senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1919 commits 37 branches 94 tags 1.5 GiB
Commit graph

3 commits

Author SHA1 Message Date
senke
3e0e1b5286 feat(infra): complete staging compose with chat, stream, and reverse proxy 
INF-07: Added chat-server, stream-server, Caddy reverse proxy,
and healthchecks for all services in staging compose.
 2026-02-22 17:36:03 +01:00
senke
8fa866baaa fix(security): harden docker-compose.prod.yml and staging -- sslmode, secrets 
Production (docker-compose.prod.yml):
- Change sslmode=disable to sslmode=require on all 3 DATABASE_URLs
- Replace JWT_SECRET fallback defaults with :? syntax (fails if unset)
- Replace DB_PASS default 'password' with :? syntax (fails if unset)
- Separate RABBITMQ_PASS from DB_PASS, require explicit setting

Staging (docker-compose.staging.yml):
- Add sslmode=require to DATABASE_URL
- Replace all default passwords with :? syntax (fails if unset)

docker-compose up with these files will now FAIL if required secrets
are not explicitly provided via environment variables.

Addresses audit findings: A02 (Cryptographic Failures), section 7 (Infra).

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-11 22:43:09 +01:00
senke
8efbb97e6f stabilisation commit A 2026-01-07 19:39:21 +01:00