allow private IP for healthcheck and make secret key a config val

Author: raphaeltm

samples/django-channels-redis/README.md

@@ -23,6 +23,9 @@ This will start the Django server, Redis, and Postgres and mounts your Django ap
 ## Configuration
 For this sample, you will need to provide the following [configuration](https://docs.defang.io/docs/concepts/configuration). Note that if you are using the 1-click deploy option, you can set these values as secrets in your GitHub repository and the action will automatically deploy them for you.
 
+### `SECRET_KEY`
+The secret key for your Django application. You can generate a new one by running `python -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())'`. A default, insecure key is used if this is not set, but you should set it for a production deployment.
+
 ### `POSTGRES_PASSWORD`
 The password for your Postgres database. You need to set this before deploying for the first time.
 

samples/django-channels-redis/app/django_defang/settings.py

@@ -14,6 +14,8 @@
 from pathlib import Path
 import dj_database_url
 import urllib.parse
+from socket import gethostname, gethostbyname_ex
+import ipaddress
 
 
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
@@ -24,12 +26,25 @@
 # See https://docs.djangoproject.com/en/5.1/howto/deployment/checklist/
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = "django-insecure-c!3+-wtsf@&6+p-z88$fyqr!zrnd@uvi=hi&u00n+ku9&_04rk"
+SECRET_KEY = os.getenv("SECRET_KEY", "django-insecure-c!3+-wtsf@&6+p-z88$fyqr!zrnd@uvi=hi&u00n+ku9&_04rk")
 
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = os.getenv("DEBUG", False) == "True"
 
-ALLOWED_HOSTS = ['*.prod1.defang.dev'] # Set this to your domain name
+
+def get_private_ips():
+    try:
+        hostname = gethostname()
+        _, _, ips = gethostbyname_ex(hostname)
+        return [ip for ip in ips if ipaddress.ip_address(ip).is_private]
+    except:
+        return []  # or return a default list of IPs
+
+ALLOWED_HOSTS = [
+    '*.prod1.defang.dev',
+] # Add your own domain name
+
+ALLOWED_HOSTS += get_private_ips() # Add private IPs so the health check can pass
 
 if DEBUG:
     ALLOWED_HOSTS = ["*"]

samples/django-channels-redis/compose.yaml

@@ -12,6 +12,7 @@ services:
     environment:
       REDIS_URL: redis://redis_service:6379
       POSTGRES_URL:
+      SECRET_KEY:
     healthcheck:
       # wget or curl required for healthchecks on services with a published port
       # this gets parsed by Defang and provided to the load balancers as well