Fix reverse proxy handling by firefly
This commit is contained in:
parent
a4b0f1b181
commit
6283627b87
|
@ -8,6 +8,7 @@ TZ=Europe/Amsterdam
|
||||||
DEFAULT_LANGUAGE=en_US
|
DEFAULT_LANGUAGE=en_US
|
||||||
DEFAULT_LOCALE=equal
|
DEFAULT_LOCALE=equal
|
||||||
APP_DEBUG=false
|
APP_DEBUG=false
|
||||||
|
APP_LOG_LEVEL=notice
|
||||||
# You can disable the Content Security Policy header when you're using an ancient browser
|
# You can disable the Content Security Policy header when you're using an ancient browser
|
||||||
# or any version of Microsoft Edge / Internet Explorer (which amounts to the same thing really)
|
# or any version of Microsoft Edge / Internet Explorer (which amounts to the same thing really)
|
||||||
# This leaves you with the risk of not being able to stop XSS bugs should they ever surface.
|
# This leaves you with the risk of not being able to stop XSS bugs should they ever surface.
|
||||||
|
@ -15,14 +16,14 @@ APP_DEBUG=false
|
||||||
DISABLE_CSP_HEADER=false
|
DISABLE_CSP_HEADER=false
|
||||||
# Webhooks are ecurity sensitive!
|
# Webhooks are ecurity sensitive!
|
||||||
ALLOW_WEBHOOKS=false
|
ALLOW_WEBHOOKS=false
|
||||||
# TRUSTED_PROXIES is a useful variable when using Docker and/or a reverse proxy.
|
|
||||||
# Set it to ** and reverse proxies work just fine.
|
|
||||||
TRUSTED_PROXIES=
|
|
||||||
|
|
||||||
SECRET_APP_KEY_VERSION=v1 # length=32
|
SECRET_APP_KEY_VERSION=v1 # length=32
|
||||||
SECRET_STATIC_CRON_TOKEN_VERSION=v1 # length=32
|
SECRET_STATIC_CRON_TOKEN_VERSION=v1 # length=32
|
||||||
SECRET_DB_PASSWORD_VERSION=v1 # length=32
|
SECRET_DB_PASSWORD_VERSION=v1 # length=32
|
||||||
|
|
||||||
|
# REDIS
|
||||||
|
# COMPOSE_FILE="compose.yml:compose.redis.yml"
|
||||||
|
|
||||||
# TODO: Implement redis/memcached (see: https://github.com/firefly-iii/firefly-iii/blob/10545f3e1baf5c53097392887f38469ffb75cab5/.env.example#L91)
|
# TODO: Implement redis/memcached (see: https://github.com/firefly-iii/firefly-iii/blob/10545f3e1baf5c53097392887f38469ffb75cab5/.env.example#L91)
|
||||||
# TODO: Implement mail (see: https://github.com/firefly-iii/firefly-iii/blob/10545f3e1baf5c53097392887f38469ffb75cab5/.env.example#L123)
|
# TODO: Implement mail (see: https://github.com/firefly-iii/firefly-iii/blob/10545f3e1baf5c53097392887f38469ffb75cab5/.env.example#L123)
|
||||||
# TODO: Implement map (https://github.com/firefly-iii/firefly-iii/blob/10545f3e1baf5c53097392887f38469ffb75cab5/.env.example#L159)
|
# TODO: Implement map (https://github.com/firefly-iii/firefly-iii/blob/10545f3e1baf5c53097392887f38469ffb75cab5/.env.example#L159)
|
||||||
|
|
18
compose.yml
18
compose.yml
|
@ -19,10 +19,12 @@ services:
|
||||||
- DISABLE_CSP_HEADER
|
- DISABLE_CSP_HEADER
|
||||||
- ALLOW_WEBHOOKS
|
- ALLOW_WEBHOOKS
|
||||||
- TRUSTED_PROXIES
|
- TRUSTED_PROXIES
|
||||||
|
- APP_LOG_LEVEL
|
||||||
|
- APP_URL=${DOMAIN}
|
||||||
- APP_KEY_FILE=/run/secrets/app_key
|
- APP_KEY_FILE=/run/secrets/app_key
|
||||||
|
- CRON_TOKEN_FILE=/run/secrets/cron_token
|
||||||
- STATIC_CRON_TOKEN_FILE=
|
- STATIC_CRON_TOKEN_FILE=
|
||||||
- LOG_CHANNEL=stack
|
- LOG_CHANNEL=stack
|
||||||
- APP_LOG_LEVEL=notice
|
|
||||||
- AUDIT_LOG_LEVEL=info
|
- AUDIT_LOG_LEVEL=info
|
||||||
- DB_CONNECTION=pgsql
|
- DB_CONNECTION=pgsql
|
||||||
- DB_HOST=db
|
- DB_HOST=db
|
||||||
|
@ -38,7 +40,7 @@ services:
|
||||||
- CACHE_DRIVER=file
|
- CACHE_DRIVER=file
|
||||||
- SESSION_DRIVER=file
|
- SESSION_DRIVER=file
|
||||||
- COOKIE_PATH="/"
|
- COOKIE_PATH="/"
|
||||||
- COOKIE_DOMAIN=
|
- COOKIE_DOMAIN=${DOMAIN}
|
||||||
- COOKIE_SECURE=false
|
- COOKIE_SECURE=false
|
||||||
- COOKIE_SAMESITE=lax
|
- COOKIE_SAMESITE=lax
|
||||||
- SEND_REGISTRATION_MAIL=false
|
- SEND_REGISTRATION_MAIL=false
|
||||||
|
@ -67,7 +69,7 @@ services:
|
||||||
- DEMO_PASSWORD=
|
- DEMO_PASSWORD=
|
||||||
- IS_HEROKU=false
|
- IS_HEROKU=false
|
||||||
- FIREFLY_III_LAYOUT=v1
|
- FIREFLY_III_LAYOUT=v1
|
||||||
- APP_URL=http://localhost
|
- TRUSTED_PROXIES=**
|
||||||
depends_on:
|
depends_on:
|
||||||
- db
|
- db
|
||||||
networks:
|
networks:
|
||||||
|
@ -105,6 +107,11 @@ services:
|
||||||
- db_password
|
- db_password
|
||||||
networks:
|
networks:
|
||||||
- internal
|
- internal
|
||||||
|
cron:
|
||||||
|
image: alpine
|
||||||
|
command: sh -c "echo \"0 3 * * * wget -qO- https://${DOMAIN}/api/v1/cron/`cat /run/secrets/cron_token`\" | crontab - && crond -f -L /dev/stdout"
|
||||||
|
secrets:
|
||||||
|
- cron_token
|
||||||
networks:
|
networks:
|
||||||
internal:
|
internal:
|
||||||
proxy:
|
proxy:
|
||||||
|
@ -122,8 +129,3 @@ secrets:
|
||||||
db_password:
|
db_password:
|
||||||
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
||||||
external: true
|
external: true
|
||||||
# cron:
|
|
||||||
# image: alpine
|
|
||||||
# command: command: sh -c "echo \"0 3 * * * wget -qO- https://<Firefly III URL>/api/v1/cron/<TOKEN>\" | crontab - && crond -f -L /dev/stdout"
|
|
||||||
# secrets:
|
|
||||||
# - cron_token
|
|
||||||
|
|
Loading…
Reference in New Issue