fix: secure deploy
This commit is contained in:
ajay
parent
40eb399b36
commit
1cd98f7b5a
1 changed files with 31 additions and 29 deletions
|
|
@ -12,32 +12,34 @@ services:
|
|||
database:
|
||||
condition: service_healthy
|
||||
environment:
|
||||
- SERVICE_URL_DOCUMENSO_3000=http://localhost:3000
|
||||
- NEXTAUTH_URL=http://localhost:3000
|
||||
- NEXTAUTH_SECRET=${NEXTAUTH_SECRET:-test-secret-key-change-in-production}
|
||||
- NEXT_PRIVATE_ENCRYPTION_KEY=${NEXT_PRIVATE_ENCRYPTION_KEY:-test-encryption-key-32-chars}
|
||||
- NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY=${NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY:-test-secondary-encryption-key-64-characters-long-for-production-use}
|
||||
- NEXT_PUBLIC_WEBAPP_URL=http://localhost:3000
|
||||
- NEXT_PRIVATE_RESEND_API_KEY=${NEXT_PRIVATE_RESEND_API_KEY:-}
|
||||
- NEXT_PRIVATE_SMTP_TRANSPORT=${NEXT_PRIVATE_SMTP_TRANSPORT:-}
|
||||
- NEXT_PRIVATE_SMTP_HOST=${NEXT_PRIVATE_SMTP_HOST:-}
|
||||
- NEXT_PRIVATE_SMTP_PORT=${NEXT_PRIVATE_SMTP_PORT:-}
|
||||
- NEXT_PRIVATE_SMTP_USERNAME=${NEXT_PRIVATE_SMTP_USERNAME:-}
|
||||
- NEXT_PRIVATE_SMTP_PASSWORD=${NEXT_PRIVATE_SMTP_PASSWORD:-}
|
||||
- NEXT_PRIVATE_SMTP_FROM_NAME=${NEXT_PRIVATE_SMTP_FROM_NAME:-}
|
||||
- NEXT_PRIVATE_SMTP_FROM_ADDRESS=${NEXT_PRIVATE_SMTP_FROM_ADDRESS:-}
|
||||
- NEXT_PRIVATE_DATABASE_URL=postgresql://${POSTGRES_USER:-documenso}:${POSTGRES_PASSWORD:-documenso}@database/${POSTGRES_DB:-documenso-db}?schema=public
|
||||
- NEXT_PRIVATE_DIRECT_DATABASE_URL=postgresql://${POSTGRES_USER:-documenso}:${POSTGRES_PASSWORD:-documenso}@database/${POSTGRES_DB:-documenso-db}?schema=public
|
||||
- SERVICE_URL_DOCUMENSO_3000
|
||||
- NEXTAUTH_URL=${SERVICE_URL_DOCUMENSO}
|
||||
- NEXTAUTH_SECRET=${SERVICE_BASE64_AUTHSECRET}
|
||||
- NEXT_PRIVATE_ENCRYPTION_KEY=${SERVICE_BASE64_ENCRYPTIONKEY}
|
||||
- NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY=${SERVICE_BASE64_SECONDARYENCRYPTIONKEY}
|
||||
- NEXT_PUBLIC_WEBAPP_URL=${SERVICE_URL_DOCUMENSO}
|
||||
- NEXT_PRIVATE_RESEND_API_KEY=${NEXT_PRIVATE_RESEND_API_KEY}
|
||||
- NEXT_PRIVATE_SMTP_TRANSPORT=${NEXT_PRIVATE_SMTP_TRANSPORT}
|
||||
- NEXT_PRIVATE_SMTP_HOST=${NEXT_PRIVATE_SMTP_HOST}
|
||||
- NEXT_PRIVATE_SMTP_PORT=${NEXT_PRIVATE_SMTP_PORT}
|
||||
- NEXT_PRIVATE_SMTP_USERNAME=${NEXT_PRIVATE_SMTP_USERNAME}
|
||||
- NEXT_PRIVATE_SMTP_PASSWORD=${NEXT_PRIVATE_SMTP_PASSWORD}
|
||||
- NEXT_PRIVATE_SMTP_FROM_NAME=${NEXT_PRIVATE_SMTP_FROM_NAME}
|
||||
- NEXT_PRIVATE_SMTP_FROM_ADDRESS=${NEXT_PRIVATE_SMTP_FROM_ADDRESS}
|
||||
- NEXT_PRIVATE_DATABASE_URL=postgresql://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@database/${POSTGRES_DB:-documenso-db}?schema=public
|
||||
