Use the system trust store for python requests rather than certifi
Custom CA are added to the system trust store, never to certifi. It is necessary to use the system trust store to cover the scenario where private or self-signed certificate authrorities are used to secure APIs that the uwsgi service should communicate with. The default is changed to the system trust store, and can be overridden per service through uwsgi_services, or globally through uwsgi_ini_overrides. Change-Id: Idb532c206c3338b9934dfa47e76170aebbb5a5ef
This commit is contained in:
parent
95f74142a3
commit
5f2a073243
|
@ -28,6 +28,9 @@ uwsgi_python_executable: "python3"
|
|||
|
||||
uwsgi_package_state: "latest"
|
||||
|
||||
# Default environment variables to set for uwsgi process
|
||||
uwsgi_env: "{{ _uwsgi_env }}"
|
||||
|
||||
# Define uwsgi_services for deployment of uwsgi. You should provide
|
||||
# at least wsgi_path and uwsgi_port. wsgi_venv should be defined for
|
||||
# services installed inside virtualenv.
|
||||
|
@ -45,6 +48,7 @@ uwsgi_package_state: "latest"
|
|||
# uwsgi_threads: 1
|
||||
# uwsgi_bind_address: 0.0.0.0
|
||||
# uwsgi_port: 8080
|
||||
# uwsgi_env: "FOO=bar"
|
||||
uwsgi_services: {}
|
||||
|
||||
# Override can be used to apply config change to all uwsgi services
|
||||
|
|
|
@ -30,6 +30,7 @@ http-auto-chunked = true
|
|||
http-raw-body = true
|
||||
socket-timeout = 10
|
||||
need-app = true
|
||||
env = {{ item.value.uwsgi_env | default(uwsgi_env) }}
|
||||
|
||||
log-x-forwarded-for = true
|
||||
# Avoid filling up the logs with health check requests from haproxy.
|
||||
|
|
|
@ -22,3 +22,5 @@ uwsgi_distro_packages:
|
|||
- libpython3.7
|
||||
- uwsgi
|
||||
- uwsgi-plugin-python3
|
||||
|
||||
_uwsgi_env: "REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt"
|
||||
|
|
|
@ -22,3 +22,5 @@ uwsgi_distro_packages:
|
|||
- libpython3.9
|
||||
- uwsgi
|
||||
- uwsgi-plugin-python3
|
||||
|
||||
_uwsgi_env: "REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt"
|
||||
|
|
|
@ -18,3 +18,5 @@ uwsgi_bin: '/usr/sbin'
|
|||
uwsgi_distro_packages:
|
||||
- uwsgi
|
||||
- uwsgi-plugin-python3
|
||||
|
||||
_uwsgi_env: "REQUESTS_CA_BUNDLE=/etc/pki/tls/certs/ca-bundle.crt"
|
||||
|
|
|
@ -22,3 +22,5 @@ uwsgi_distro_packages:
|
|||
- libpython3.6
|
||||
- uwsgi
|
||||
- uwsgi-plugin-python3
|
||||
|
||||
_uwsgi_env: "REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt"
|
||||
|
|
|
@ -22,3 +22,5 @@ uwsgi_distro_packages:
|
|||
- libpython3.8
|
||||
- uwsgi
|
||||
- uwsgi-plugin-python3
|
||||
|
||||
_uwsgi_env: "REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt"
|
||||
|
|
Loading…
Reference in New Issue