Phase 0 — Foundation: backend, data model, local auth, frontend, deploy + CI #1
@@ -26,8 +26,16 @@ S3_REGION=us-east-1
|
||||
|
||||
# --- Edge (Caddy) ---
|
||||
# Local: ':80' (http://localhost). Production: 'provenance.example.com' for auto-HTTPS.
|
||||
# Behind a Cloudflare Tunnel, keep ':80' — Cloudflare terminates TLS and the
|
||||
# tunnel forwards plain HTTP to caddy:80.
|
||||
PROVENANCE_SITE_ADDRESS=:80
|
||||
|
||||
# --- Cloudflare Tunnel (optional) ---
|
||||
# Enable by setting COMPOSE_PROFILES=tunnel and supplying the connector token
|
||||
# from the Cloudflare dashboard. Public hostname -> http://caddy:80.
|
||||
CLOUDFLARE_TUNNEL_TOKEN=
|
||||
COMPOSE_PROFILES=
|
||||
|
||||
# --- Auth / sessions ---
|
||||
SESSION_TTL_DAYS=30
|
||||
TOKEN_TTL_HOURS=24
|
||||
|
||||
@@ -86,6 +86,24 @@ services:
|
||||
- frontend
|
||||
restart: unless-stopped
|
||||
|
||||
# Cloudflare Tunnel connector. The tunnel/ingress is configured in the
|
||||
# Cloudflare dashboard; this container just connects. One public hostname
|
||||
# (e.g. provenance.paul.farm) -> http://caddy:80 is enough, because Caddy
|
||||
# does the internal path routing (/ -> frontend, /api + /health -> backend).
|
||||
#
|
||||
# Opt-in via the "tunnel" profile so local dev doesn't start it. On the lab
|
||||
# host set COMPOSE_PROFILES=tunnel so `docker compose up -d` includes it.
|
||||
cloudflared:
|
||||
image: cloudflare/cloudflared:latest
|
||||
restart: unless-stopped
|
||||
command: tunnel --no-autoupdate run
|
||||
environment:
|
||||
TUNNEL_TOKEN: ${CLOUDFLARE_TUNNEL_TOKEN:-}
|
||||
depends_on:
|
||||
- caddy
|
||||
profiles:
|
||||
- tunnel
|
||||
|
||||
volumes:
|
||||
pgdata:
|
||||
miniodata:
|
||||
|
||||
Reference in New Issue
Block a user