Configuring GRIST_HTTPS_PROXY for Webhooks

I have Grist running on a self managed Docker container using Docker Compose with green ticks all round on the Admin Panel :blush: and some webhooks working happily.

The documentation regarding Webhook (Webhooks - Grist Help Center) recommends both the ALLOWED_WEBHOOK_DOMAINS and GRIST_HTTPS_PROXY settings, but I found the comments confusing.

If I have set ALLOWED_WEBHOOK_DOMAINS = [my.domain] and not *, is that sufficient, or should I also set GRIST_HTTPS_PROXY?

If also setting GRIST_HTTPS_PROXY is better, can I have some guidance as to what this is asking for. Is it an IP address, domain, or something else?

Thanks, David

If you trust all your webhooks – perhaps are the one configuring them, and no-one else can – then you don’t need a proxy. The option of having a proxy is there so that all out-going requests can be made from the proxy and not the Grist app, meaning they can be locked down very carefully and prevented from hitting any internal services for example. This is important if you allow webhooks to be configured by people you don’t trust.

GRIST_HTTPS_PROXY is a URL, such as http://grist-egress.example.com:3128/. It should point to a forwarding web proxy, for example squid, with all caching turned off and configured to have no access to your internal services.

1 Like