"""
Middleware that will allow for a healthcheck to return UP without the caller being in the
DJANGO ALLOWED_HOSTS list. Needed for AWS ALB healthchecks and improves general k8 healthchecks
"""

def __init__(self, get_response):

self.get_response = get_response

def __call__(self, request):
if request.META['PATH_INFO'] == '/health':
return HttpResponse('UP!')
else:
response = self.get_response(request)
return response
1 change: 1 addition & 0 deletions dojo/settings/settings.dist.py
Original file line number Diff line number Diff line change
Expand Up @@ -900,6 +900,7 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param
# MIDDLEWARE
# ------------------------------------------------------------------------------
DJANGO_MIDDLEWARE_CLASSES = [
'dojo.middleware.HealthCheckMiddleware',
'django.middleware.common.CommonMiddleware',
'dojo.middleware.APITrailingSlashMiddleware',
'dojo.middleware.DojoSytemSettingsMiddleware',
Expand Down
2 changes: 2 additions & 0 deletions helm/defectdojo/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -201,6 +201,8 @@ django:
# Depending on the size and complexity of your scans, you might want to increase the default ingress timeouts if you see repeated 504 Gateway Timeouts
# nginx.ingress.kubernetes.io/proxy-read-timeout: "1800"
# nginx.ingress.kubernetes.io/proxy-send-timeout: "1800"
# specific for AWS deployments Defectdojo has the /health endpoint for ALB healthchecks
# alb.ingress.kubernetes.io/healthcheck-path: /health
nginx:
tls:
enabled: false
Expand Down
8 changes: 7 additions & 1 deletion nginx/nginx.conf
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,13 @@ http {
include /etc/nginx/wsgi_params;
access_log off;
}

# Used by AWS ALB health checks
location = /health {
limit_except GET { deny all; }
include /run/defectdojo/uwsgi_pass;
include /etc/nginx/wsgi_params;
access_log off;
}

error_page 500 502 503 504 /50x.html;
}
Expand Down
7 changes: 7 additions & 0 deletions nginx/nginx_TLS.conf
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,13 @@ http {
include /etc/nginx/wsgi_params;
access_log off;
}
# Used by AWS ALB health checks
location = /health {
limit_except GET { deny all; }
include /run/defectdojo/uwsgi_pass;
include /etc/nginx/wsgi_params;
access_log off;
}
error_page 500 502 503 504 /50x.html;
}
}

0 comments on commit 1dfcc3f

Please sign in to comment.