- NEXT_PRIVATE_DIRECT_DATABASE_URL=postgresql://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@database/${POSTGRES_DB:-documenso-db}?schema=public
|
||||
- NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH=/app/apps/remix/certs/certificate.p12
|
||||
- NEXT_PRIVATE_SIGNING_PASSPHRASE=${SERVICE_PASSWORD_DOCUMENSO}
|
||||
- NEXT_PRIVATE_SIGNING_TRANSPORT=local
|
||||
- NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH=/app/certs/cert.p12
|
||||
- NEXT_PRIVATE_SIGNING_LOCAL_FILE_PASSPHRASE=${SERVICE_PASSWORD_DOCUMENSO}
|
||||
- CERT_VALID_DAYS=${CERT_VALID_DAYS:-365}
|
||||
- CERT_INFO_COUNTRY_NAME=${CERT_INFO_COUNTRY_NAME:-US}
|
||||
- CERT_INFO_STATE_OR_PROVIDENCE=${CERT_INFO_STATE_OR_PROVIDENCE:-State}
|
||||
- CERT_INFO_LOCALITY_NAME=${CERT_INFO_LOCALITY_NAME:-City}
|
||||
- CERT_INFO_ORGANIZATION_NAME=${CERT_INFO_ORGANIZATION_NAME:-Test Organization}
|
||||
- CERT_INFO_COUNTRY_NAME=${CERT_INFO_COUNTRY_NAME:-DO}
|
||||
- CERT_INFO_STATE_OR_PROVIDENCE=${CERT_INFO_STATE_OR_PROVIDENCE:-Santiago}
|
||||
- CERT_INFO_LOCALITY_NAME=${CERT_INFO_LOCALITY_NAME:-Santiago}
|
||||
- CERT_INFO_ORGANIZATION_NAME=${CERT_INFO_ORGANIZATION_NAME:-Example INC}
|
||||
- CERT_INFO_ORGANIZATIONAL_UNIT=${CERT_INFO_ORGANIZATIONAL_UNIT:-IT Department}
|
||||
- CERT_INFO_EMAIL=${CERT_INFO_EMAIL:-example@example.com}
|
||||
- CERT_INFO_EMAIL=${CERT_INFO_EMAIL:-example@gmail.com}
|
||||
- NEXT_PUBLIC_DISABLE_SIGNUP=${DISABLE_LOGIN:-false}
|
||||
- SERVICE_PASSWORD_DOCUMENSO=${SERVICE_PASSWORD_DOCUMENSO:-}
|
||||
healthcheck:
|
||||
|
|
@ -87,13 +89,13 @@ services:
|
|||
distinguished_name = req_distinguished_name
|
||||
prompt = no
|
||||
[ req_distinguished_name ]
|
||||
C = $${CERT_INFO_COUNTRY_NAME}
|
||||
ST = $${CERT_INFO_STATE_OR_PROVIDENCE}
|
||||
L = $${CERT_INFO_LOCALITY_NAME}
|
||||
O = $${CERT_INFO_ORGANIZATION_NAME}
|
||||
OU = $${CERT_INFO_ORGANIZATIONAL_UNIT}
|
||||
CN = $${SERVICE_URL_DOCUMENSO}
|
||||
emailAddress = $${CERT_INFO_EMAIL}
|
||||
C = ${CERT_INFO_COUNTRY_NAME}
|
||||
ST = ${CERT_INFO_STATE_OR_PROVIDENCE}
|
||||
L = ${CERT_INFO_LOCALITY_NAME}
|
||||
O = ${CERT_INFO_ORGANIZATION_NAME}
|
||||
OU = ${CERT_INFO_ORGANIZATIONAL_UNIT}
|
||||
CN = ${SERVICE_URL_DOCUMENSO}
|
||||
emailAddress = ${CERT_INFO_EMAIL}
|
||||
EOF
|
||||
|
||||
cd "$$CERT_DIR"
|
||||
|
|
@ -139,7 +141,7 @@ services:
|
|||
image: postgres:17
|
||||
environment:
|
||||
- POSTGRES_USER=${POSTGRES_USER:-documenso}
|
||||
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-documenso}
|
||||
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-PLACEHOLDER_PASSWORD}
|
||||
- POSTGRES_DB=${POSTGRES_DB:-documenso-db}
|
||||
volumes:
|
||||
- documenso_postgresql_data:/var/lib/postgresql/data
|
||||
|
|
|
|||
Loading…
Reference in a new issue