[PR #2400] Add CERT_BEHIND_PROXY setting to disable SSL certificate expiration warnings #3886

New issue

Open

opened 2026-03-14 07:44:14 +03:00 by kerem · 0 comments

kerem commented

2026-03-14 07:44:14 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/amidaware/tacticalrmm/pull/2400
Author: @jafolkerts
Created: 1/30/2026
Status: 🔄 Open

Base: develop ← Head: feature/cert-behind-proxy-setting

📝 Commits (2)

9b3bf9d add CERT_BEHIND_PROXY setting to disable SSL certificate expiration warnings
db894f4 Add CLAUDE.local.md to .gitignore

📊 Changes

2 files changed (+6 additions, -1 deletions)

View changed files

📝 .gitignore (+2 -1)
📝 api/tacticalrmm/tacticalrmm/helpers.py (+4 -0)

📄 Description

Summary

This PR adds support for a CERT_BEHIND_PROXY setting in local_settings.py to disable SSL certificate expiration warnings when SSL termination is handled by an external reverse proxy.

Changes

Modified days_until_cert_expires() function in helpers.py to check for the CERT_BEHIND_PROXY setting
When set to True, the function returns 999 days instead of calculating actual certificate expiration
This effectively disables the SSL certificate warning banner in the UI

Use Case

This is useful for deployments where SSL termination occurs at a load balancer or reverse proxy layer (e.g., nginx, HAProxy, cloud load balancers), making the backend certificate expiration warnings irrelevant and potentially confusing.

Usage

Add to local_settings.py:

CERT_BEHIND_PROXY = True

Testing

Tested on a production deployment with SSL termination at an external reverse proxy. The warning banner no longer appears in the UI after setting CERT_BEHIND_PROXY = True and restarting services.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/amidaware/tacticalrmm/pull/2400 **Author:** [@jafolkerts](https://github.com/jafolkerts) **Created:** 1/30/2026 **Status:** 🔄 Open **Base:** `develop` ← **Head:** `feature/cert-behind-proxy-setting` --- ### 📝 Commits (2) - [`9b3bf9d`](https://github.com/amidaware/tacticalrmm/commit/9b3bf9d3da57a93808e0129118e03ad241a31de8) add CERT_BEHIND_PROXY setting to disable SSL certificate expiration warnings - [`db894f4`](https://github.com/amidaware/tacticalrmm/commit/db894f492ca10da1f24178b6d1b088889bbe76d9) Add CLAUDE.local.md to .gitignore ### 📊 Changes **2 files changed** (+6 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `.gitignore` (+2 -1) 📝 `api/tacticalrmm/tacticalrmm/helpers.py` (+4 -0) </details> ### 📄 Description ## Summary This PR adds support for a `CERT_BEHIND_PROXY` setting in `local_settings.py` to disable SSL certificate expiration warnings when SSL termination is handled by an external reverse proxy. ## Changes - Modified `days_until_cert_expires()` function in `helpers.py` to check for the `CERT_BEHIND_PROXY` setting - When set to `True`, the function returns 999 days instead of calculating actual certificate expiration - This effectively disables the SSL certificate warning banner in the UI ## Use Case This is useful for deployments where SSL termination occurs at a load balancer or reverse proxy layer (e.g., nginx, HAProxy, cloud load balancers), making the backend certificate expiration warnings irrelevant and potentially confusing. ## Usage Add to `local_settings.py`: ```python CERT_BEHIND_PROXY = True ``` ## Testing Tested on a production deployment with SSL termination at an external reverse proxy. The warning banner no longer appears in the UI after setting `CERT_BEHIND_PROXY = True` and restarting services. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>