Enable TRUST_PROXY_HEADERS and SECURE_COOKIES for production deployment
- TRUST_PROXY_HEADERS=true: ensures rate limiting keys on the real client IP (X-Forwarded-For / X-Real-IP) rather than the Traefik container IP - SECURE_COOKIES=true: sets the Secure flag on session cookies since the app is served behind TLS via Traefik - Remove ports: "5000:5000" — Traefik routes traffic internally; publishing the port directly would bypass Traefik middleware Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -1,14 +1,14 @@
|
|||||||
services:
|
services:
|
||||||
app:
|
app:
|
||||||
image: git.fabledsword.com/bvandeusen/fabledassistant:latest
|
image: git.fabledsword.com/bvandeusen/fabledassistant:latest
|
||||||
ports:
|
|
||||||
- "5000:5000"
|
|
||||||
environment:
|
environment:
|
||||||
DATABASE_URL: "postgresql+asyncpg://fabled:${DB_PASSWORD}@db:5432/fabledassistant"
|
DATABASE_URL: "postgresql+asyncpg://fabled:${DB_PASSWORD}@db:5432/fabledassistant"
|
||||||
SECRET_KEY: "${SECRET_KEY}"
|
SECRET_KEY: "${SECRET_KEY}"
|
||||||
OLLAMA_URL: "http://ollama:11434"
|
OLLAMA_URL: "http://ollama:11434"
|
||||||
OLLAMA_MODEL: "${OLLAMA_MODEL:-llama3.1}"
|
OLLAMA_MODEL: "${OLLAMA_MODEL:-llama3.1}"
|
||||||
LOG_LEVEL: "${LOG_LEVEL:-INFO}"
|
LOG_LEVEL: "${LOG_LEVEL:-INFO}"
|
||||||
|
TRUST_PROXY_HEADERS: "true"
|
||||||
|
SECURE_COOKIES: "true"
|
||||||
networks:
|
networks:
|
||||||
- fabledassistant_backend
|
- fabledassistant_backend
|
||||||
healthcheck:
|
healthcheck:
|
||||||
|
|||||||
Reference in New Issue
Block a user