matthias.lotz
712b8477b9
Backend: - Add hostGate middleware for host-based API protection - Extend rate limiter with publicUploadLimiter (20/hour) - Add source_host and source_type to audit logs - Database migration for audit log source tracking - Unit tests for hostGate middleware (10/20 passing) Frontend: - Add hostDetection utility for runtime host detection - Implement React code splitting with lazy loading - Update App.js with ProtectedRoute component - Customize 404 page for public vs internal hosts - Update env-config.js for host configuration Docker: - Add environment variables to prod/dev docker-compose - Configure ENABLE_HOST_RESTRICTION flags - Set PUBLIC_HOST and INTERNAL_HOST variables Infrastructure: - Prepared for nginx-proxy-manager setup - Trust proxy configuration (TRUST_PROXY_HOPS=1) Note: Some unit tests still need adjustment for ENV handling
64 lines
1.7 KiB
YAML
64 lines
1.7 KiB
YAML
# Production Environment
|
|
# Usage: docker compose -f docker/prod/docker-compose.yml up -d
|
|
# Or use: ./prod.sh
|
|
|
|
services:
|
|
frontend:
|
|
container_name: image-uploader-frontend
|
|
image: gitea.lan.hobbyhimmel.de/hobbyhimmel/image-uploader-frontend:latest
|
|
ports:
|
|
- "80:80"
|
|
build:
|
|
context: ../../
|
|
dockerfile: docker/prod/frontend/Dockerfile
|
|
depends_on:
|
|
- backend
|
|
environment:
|
|
- API_URL=http://backend:5000
|
|
- CLIENT_URL=http://localhost
|
|
- PUBLIC_HOST=deinprojekt.hobbyhimmel.de
|
|
- INTERNAL_HOST=deinprojekt.lan.hobbyhimmel.de
|
|
|
|
networks:
|
|
- npm-nw
|
|
- prod-internal
|
|
|
|
backend:
|
|
container_name: image-uploader-backend
|
|
image: gitea.lan.hobbyhimmel.de/hobbyhimmel/image-uploader-backend:latest
|
|
build:
|
|
context: ../../
|
|
dockerfile: docker/prod/backend/Dockerfile
|
|
ports:
|
|
- "5000:5000"
|
|
volumes:
|
|
- image_data:/usr/src/app/src/data
|
|
networks:
|
|
- prod-internal
|
|
environment:
|
|
- REMOVE_IMAGES=false
|
|
- NODE_ENV=production
|
|
- ADMIN_SESSION_SECRET=${ADMIN_SESSION_SECRET}
|
|
- ADMIN_SESSION_DIR=/usr/src/app/src/data/sessions
|
|
# ⚠️ Für HTTP-only Labs per Override auf "false" setzen (nicht im Repo committen)
|
|
- ADMIN_SESSION_COOKIE_SECURE=true
|
|
# Host Configuration (Public/Internal Separation)
|
|
- PUBLIC_HOST=deinprojekt.hobbyhimmel.de
|
|
- INTERNAL_HOST=deinprojekt.lan.hobbyhimmel.de
|
|
- ENABLE_HOST_RESTRICTION=true
|
|
- PUBLIC_UPLOAD_RATE_LIMIT=20
|
|
- PUBLIC_UPLOAD_RATE_WINDOW=3600000
|
|
# Trust nginx-proxy-manager (1 hop)
|
|
- TRUST_PROXY_HOPS=1
|
|
|
|
|
|
|
|
networks:
|
|
npm-nw:
|
|
external: true
|
|
prod-internal:
|
|
driver: bridge
|
|
|
|
volumes:
|
|
image_data:
|
|
driver: local |