- Add HLSEnabled and HLSStorageDir to backend config (HLS_STREAMING env)
- Register HLS serving routes (master.m3u8, quality playlist, segments)
behind HLSEnabled feature flag on existing track routes
- Add GetHLSStatus and TriggerHLSTranscode methods to StreamService
for stream server communication
- Update docker-compose (dev, staging, prod) with HLS env vars and
shared hls-data volume between backend and stream-server
- Stream callback already correctly updates stream_manifest_url
Production (docker-compose.prod.yml):
- Change sslmode=disable to sslmode=require on all 3 DATABASE_URLs
- Replace JWT_SECRET fallback defaults with :? syntax (fails if unset)
- Replace DB_PASS default 'password' with :? syntax (fails if unset)
- Separate RABBITMQ_PASS from DB_PASS, require explicit setting
Staging (docker-compose.staging.yml):
- Add sslmode=require to DATABASE_URL
- Replace all default passwords with :? syntax (fails if unset)
docker-compose up with these files will now FAIL if required secrets
are not explicitly provided via environment variables.
Addresses audit findings: A02 (Cryptographic Failures), section 7 (Infra).
Co-authored-by: Cursor <cursoragent@cursor.com>
- Configure LOG_DIR=/var/log/veza pour tous les services
- Ajoute scripts de gestion des logs (setup, view, rotate)
- Configure volume Docker partagé pour les logs
- Logs organisés par service avec fichiers séparés pour les erreurs
- Rotation automatique : 100MB, 10 backups, 30 jours, compression gzip
- Documentation dans LOGGING.md et ENV_CONFIG.md
Services configurés:
- Backend API: backend-api.log, redis.log, db.log, rabbitmq.log
- Chat Server: chat-server.log (à configurer)
- Stream Server: stream-server.log (à configurer)
Le backend API a déjà toute l'infrastructure de logging en place.
Les serveurs chat et stream utiliseront LOG_DIR depuis l'environnement.
