Enable TRUST_PROXY_HEADERS and SECURE_COOKIES for production deployment
- TRUST_PROXY_HEADERS=true: ensures rate limiting keys on the real client IP (X-Forwarded-For / X-Real-IP) rather than the Traefik container IP - SECURE_COOKIES=true: sets the Secure flag on session cookies since the app is served behind TLS via Traefik - Remove ports: "5000:5000" — Traefik routes traffic internally; publishing the port directly would bypass Traefik middleware Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -1,14 +1,14 @@
|
||||
services:
|
||||
app:
|
||||
image: git.fabledsword.com/bvandeusen/fabledassistant:latest
|
||||
ports:
|
||||
- "5000:5000"
|
||||
environment:
|
||||
DATABASE_URL: "postgresql+asyncpg://fabled:${DB_PASSWORD}@db:5432/fabledassistant"
|
||||
SECRET_KEY: "${SECRET_KEY}"
|
||||
OLLAMA_URL: "http://ollama:11434"
|
||||
OLLAMA_MODEL: "${OLLAMA_MODEL:-llama3.1}"
|
||||
LOG_LEVEL: "${LOG_LEVEL:-INFO}"
|
||||
TRUST_PROXY_HEADERS: "true"
|
||||
SECURE_COOKIES: "true"
|
||||
networks:
|
||||
- fabledassistant_backend
|
||||
healthcheck:
|
||||
|
||||
Reference in New Issue
Block a user