Prepare accounting backend for production behind nginx and CDN proxy.
Add reverse-proxy settings, stricter CORS origin parsing, and production env defaults for acc.zoneco.org and the admin panel.
This commit is contained in:
@@ -9,8 +9,14 @@ ALLOWED_HOSTS=localhost,127.0.0.1,0.0.0.0,testserver
|
|||||||
# DATABASE_URL=postgresql://postgres:postgres@localhost:5432/funzone_accounting
|
# DATABASE_URL=postgresql://postgres:postgres@localhost:5432/funzone_accounting
|
||||||
|
|
||||||
# CORS (the accounting frontend dev server runs on port 5176)
|
# CORS (the accounting frontend dev server runs on port 5176)
|
||||||
|
# Production: set CORS_ALLOW_ALL_ORIGINS=False and include https://admin.zoneco.org
|
||||||
CORS_ALLOW_ALL_ORIGINS=True
|
CORS_ALLOW_ALL_ORIGINS=True
|
||||||
CORS_ALLOWED_ORIGINS=http://localhost:5176,http://127.0.0.1:5176,http://localhost:3006,http://127.0.0.1:3006
|
CORS_ALLOWED_ORIGINS=http://localhost:5176,http://127.0.0.1:5176,http://localhost:3006,http://127.0.0.1:3006,https://admin.zoneco.org
|
||||||
|
|
||||||
|
# Production (behind nginx / CDN)
|
||||||
|
# ALLOWED_HOSTS=acc.zoneco.org,localhost,127.0.0.1,accounting-backend
|
||||||
|
# USE_X_FORWARDED_HOST=True
|
||||||
|
# SECURE_PROXY_SSL_HEADER=True
|
||||||
|
|
||||||
# Docker: persist SQLite in a named volume
|
# Docker: persist SQLite in a named volume
|
||||||
# SQLITE_PATH=/data/db.sqlite3
|
# SQLITE_PATH=/data/db.sqlite3
|
||||||
|
|||||||
@@ -18,10 +18,19 @@ SECRET_KEY = config('SECRET_KEY', default='your-super-secret-key-change-in-produ
|
|||||||
|
|
||||||
DEBUG = config('DEBUG', default=True, cast=bool)
|
DEBUG = config('DEBUG', default=True, cast=bool)
|
||||||
|
|
||||||
ALLOWED_HOSTS = config(
|
ALLOWED_HOSTS = [
|
||||||
|
host.strip()
|
||||||
|
for host in config(
|
||||||
'ALLOWED_HOSTS',
|
'ALLOWED_HOSTS',
|
||||||
default='localhost,127.0.0.1,0.0.0.0,testserver',
|
default='localhost,127.0.0.1,0.0.0.0,testserver',
|
||||||
).split(',')
|
).split(',')
|
||||||
|
if host.strip()
|
||||||
|
]
|
||||||
|
|
||||||
|
# Behind nginx / CDN reverse proxy
|
||||||
|
USE_X_FORWARDED_HOST = config('USE_X_FORWARDED_HOST', default=False, cast=bool)
|
||||||
|
if config('SECURE_PROXY_SSL_HEADER', default=False, cast=bool):
|
||||||
|
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
|
||||||
|
|
||||||
INSTALLED_APPS = [
|
INSTALLED_APPS = [
|
||||||
'django.contrib.auth',
|
'django.contrib.auth',
|
||||||
@@ -120,7 +129,30 @@ SIMPLE_JWT = {
|
|||||||
# CORS: allow the accounting frontend (and others) in development.
|
# CORS: allow the accounting frontend (and others) in development.
|
||||||
CORS_ALLOW_ALL_ORIGINS = config('CORS_ALLOW_ALL_ORIGINS', default=True, cast=bool)
|
CORS_ALLOW_ALL_ORIGINS = config('CORS_ALLOW_ALL_ORIGINS', default=True, cast=bool)
|
||||||
CORS_ALLOW_CREDENTIALS = True
|
CORS_ALLOW_CREDENTIALS = True
|
||||||
CORS_ALLOWED_ORIGINS = config(
|
CORS_ALLOWED_ORIGINS = [
|
||||||
|
origin.strip()
|
||||||
|
for origin in config(
|
||||||
'CORS_ALLOWED_ORIGINS',
|
'CORS_ALLOWED_ORIGINS',
|
||||||
default='http://localhost:5176,http://127.0.0.1:5176',
|
default='http://localhost:5176,http://127.0.0.1:5176',
|
||||||
).split(',')
|
).split(',')
|
||||||
|
if origin.strip()
|
||||||
|
]
|
||||||
|
CORS_ALLOW_HEADERS = [
|
||||||
|
'accept',
|
||||||
|
'accept-encoding',
|
||||||
|
'authorization',
|
||||||
|
'content-type',
|
||||||
|
'dnt',
|
||||||
|
'origin',
|
||||||
|
'user-agent',
|
||||||
|
'x-csrftoken',
|
||||||
|
'x-requested-with',
|
||||||
|
]
|
||||||
|
CORS_ALLOW_METHODS = [
|
||||||
|
'DELETE',
|
||||||
|
'GET',
|
||||||
|
'OPTIONS',
|
||||||
|
'PATCH',
|
||||||
|
'POST',
|
||||||
|
'PUT',
|
||||||
|
]
|
||||||
|
|||||||
@@ -9,9 +9,9 @@ services:
|
|||||||
environment:
|
environment:
|
||||||
SECRET_KEY: ${SECRET_KEY:-your-super-secret-key-change-in-production}
|
SECRET_KEY: ${SECRET_KEY:-your-super-secret-key-change-in-production}
|
||||||
DEBUG: ${DEBUG:-False}
|
DEBUG: ${DEBUG:-False}
|
||||||
ALLOWED_HOSTS: ${ALLOWED_HOSTS:-localhost,127.0.0.1,accounting-backend}
|
ALLOWED_HOSTS: ${ALLOWED_HOSTS:-localhost,127.0.0.1,accounting-backend,acc.zoneco.org}
|
||||||
CORS_ALLOW_ALL_ORIGINS: ${CORS_ALLOW_ALL_ORIGINS:-True}
|
CORS_ALLOW_ALL_ORIGINS: ${CORS_ALLOW_ALL_ORIGINS:-True}
|
||||||
CORS_ALLOWED_ORIGINS: ${CORS_ALLOWED_ORIGINS:-http://localhost:3006,http://localhost:5176,http://127.0.0.1:3006,http://127.0.0.1:5176}
|
CORS_ALLOWED_ORIGINS: ${CORS_ALLOWED_ORIGINS:-http://localhost:3006,http://localhost:5176,http://127.0.0.1:3006,http://127.0.0.1:5176,https://admin.zoneco.org}
|
||||||
SQLITE_PATH: /data/db.sqlite3
|
SQLITE_PATH: /data/db.sqlite3
|
||||||
DATABASE_URL: ${DATABASE_URL:-}
|
DATABASE_URL: ${DATABASE_URL:-}
|
||||||
DB_HOST: accounting-db
|
DB_HOST: accounting-db
|
||||||
|
|||||||
Reference in New Issue
Block a user