Add reverse-proxy settings, stricter CORS origin parsing, and production env defaults for acc.zoneco.org and the admin panel.
23 lines
940 B
Plaintext
23 lines
940 B
Plaintext
# IMPORTANT: must match the FunZone backend SECRET_KEY so admin JWTs validate here.
|
|
SECRET_KEY=your-super-secret-key-change-in-production
|
|
|
|
DEBUG=True
|
|
ALLOWED_HOSTS=localhost,127.0.0.1,0.0.0.0,testserver
|
|
|
|
# Database: leave unset to use the bundled SQLite file (zero setup).
|
|
# To use PostgreSQL instead, set e.g.:
|
|
# DATABASE_URL=postgresql://postgres:postgres@localhost:5432/funzone_accounting
|
|
|
|
# CORS (the accounting frontend dev server runs on port 5176)
|
|
# Production: set CORS_ALLOW_ALL_ORIGINS=False and include https://admin.zoneco.org
|
|
CORS_ALLOW_ALL_ORIGINS=True
|
|
CORS_ALLOWED_ORIGINS=http://localhost:5176,http://127.0.0.1:5176,http://localhost:3006,http://127.0.0.1:3006,https://admin.zoneco.org
|
|
|
|
# Production (behind nginx / CDN)
|
|
# ALLOWED_HOSTS=acc.zoneco.org,localhost,127.0.0.1,accounting-backend
|
|
# USE_X_FORWARDED_HOST=True
|
|
# SECURE_PROXY_SSL_HEADER=True
|
|
|
|
# Docker: persist SQLite in a named volume
|
|
# SQLITE_PATH=/data/db.sqlite3
|