Fix reverse proxy handling by firefly
This commit is contained in:
parent
a4b0f1b181
commit
6283627b87
|
@ -8,6 +8,7 @@ TZ=Europe/Amsterdam
|
|||
DEFAULT_LANGUAGE=en_US
|
||||
DEFAULT_LOCALE=equal
|
||||
APP_DEBUG=false
|
||||
APP_LOG_LEVEL=notice
|
||||
# You can disable the Content Security Policy header when you're using an ancient browser
|
||||
# or any version of Microsoft Edge / Internet Explorer (which amounts to the same thing really)
|
||||
# This leaves you with the risk of not being able to stop XSS bugs should they ever surface.
|
||||
|
@ -15,14 +16,14 @@ APP_DEBUG=false
|
|||
DISABLE_CSP_HEADER=false
|
||||
# Webhooks are ecurity sensitive!
|
||||
ALLOW_WEBHOOKS=false
|
||||
# TRUSTED_PROXIES is a useful variable when using Docker and/or a reverse proxy.
|
||||
# Set it to ** and reverse proxies work just fine.
|
||||
TRUSTED_PROXIES=
|
||||
|
||||
SECRET_APP_KEY_VERSION=v1 # length=32
|
||||
SECRET_STATIC_CRON_TOKEN_VERSION=v1 # length=32
|
||||
SECRET_DB_PASSWORD_VERSION=v1 # length=32
|
||||
|
||||
# REDIS
|
||||
# COMPOSE_FILE="compose.yml:compose.redis.yml"
|
||||
|
||||
# TODO: Implement redis/memcached (see: https://github.com/firefly-iii/firefly-iii/blob/10545f3e1baf5c53097392887f38469ffb75cab5/.env.example#L91)
|
||||
# TODO: Implement mail (see: https://github.com/firefly-iii/firefly-iii/blob/10545f3e1baf5c53097392887f38469ffb75cab5/.env.example#L123)
|
||||
# TODO: Implement map (https://github.com/firefly-iii/firefly-iii/blob/10545f3e1baf5c53097392887f38469ffb75cab5/.env.example#L159)
|
||||
|
|
18
compose.yml
18
compose.yml
|
@ -19,10 +19,12 @@ services:
|
|||
- DISABLE_CSP_HEADER
|
||||
- ALLOW_WEBHOOKS
|
||||
- TRUSTED_PROXIES
|
||||
- APP_LOG_LEVEL
|
||||
- APP_URL=${DOMAIN}
|
||||
- APP_KEY_FILE=/run/secrets/app_key
|
||||
- CRON_TOKEN_FILE=/run/secrets/cron_token
|
||||
- STATIC_CRON_TOKEN_FILE=
|
||||
- LOG_CHANNEL=stack
|
||||
- APP_LOG_LEVEL=notice
|
||||
- AUDIT_LOG_LEVEL=info
|
||||
- DB_CONNECTION=pgsql
|
||||
- DB_HOST=db
|
||||
|
@ -38,7 +40,7 @@ services:
|
|||
- CACHE_DRIVER=file
|
||||
- SESSION_DRIVER=file
|
||||
- COOKIE_PATH="/"
|
||||
- COOKIE_DOMAIN=
|
||||
- COOKIE_DOMAIN=${DOMAIN}
|
||||
- COOKIE_SECURE=false
|
||||
- COOKIE_SAMESITE=lax
|
||||
- SEND_REGISTRATION_MAIL=false
|
||||
|
@ -67,7 +69,7 @@ services:
|
|||
- DEMO_PASSWORD=
|
||||
- IS_HEROKU=false
|
||||
- FIREFLY_III_LAYOUT=v1
|
||||
- APP_URL=http://localhost
|
||||
- TRUSTED_PROXIES=**
|
||||
depends_on:
|
||||
- db
|
||||
networks:
|
||||
|
@ -105,6 +107,11 @@ services:
|
|||
- db_password
|
||||
networks:
|
||||
- internal
|
||||
cron:
|
||||
image: alpine
|
||||
command: sh -c "echo \"0 3 * * * wget -qO- https://${DOMAIN}/api/v1/cron/`cat /run/secrets/cron_token`\" | crontab - && crond -f -L /dev/stdout"
|
||||
secrets:
|
||||
- cron_token
|
||||
networks:
|
||||
internal:
|
||||
proxy:
|
||||
|
@ -122,8 +129,3 @@ secrets:
|
|||
db_password:
|
||||
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
||||
external: true
|
||||
# cron:
|
||||
# image: alpine
|
||||
# command: command: sh -c "echo \"0 3 * * * wget -qO- https://<Firefly III URL>/api/v1/cron/<TOKEN>\" | crontab - && crond -f -L /dev/stdout"
|
||||
# secrets:
|
||||
# - cron_token
|
||||
|
|
Loading…
Reference in New Issue