Prepare accounting backend for production behind nginx and CDN proxy.

Add reverse-proxy settings, stricter CORS origin parsing, and production env defaults for acc.zoneco.org and the admin panel.
This commit is contained in:
2026-07-08 02:11:32 +03:30
parent 5fb79fb7f0
commit 2a1918b47c
3 changed files with 49 additions and 11 deletions

View File

@@ -9,8 +9,14 @@ ALLOWED_HOSTS=localhost,127.0.0.1,0.0.0.0,testserver
# DATABASE_URL=postgresql://postgres:postgres@localhost:5432/funzone_accounting # DATABASE_URL=postgresql://postgres:postgres@localhost:5432/funzone_accounting
# CORS (the accounting frontend dev server runs on port 5176) # CORS (the accounting frontend dev server runs on port 5176)
# Production: set CORS_ALLOW_ALL_ORIGINS=False and include https://admin.zoneco.org
CORS_ALLOW_ALL_ORIGINS=True CORS_ALLOW_ALL_ORIGINS=True
CORS_ALLOWED_ORIGINS=http://localhost:5176,http://127.0.0.1:5176,http://localhost:3006,http://127.0.0.1:3006 CORS_ALLOWED_ORIGINS=http://localhost:5176,http://127.0.0.1:5176,http://localhost:3006,http://127.0.0.1:3006,https://admin.zoneco.org
# Production (behind nginx / CDN)
# ALLOWED_HOSTS=acc.zoneco.org,localhost,127.0.0.1,accounting-backend
# USE_X_FORWARDED_HOST=True
# SECURE_PROXY_SSL_HEADER=True
# Docker: persist SQLite in a named volume # Docker: persist SQLite in a named volume
# SQLITE_PATH=/data/db.sqlite3 # SQLITE_PATH=/data/db.sqlite3

View File

@@ -18,10 +18,19 @@ SECRET_KEY = config('SECRET_KEY', default='your-super-secret-key-change-in-produ
DEBUG = config('DEBUG', default=True, cast=bool) DEBUG = config('DEBUG', default=True, cast=bool)
ALLOWED_HOSTS = config( ALLOWED_HOSTS = [
host.strip()
for host in config(
'ALLOWED_HOSTS', 'ALLOWED_HOSTS',
default='localhost,127.0.0.1,0.0.0.0,testserver', default='localhost,127.0.0.1,0.0.0.0,testserver',
).split(',') ).split(',')
if host.strip()
]
# Behind nginx / CDN reverse proxy
USE_X_FORWARDED_HOST = config('USE_X_FORWARDED_HOST', default=False, cast=bool)
if config('SECURE_PROXY_SSL_HEADER', default=False, cast=bool):
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
INSTALLED_APPS = [ INSTALLED_APPS = [
'django.contrib.auth', 'django.contrib.auth',
@@ -120,7 +129,30 @@ SIMPLE_JWT = {
# CORS: allow the accounting frontend (and others) in development. # CORS: allow the accounting frontend (and others) in development.
CORS_ALLOW_ALL_ORIGINS = config('CORS_ALLOW_ALL_ORIGINS', default=True, cast=bool) CORS_ALLOW_ALL_ORIGINS = config('CORS_ALLOW_ALL_ORIGINS', default=True, cast=bool)
CORS_ALLOW_CREDENTIALS = True CORS_ALLOW_CREDENTIALS = True
CORS_ALLOWED_ORIGINS = config( CORS_ALLOWED_ORIGINS = [
origin.strip()
for origin in config(
'CORS_ALLOWED_ORIGINS', 'CORS_ALLOWED_ORIGINS',
default='http://localhost:5176,http://127.0.0.1:5176', default='http://localhost:5176,http://127.0.0.1:5176',
).split(',') ).split(',')
if origin.strip()
]
CORS_ALLOW_HEADERS = [
'accept',
'accept-encoding',
'authorization',
'content-type',
'dnt',
'origin',
'user-agent',
'x-csrftoken',
'x-requested-with',
]
CORS_ALLOW_METHODS = [
'DELETE',
'GET',
'OPTIONS',
'PATCH',
'POST',
'PUT',
]

View File

@@ -9,9 +9,9 @@ services:
environment: environment:
SECRET_KEY: ${SECRET_KEY:-your-super-secret-key-change-in-production} SECRET_KEY: ${SECRET_KEY:-your-super-secret-key-change-in-production}
DEBUG: ${DEBUG:-False} DEBUG: ${DEBUG:-False}
ALLOWED_HOSTS: ${ALLOWED_HOSTS:-localhost,127.0.0.1,accounting-backend} ALLOWED_HOSTS: ${ALLOWED_HOSTS:-localhost,127.0.0.1,accounting-backend,acc.zoneco.org}
CORS_ALLOW_ALL_ORIGINS: ${CORS_ALLOW_ALL_ORIGINS:-True} CORS_ALLOW_ALL_ORIGINS: ${CORS_ALLOW_ALL_ORIGINS:-True}
CORS_ALLOWED_ORIGINS: ${CORS_ALLOWED_ORIGINS:-http://localhost:3006,http://localhost:5176,http://127.0.0.1:3006,http://127.0.0.1:5176} CORS_ALLOWED_ORIGINS: ${CORS_ALLOWED_ORIGINS:-http://localhost:3006,http://localhost:5176,http://127.0.0.1:3006,http://127.0.0.1:5176,https://admin.zoneco.org}
SQLITE_PATH: /data/db.sqlite3 SQLITE_PATH: /data/db.sqlite3
DATABASE_URL: ${DATABASE_URL:-} DATABASE_URL: ${DATABASE_URL:-}
DB_HOST: accounting-db DB_HOST: accounting-db