From 6283627b8722e1c1830842fcefbabae04db508a6 Mon Sep 17 00:00:00 2001
From: knoflook <knoflook@disroot.org>
Date: Wed, 11 Aug 2021 10:40:17 +0200
Subject: [PATCH] Fix reverse proxy handling by firefly

---
 .env.sample |  7 ++++---
 compose.yml | 18 ++++++++++--------
 2 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/.env.sample b/.env.sample
index ff3aeae..bbfb5ac 100644
--- a/.env.sample
+++ b/.env.sample
@@ -8,6 +8,7 @@ TZ=Europe/Amsterdam
 DEFAULT_LANGUAGE=en_US
 DEFAULT_LOCALE=equal
 APP_DEBUG=false
+APP_LOG_LEVEL=notice
 # You can disable the Content Security Policy header when you're using an ancient browser
 # or any version of Microsoft Edge / Internet Explorer (which amounts to the same thing really)
 # This leaves you with the risk of not being able to stop XSS bugs should they ever surface.
@@ -15,14 +16,14 @@ APP_DEBUG=false
 DISABLE_CSP_HEADER=false
 # Webhooks are ecurity sensitive!
 ALLOW_WEBHOOKS=false
-# TRUSTED_PROXIES is a useful variable when using Docker and/or a reverse proxy.
-# Set it to ** and reverse proxies work just fine.
-TRUSTED_PROXIES=
 
 SECRET_APP_KEY_VERSION=v1           # length=32
 SECRET_STATIC_CRON_TOKEN_VERSION=v1 # length=32
 SECRET_DB_PASSWORD_VERSION=v1       # length=32
 
+# REDIS
+# COMPOSE_FILE="compose.yml:compose.redis.yml"
+
 # TODO: Implement redis/memcached (see: https://github.com/firefly-iii/firefly-iii/blob/10545f3e1baf5c53097392887f38469ffb75cab5/.env.example#L91)
 # TODO: Implement mail (see: https://github.com/firefly-iii/firefly-iii/blob/10545f3e1baf5c53097392887f38469ffb75cab5/.env.example#L123)
 # TODO: Implement map (https://github.com/firefly-iii/firefly-iii/blob/10545f3e1baf5c53097392887f38469ffb75cab5/.env.example#L159)
diff --git a/compose.yml b/compose.yml
index b0320d6..40ac0e8 100644
--- a/compose.yml
+++ b/compose.yml
@@ -19,10 +19,12 @@ services:
       - DISABLE_CSP_HEADER
       - ALLOW_WEBHOOKS
       - TRUSTED_PROXIES
+      - APP_LOG_LEVEL
+      - APP_URL=${DOMAIN}
       - APP_KEY_FILE=/run/secrets/app_key
+      - CRON_TOKEN_FILE=/run/secrets/cron_token
       - STATIC_CRON_TOKEN_FILE=
       - LOG_CHANNEL=stack
-      - APP_LOG_LEVEL=notice
       - AUDIT_LOG_LEVEL=info
       - DB_CONNECTION=pgsql
       - DB_HOST=db
@@ -38,7 +40,7 @@ services:
       - CACHE_DRIVER=file
       - SESSION_DRIVER=file
       - COOKIE_PATH="/"
-      - COOKIE_DOMAIN=
+      - COOKIE_DOMAIN=${DOMAIN}
       - COOKIE_SECURE=false
       - COOKIE_SAMESITE=lax
       - SEND_REGISTRATION_MAIL=false
@@ -67,7 +69,7 @@ services:
       - DEMO_PASSWORD=
       - IS_HEROKU=false
       - FIREFLY_III_LAYOUT=v1
-      - APP_URL=http://localhost
+      - TRUSTED_PROXIES=**
     depends_on:
       - db
     networks:
@@ -105,6 +107,11 @@ services:
       - db_password
     networks:
       - internal
+  cron:
+    image: alpine
+    command: sh -c "echo \"0 3 * * * wget -qO- https://${DOMAIN}/api/v1/cron/`cat /run/secrets/cron_token`\" | crontab - && crond -f -L /dev/stdout"
+    secrets:
+      - cron_token
 networks:
   internal:
   proxy:
@@ -122,8 +129,3 @@ secrets:
   db_password:
     name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
     external: true
-#  cron:
-#    image: alpine
-#    command: command: sh -c "echo \"0 3 * * * wget -qO- https://<Firefly III URL>/api/v1/cron/<TOKEN>\" | crontab - && crond -f -L /dev/stdout"
-#    secrets:
-#      - cron_token