diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index 1426e4b3a..c51d79ee9 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -10,7 +10,7 @@ services: restart: unless-stopped environment: POSTGRES_USER: ${DB_USER:-veza} - POSTGRES_PASSWORD: ${DB_PASS:-password} + POSTGRES_PASSWORD: ${DB_PASS:?DB_PASS must be set for production} POSTGRES_DB: ${DB_NAME:-veza} volumes: - postgres_data:/var/lib/postgresql/data @@ -52,7 +52,7 @@ services: restart: unless-stopped environment: RABBITMQ_DEFAULT_USER: ${DB_USER:-veza} - RABBITMQ_DEFAULT_PASS: ${DB_PASS:-password} + RABBITMQ_DEFAULT_PASS: ${RABBITMQ_PASS:?RABBITMQ_PASS must be set for production} volumes: - rabbitmq_data:/var/lib/rabbitmq healthcheck: @@ -80,10 +80,10 @@ services: restart: unless-stopped environment: - APP_ENV=production - - DATABASE_URL=postgres://${DB_USER:-veza}:${DB_PASS:-password}@postgres:5432/${DB_NAME:-veza}?sslmode=disable + - DATABASE_URL=postgres://${DB_USER:-veza}:${DB_PASS:?DB_PASS must be set}@postgres:5432/${DB_NAME:-veza}?sslmode=require - REDIS_URL=redis://redis:6379 - - AMQP_URL=amqp://${DB_USER:-veza}:${DB_PASS:-password}@rabbitmq:5672 - - JWT_SECRET=${JWT_SECRET:-change-me-in-production-minimum-32-characters} + - AMQP_URL=amqp://${DB_USER:-veza}:${RABBITMQ_PASS:?RABBITMQ_PASS must be set}@rabbitmq:5672 + - JWT_SECRET=${JWT_SECRET:?JWT_SECRET must be set for production} - COOKIE_SECURE=true - COOKIE_SAME_SITE=strict - COOKIE_HTTP_ONLY=true @@ -111,9 +111,9 @@ services: container_name: veza_chat_server restart: unless-stopped environment: - - DATABASE_URL=postgres://${DB_USER:-veza}:${DB_PASS:-password}@postgres:5432/${DB_NAME:-veza}?sslmode=disable + - DATABASE_URL=postgres://${DB_USER:-veza}:${DB_PASS:?DB_PASS must be set}@postgres:5432/${DB_NAME:-veza}?sslmode=require - REDIS_URL=redis://redis:6379 - - JWT_SECRET=${JWT_SECRET:-change-me-in-production-minimum-32-characters} + - JWT_SECRET=${JWT_SECRET:?JWT_SECRET must be set for production} - PORT=3000 depends_on: postgres: @@ -136,7 +136,7 @@ services: container_name: veza_stream_server restart: unless-stopped environment: - - DATABASE_URL=postgres://${DB_USER:-veza}:${DB_PASS:-password}@postgres:5432/${DB_NAME:-veza}?sslmode=disable + - DATABASE_URL=postgres://${DB_USER:-veza}:${DB_PASS:?DB_PASS must be set}@postgres:5432/${DB_NAME:-veza}?sslmode=require - REDIS_URL=redis://redis:6379 - PORT=3001 depends_on: diff --git a/docker-compose.staging.yml b/docker-compose.staging.yml index bc1f3b5cd..785b5ccfb 100644 --- a/docker-compose.staging.yml +++ b/docker-compose.staging.yml @@ -9,7 +9,7 @@ services: restart: unless-stopped environment: POSTGRES_USER: veza - POSTGRES_PASSWORD: ${STAGING_DB_PASSWORD:-staging_password} + POSTGRES_PASSWORD: ${STAGING_DB_PASSWORD:?STAGING_DB_PASSWORD must be set} POSTGRES_DB: veza_staging volumes: - postgres_staging_data:/var/lib/postgresql/data @@ -36,7 +36,7 @@ services: restart: unless-stopped environment: RABBITMQ_DEFAULT_USER: veza - RABBITMQ_DEFAULT_PASS: ${STAGING_RABBITMQ_PASSWORD:-staging_password} + RABBITMQ_DEFAULT_PASS: ${STAGING_RABBITMQ_PASSWORD:?STAGING_RABBITMQ_PASSWORD must be set} volumes: - rabbitmq_staging_data:/var/lib/rabbitmq healthcheck: @@ -56,11 +56,11 @@ services: - DB_HOST=postgres - DB_PORT=5432 - DB_USER=veza - - DB_PASSWORD=${STAGING_DB_PASSWORD:-staging_password} + - DB_PASSWORD=${STAGING_DB_PASSWORD:?STAGING_DB_PASSWORD must be set} - DB_NAME=veza_staging - - DATABASE_URL=postgresql://veza:${STAGING_DB_PASSWORD:-staging_password}@postgres:5432/veza_staging + - DATABASE_URL=postgresql://veza:${STAGING_DB_PASSWORD:?STAGING_DB_PASSWORD must be set}@postgres:5432/veza_staging?sslmode=require - REDIS_URL=redis://redis:6379 - - RABBITMQ_URL=amqp://veza:${STAGING_RABBITMQ_PASSWORD:-staging_password}@rabbitmq:5672/%2f + - RABBITMQ_URL=amqp://veza:${STAGING_RABBITMQ_PASSWORD:?STAGING_RABBITMQ_PASSWORD must be set}@rabbitmq:5672/%2f - JWT_SECRET=${STAGING_JWT_SECRET} - ENABLE_CLAMAV=false - LOG_DIR=/var/log/veza