fix: apply local patches for self-hosted dev environment
Some checks failed
deploy api / channel-vars (push) Successful in 14s
deploy app / channel-vars (push) Successful in 4s
test cassandra-backup / Test latest Cassandra backup (push) Has been cancelled
deploy api / Deploy api (push) Has been cancelled
deploy app / Deploy app (push) Has been cancelled
Some checks failed
deploy api / channel-vars (push) Successful in 14s
deploy app / channel-vars (push) Successful in 4s
test cassandra-backup / Test latest Cassandra backup (push) Has been cancelled
deploy api / Deploy api (push) Has been cancelled
deploy app / Deploy app (push) Has been cancelled
- Caddyfile: add security headers, X-Forwarded-For, serve app from static files - compose: add FLUXER_API_PUBLIC_ENDPOINT for admin service - rate limits: relax auth register/login for dev (50/60s) - rspack: read CDN_ENDPOINT from env instead of hardcoded fluxerstatic.com - gitignore: add dev/secret.txt - add dev/livekit.yaml for local LiveKit config
This commit is contained in:
root
1
.gitignore
vendored
1
.gitignore
vendored
@@ -34,6 +34,7 @@
|
||||
**/fluxer.env
|
||||
**/secrets.env
|
||||
/dev/fluxer.env
|
||||
/dev/secret.txt
|
||||
|
||||
# Logs, temporary files, and binaries
|
||||
**/*.beam
|
||||
|
||||
@@ -1,59 +1,91 @@
|
||||
:8088 {
|
||||
encode zstd gzip
|
||||
|
||||
# Security headers
|
||||
header {
|
||||
# HSTS
|
||||
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||
# Prevent clickjacking
|
||||
X-Frame-Options "SAMEORIGIN"
|
||||
# XSS protection
|
||||
X-Content-Type-Options "nosniff"
|
||||
# Referrer policy
|
||||
Referrer-Policy "strict-origin-when-cross-origin"
|
||||
# Remove server info
|
||||
-Server
|
||||
}
|
||||
|
||||
@api path /api/*
|
||||
handle @api {
|
||||
handle_path /api/* {
|
||||
reverse_proxy api:8080
|
||||
reverse_proxy api:8080 {
|
||||
header_up X-Forwarded-For {remote}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@media path /media/*
|
||||
handle @media {
|
||||
handle_path /media/* {
|
||||
reverse_proxy media:8080
|
||||
reverse_proxy media:8080 {
|
||||
header_up X-Forwarded-For {remote}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@s3 path /s3/*
|
||||
handle @s3 {
|
||||
handle_path /s3/* {
|
||||
reverse_proxy minio:9000
|
||||
reverse_proxy minio:9000 {
|
||||
header_up X-Forwarded-For {remote}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@admin path /admin /admin/*
|
||||
handle @admin {
|
||||
uri strip_prefix /admin
|
||||
reverse_proxy admin:8080
|
||||
reverse_proxy admin:8080 {
|
||||
header_up X-Forwarded-For {remote}
|
||||
}
|
||||
}
|
||||
|
||||
@marketing path /marketing /marketing/*
|
||||
handle @marketing {
|
||||
uri strip_prefix /marketing
|
||||
reverse_proxy marketing:8080
|
||||
reverse_proxy marketing:8080 {
|
||||
header_up X-Forwarded-For {remote}
|
||||
}
|
||||
}
|
||||
|
||||
@gateway path /gateway /gateway/*
|
||||
handle @gateway {
|
||||
uri strip_prefix /gateway
|
||||
reverse_proxy gateway:8080
|
||||
reverse_proxy gateway:8080 {
|
||||
header_up X-Forwarded-For {remote}
|
||||
}
|
||||
}
|
||||
|
||||
@livekit path /livekit /livekit/*
|
||||
handle @livekit {
|
||||
handle_path /livekit/* {
|
||||
reverse_proxy livekit:7880
|
||||
reverse_proxy livekit:7880 {
|
||||
header_up X-Forwarded-For {remote}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@metrics path /metrics /metrics/*
|
||||
handle @metrics {
|
||||
uri strip_prefix /metrics
|
||||
reverse_proxy metrics:8080
|
||||
reverse_proxy metrics:8080 {
|
||||
header_up X-Forwarded-For {remote}
|
||||
}
|
||||
}
|
||||
|
||||
handle {
|
||||
reverse_proxy host.docker.internal:3000
|
||||
root * /app/dist
|
||||
try_files {path} /index.html
|
||||
file_server
|
||||
}
|
||||
}
|
||||
|
||||
@@ -95,6 +95,7 @@ services:
|
||||
- PORT=8080
|
||||
- APP_MODE=admin
|
||||
- FLUXER_METRICS_HOST=metrics:8080
|
||||
- FLUXER_API_PUBLIC_ENDPOINT=http://api:8080
|
||||
volumes:
|
||||
- admin_build:/workspace/build
|
||||
networks:
|
||||
|
||||
@@ -22,12 +22,12 @@ import type {RouteRateLimitConfig} from '~/middleware/RateLimitMiddleware';
|
||||
export const AuthRateLimitConfigs = {
|
||||
AUTH_REGISTER: {
|
||||
bucket: 'auth:register',
|
||||
config: {limit: 10, windowMs: 10000},
|
||||
config: {limit: 50, windowMs: 60000},
|
||||
} as RouteRateLimitConfig,
|
||||
|
||||
AUTH_LOGIN: {
|
||||
bucket: 'auth:login',
|
||||
config: {limit: 10, windowMs: 10000},
|
||||
config: {limit: 50, windowMs: 60000},
|
||||
} as RouteRateLimitConfig,
|
||||
|
||||
AUTH_LOGIN_MFA: {
|
||||
|
||||
@@ -33,7 +33,7 @@ const DIST_DIR = path.join(ROOT_DIR, 'dist');
|
||||
const PKGS_DIR = path.join(ROOT_DIR, 'pkgs');
|
||||
const PUBLIC_DIR = path.join(ROOT_DIR, 'assets');
|
||||
|
||||
const CDN_ENDPOINT = 'https://fluxerstatic.com';
|
||||
const CDN_ENDPOINT = process.env.CDN_ENDPOINT || '';
|
||||
|
||||
const isProduction = process.env.NODE_ENV === 'production';
|
||||
const isDevelopment = !isProduction;
|
||||
|
||||
Reference in New Issue
Block a user