Prepare accounting backend for production behind nginx and CDN proxy.
Add reverse-proxy settings, stricter CORS origin parsing, and production env defaults for acc.zoneco.org and the admin panel.
This commit is contained in:
@@ -9,8 +9,14 @@ ALLOWED_HOSTS=localhost,127.0.0.1,0.0.0.0,testserver
|
||||
# DATABASE_URL=postgresql://postgres:postgres@localhost:5432/funzone_accounting
|
||||
|
||||
# CORS (the accounting frontend dev server runs on port 5176)
|
||||
# Production: set CORS_ALLOW_ALL_ORIGINS=False and include https://admin.zoneco.org
|
||||
CORS_ALLOW_ALL_ORIGINS=True
|
||||
CORS_ALLOWED_ORIGINS=http://localhost:5176,http://127.0.0.1:5176,http://localhost:3006,http://127.0.0.1:3006
|
||||
CORS_ALLOWED_ORIGINS=http://localhost:5176,http://127.0.0.1:5176,http://localhost:3006,http://127.0.0.1:3006,https://admin.zoneco.org
|
||||
|
||||
# Production (behind nginx / CDN)
|
||||
# ALLOWED_HOSTS=acc.zoneco.org,localhost,127.0.0.1,accounting-backend
|
||||
# USE_X_FORWARDED_HOST=True
|
||||
# SECURE_PROXY_SSL_HEADER=True
|
||||
|
||||
# Docker: persist SQLite in a named volume
|
||||
# SQLITE_PATH=/data/db.sqlite3
|
||||
|
||||
@@ -18,10 +18,19 @@ SECRET_KEY = config('SECRET_KEY', default='your-super-secret-key-change-in-produ
|
||||
|
||||
DEBUG = config('DEBUG', default=True, cast=bool)
|
||||
|
||||
ALLOWED_HOSTS = config(
|
||||
'ALLOWED_HOSTS',
|
||||
default='localhost,127.0.0.1,0.0.0.0,testserver',
|
||||
).split(',')
|
||||
ALLOWED_HOSTS = [
|
||||
host.strip()
|
||||
for host in config(
|
||||
'ALLOWED_HOSTS',
|
||||
default='localhost,127.0.0.1,0.0.0.0,testserver',
|
||||
).split(',')
|
||||
if host.strip()
|
||||
]
|
||||
|
||||
# Behind nginx / CDN reverse proxy
|
||||
USE_X_FORWARDED_HOST = config('USE_X_FORWARDED_HOST', default=False, cast=bool)
|
||||
if config('SECURE_PROXY_SSL_HEADER', default=False, cast=bool):
|
||||
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
|
||||
|
||||
INSTALLED_APPS = [
|
||||
'django.contrib.auth',
|
||||
@@ -120,7 +129,30 @@ SIMPLE_JWT = {
|
||||
# CORS: allow the accounting frontend (and others) in development.
|
||||
CORS_ALLOW_ALL_ORIGINS = config('CORS_ALLOW_ALL_ORIGINS', default=True, cast=bool)
|
||||
CORS_ALLOW_CREDENTIALS = True
|
||||
CORS_ALLOWED_ORIGINS = config(
|
||||
'CORS_ALLOWED_ORIGINS',
|
||||
default='http://localhost:5176,http://127.0.0.1:5176',
|
||||
).split(',')
|
||||
CORS_ALLOWED_ORIGINS = [
|
||||
origin.strip()
|
||||
for origin in config(
|
||||
'CORS_ALLOWED_ORIGINS',
|
||||
default='http://localhost:5176,http://127.0.0.1:5176',
|
||||
).split(',')
|
||||
if origin.strip()
|
||||
]
|
||||
CORS_ALLOW_HEADERS = [
|
||||
'accept',
|
||||
'accept-encoding',
|
||||
'authorization',
|
||||
'content-type',
|
||||
'dnt',
|
||||
'origin',
|
||||
'user-agent',
|
||||
'x-csrftoken',
|
||||
'x-requested-with',
|
||||
]
|
||||
CORS_ALLOW_METHODS = [
|
||||
'DELETE',
|
||||
'GET',
|
||||
'OPTIONS',
|
||||
'PATCH',
|
||||
'POST',
|
||||
'PUT',
|
||||
]
|
||||
|
||||
@@ -9,9 +9,9 @@ services:
|
||||
environment:
|
||||
SECRET_KEY: ${SECRET_KEY:-your-super-secret-key-change-in-production}
|
||||
DEBUG: ${DEBUG:-False}
|
||||
ALLOWED_HOSTS: ${ALLOWED_HOSTS:-localhost,127.0.0.1,accounting-backend}
|
||||
ALLOWED_HOSTS: ${ALLOWED_HOSTS:-localhost,127.0.0.1,accounting-backend,acc.zoneco.org}
|
||||
CORS_ALLOW_ALL_ORIGINS: ${CORS_ALLOW_ALL_ORIGINS:-True}
|
||||
CORS_ALLOWED_ORIGINS: ${CORS_ALLOWED_ORIGINS:-http://localhost:3006,http://localhost:5176,http://127.0.0.1:3006,http://127.0.0.1:5176}
|
||||
CORS_ALLOWED_ORIGINS: ${CORS_ALLOWED_ORIGINS:-http://localhost:3006,http://localhost:5176,http://127.0.0.1:3006,http://127.0.0.1:5176,https://admin.zoneco.org}
|
||||
SQLITE_PATH: /data/db.sqlite3
|
||||
DATABASE_URL: ${DATABASE_URL:-}
|
||||
DB_HOST: accounting-db
|
||||
|
||||
Reference in New Issue
Block a user