secrets, more config cleanups
This commit is contained in:
parent
6befed0a39
commit
735aea9021
|
@ -2,6 +2,9 @@ TYPE=funkwhale
|
|||
DOMAIN={{ .Domain }}
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
SECRET_DB_PASSWORD_VERSION=v1
|
||||
SECRET_DJANGO_SECRET_KEY_VERSION=v1
|
||||
|
||||
# If you have any doubts about what a setting does,
|
||||
# check https://docs.funkwhale.audio/configuration.html#configuration-reference
|
||||
|
||||
|
|
12
compose.yml
12
compose.yml
|
@ -7,6 +7,7 @@ x-environment:
|
|||
- CELERYD_CONCURRENCY
|
||||
- C_FORCE_ROOT=true
|
||||
- DATABASE_PASSWORD_FILE=/run/secrets/db_password
|
||||
- DJANGO_SECRET_KEY_FILE=/run/secrets/django_secret_key
|
||||
- DJANGO_SETTINGS_MODULE
|
||||
- DOMAIN
|
||||
- FUNKWHALE_HOSTNAME
|
||||
|
@ -15,6 +16,11 @@ x-environment:
|
|||
- REVERSE_PROXY_TYPE
|
||||
- STACK_NAME
|
||||
|
||||
x-secrets:
|
||||
&default-sec:
|
||||
- db_password
|
||||
- django_secret_key
|
||||
|
||||
services:
|
||||
app:
|
||||
image: nginx:1.20.0
|
||||
|
@ -45,6 +51,7 @@ services:
|
|||
- redis
|
||||
command: celery -A funkwhale_api.taskapp worker -l INFO
|
||||
environment: *default-env
|
||||
secrets: *default-sec
|
||||
volumes:
|
||||
- music-data:/srv/funkwhale/data/music:ro
|
||||
- media-data:/srv/funkwhale/data/media
|
||||
|
@ -54,6 +61,7 @@ services:
|
|||
celerybeat:
|
||||
image: funkwhale/funkwhale:1.2
|
||||
environment: *default-env
|
||||
secrets: *default-sec
|
||||
depends_on:
|
||||
- postgres
|
||||
- redis
|
||||
|
@ -64,12 +72,10 @@ services:
|
|||
api:
|
||||
image: funkwhale/funkwhale:1.2
|
||||
environment: *default-env
|
||||
secrets: *default-sec
|
||||
depends_on:
|
||||
- postgres
|
||||
- redis
|
||||
secrets:
|
||||
- django_secret_key
|
||||
- db_password
|
||||
volumes:
|
||||
- music-data:/srv/funkwhale/data/music:ro
|
||||
- media-data:/srv/funkwhale/data/media
|
||||
|
|
|
@ -26,7 +26,9 @@ file_env() {
|
|||
}
|
||||
|
||||
file_env "DATABASE_PASSWORD"
|
||||
export DATABASE_URL=postgres://funkwhale:$DATABASE_PASSWORD@db:5432/funkwhale
|
||||
export DATABASE_URL="postgres://funkwhale:$DATABASE_PASSWORD@db:5432/funkwhale"
|
||||
|
||||
file_env "DJANGO_SECRET_KEY"
|
||||
|
||||
# upstream entrypoint
|
||||
# https://dev.funkwhale.audio/funkwhale/funkwhale/-/blob/develop/api/Dockerfile
|
||||
|
|
|
@ -93,7 +93,17 @@ http {
|
|||
}
|
||||
|
||||
location /.well-known/ {
|
||||
include /etc/nginx/funkwhale_proxy.conf;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host:$server_port;
|
||||
proxy_set_header X-Forwarded-Port $server_port;
|
||||
proxy_redirect off;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_pass http://funkwhale-api/.well-known/;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue