Enable TRUST_PROXY_HEADERS and SECURE_COOKIES for production deployment

- TRUST_PROXY_HEADERS=true: ensures rate limiting keys on the real client IP
  (X-Forwarded-For / X-Real-IP) rather than the Traefik container IP
- SECURE_COOKIES=true: sets the Secure flag on session cookies since the app
  is served behind TLS via Traefik
- Remove ports: "5000:5000" — Traefik routes traffic internally; publishing
  the port directly would bypass Traefik middleware

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-02-22 21:26:34 -05:00
parent 667ccd70cd
commit d5975efeaf
+2 -2
View File
@@ -1,14 +1,14 @@
services:
app:
image: git.fabledsword.com/bvandeusen/fabledassistant:latest
ports:
- "5000:5000"
environment:
DATABASE_URL: "postgresql+asyncpg://fabled:${DB_PASSWORD}@db:5432/fabledassistant"
SECRET_KEY: "${SECRET_KEY}"
OLLAMA_URL: "http://ollama:11434"
OLLAMA_MODEL: "${OLLAMA_MODEL:-llama3.1}"
LOG_LEVEL: "${LOG_LEVEL:-INFO}"
TRUST_PROXY_HEADERS: "true"
SECURE_COOKIES: "true"
networks:
- fabledassistant_backend
healthcheck: