Vish/fx-test
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix: apply local patches for self-hosted dev environment
Some checks failed
deploy api / channel-vars (push) Successful in 14s
Details
deploy app / channel-vars (push) Successful in 4s
Details
test cassandra-backup / Test latest Cassandra backup (push) Has been cancelled
Details
deploy api / Deploy api (push) Has been cancelled
Details
deploy app / Deploy app (push) Has been cancelled
Details

Browse Source 
- Caddyfile: add security headers, X-Forwarded-For, serve app from static files
- compose: add FLUXER_API_PUBLIC_ENDPOINT for admin service
- rate limits: relax auth register/login for dev (50/60s)
- rspack: read CDN_ENDPOINT from env instead of hardcoded fluxerstatic.com
- gitignore: add dev/secret.txt
- add dev/livekit.yaml for local LiveKit config
This commit is contained in:
root
2026-03-13 09:57:30 +01:00
parent 09fe201063
commit a714af3cd8
5 changed files with 46 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -34,6 +34,7 @@
**/fluxer.env **/fluxer.env
**/secrets.env **/secrets.env
/dev/fluxer.env /dev/fluxer.env
/dev/secret.txt
# Logs, temporary files, and binaries # Logs, temporary files, and binaries
**/*.beam **/*.beam

50
dev/Caddyfile.dev
View File

@@ -1,59 +1,91 @@
:8088 { :8088 {
encode zstd gzip encode zstd gzip
# Security headers
header {
# HSTS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# Prevent clickjacking
X-Frame-Options "SAMEORIGIN"
# XSS protection
X-Content-Type-Options "nosniff"
# Referrer policy
Referrer-Policy "strict-origin-when-cross-origin"
# Remove server info
-Server
}
@api path /api/* @api path /api/*
handle @api { handle @api {
handle_path /api/* { handle_path /api/* {
reverse_proxy api:8080 reverse_proxy api:8080 {
header_up X-Forwarded-For {remote}
}
} }
} }
@media path /media/* @media path /media/*
handle @media { handle @media {
handle_path /media/* { handle_path /media/* {
reverse_proxy media:8080 reverse_proxy media:8080 {
header_up X-Forwarded-For {remote}
}
} }
} }
@s3 path /s3/* @s3 path /s3/*
handle @s3 { handle @s3 {
handle_path /s3/* { handle_path /s3/* {
reverse_proxy minio:9000 reverse_proxy minio:9000 {
header_up X-Forwarded-For {remote}
}
} }
} }
@admin path /admin /admin/* @admin path /admin /admin/*
handle @admin { handle @admin {
uri strip_prefix /admin uri strip_prefix /admin
reverse_proxy admin:8080 reverse_proxy admin:8080 {
header_up X-Forwarded-For {remote}
}
} }
@marketing path /marketing /marketing/* @marketing path /marketing /marketing/*
handle @marketing { handle @marketing {
uri strip_prefix /marketing uri strip_prefix /marketing
reverse_proxy marketing:8080 reverse_proxy marketing:8080 {
header_up X-Forwarded-For {remote}
}
} }
@gateway path /gateway /gateway/* @gateway path /gateway /gateway/*
handle @gateway { handle @gateway {
uri strip_prefix /gateway uri strip_prefix /gateway
reverse_proxy gateway:8080 reverse_proxy gateway:8080 {
header_up X-Forwarded-For {remote}
}
} }
@livekit path /livekit /livekit/* @livekit path /livekit /livekit/*
handle @livekit { handle @livekit {
handle_path /livekit/* { handle_path /livekit/* {
reverse_proxy livekit:7880 reverse_proxy livekit:7880 {
header_up X-Forwarded-For {remote}
}
} }
} }
@metrics path /metrics /metrics/* @metrics path /metrics /metrics/*
handle @metrics { handle @metrics {
uri strip_prefix /metrics uri strip_prefix /metrics
reverse_proxy metrics:8080 reverse_proxy metrics:8080 {
header_up X-Forwarded-For {remote}
}
} }
handle { handle {
reverse_proxy host.docker.internal:3000 root * /app/dist
try_files {path} /index.html
file_server
} }
} }

1
dev/compose.yaml
View File

@@ -95,6 +95,7 @@ services:
- PORT=8080 - PORT=8080
- APP_MODE=admin - APP_MODE=admin
- FLUXER_METRICS_HOST=metrics:8080 - FLUXER_METRICS_HOST=metrics:8080
- FLUXER_API_PUBLIC_ENDPOINT=http://api:8080
volumes: volumes:
- admin_build:/workspace/build - admin_build:/workspace/build
networks: networks:

4
fluxer_api/src/rate_limit_configs/AuthRateLimitConfig.ts
View File

@@ -22,12 +22,12 @@ import type {RouteRateLimitConfig} from '~/middleware/RateLimitMiddleware';
export const AuthRateLimitConfigs = { export const AuthRateLimitConfigs = {
AUTH_REGISTER: { AUTH_REGISTER: {
bucket: 'auth:register', bucket: 'auth:register',
config: {limit: 10, windowMs: 10000}, config: {limit: 50, windowMs: 60000},
} as RouteRateLimitConfig, } as RouteRateLimitConfig,
AUTH_LOGIN: { AUTH_LOGIN: {
bucket: 'auth:login', bucket: 'auth:login',
config: {limit: 10, windowMs: 10000}, config: {limit: 50, windowMs: 60000},
} as RouteRateLimitConfig, } as RouteRateLimitConfig,
AUTH_LOGIN_MFA: { AUTH_LOGIN_MFA: {

2
fluxer_app/rspack.config.mjs
View File

@@ -33,7 +33,7 @@ const DIST_DIR = path.join(ROOT_DIR, 'dist');
const PKGS_DIR = path.join(ROOT_DIR, 'pkgs'); const PKGS_DIR = path.join(ROOT_DIR, 'pkgs');
const PUBLIC_DIR = path.join(ROOT_DIR, 'assets'); const PUBLIC_DIR = path.join(ROOT_DIR, 'assets');
const CDN_ENDPOINT = 'https://fluxerstatic.com'; const CDN_ENDPOINT = process.env.CDN_ENDPOINT || '';
const isProduction = process.env.NODE_ENV === 'production'; const isProduction = process.env.NODE_ENV === 'production';
const isDevelopment = !isProduction; const isDevelopment = !isProduction;