np-dms/lcbp3
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(specs): sanitize docker-compose-app.yml v1.8.0 - replace hardcoded secrets with placeholders
All checks were successful
Build and Deploy / deploy (push) Successful in 55s
Details

Browse Source 
- Updated to v1.8.0 header
- All sensitive values (DB_PASSWORD, REDIS_PASSWORD, JWT_SECRET,
  AUTH_SECRET) replaced with <SET_IN_CONTAINER_STATION> placeholder
- Added security comment reminder in file header
- Deleted duplicate 04-00-docker-compose/ folder (untracked)
- Deleted Google OAuth client_secret.json from disk
- Deleted empty specs/08-infrastructure/ folder from disk
This commit is contained in:
admin
2026-02-23 15:09:02 +07:00
parent 5eff8861e1
commit 9c7c1c3bf5
1 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
specs/04-Infrastructure-OPS/docker-compose-app.yml
View File

@@ -1,5 +1,5 @@
# File: /share/np-dms/app/docker-compose.yml # File: /share/np-dms/app/docker-compose.yml
# DMS Container v1.7.0: Application Stack (Backend + Frontend) # DMS Container v1.8.0: Application Stack (Backend + Frontend)
# Application name: lcbp3-app # Application name: lcbp3-app
# ============================================================ # ============================================================
# ⚠️ ใช้งานร่วมกับ services อื่นที่รันอยู่แล้วบน QNAP: # ⚠️ ใช้งานร่วมกับ services อื่นที่รันอยู่แล้วบน QNAP:
@@ -8,6 +8,9 @@
# - search (services) # - search (services)
# - npm (lcbp3-npm) # - npm (lcbp3-npm)
# ============================================================ # ============================================================
# 🔒 SECURITY: ห้าม commit ค่า secrets จริงที่นี่
# ใช้ Environment Variables ใน Container Station UI
# ============================================================
x-restart: &restart_policy x-restart: &restart_policy
restart: unless-stopped restart: unless-stopped
@@ -50,18 +53,18 @@ services:
DB_PORT: '3306' DB_PORT: '3306'
DB_DATABASE: 'lcbp3' DB_DATABASE: 'lcbp3'
DB_USERNAME: 'center' DB_USERNAME: 'center'
DB_PASSWORD: 'Center#2025' DB_PASSWORD: '<SET_IN_CONTAINER_STATION>'
# --- Redis --- # --- Redis ---
REDIS_HOST: 'cache' REDIS_HOST: 'cache'
REDIS_PORT: '6379' REDIS_PORT: '6379'
REDIS_PASSWORD: 'Center2025' REDIS_PASSWORD: '<SET_IN_CONTAINER_STATION>'
# --- Elasticsearch --- # --- Elasticsearch ---
ELASTICSEARCH_HOST: 'search' ELASTICSEARCH_HOST: 'search'
ELASTICSEARCH_PORT: '9200' ELASTICSEARCH_PORT: '9200'
# --- JWT --- # --- JWT ---
JWT_SECRET: 'eebc122aa65adde8c76c6a0847d9649b2b67a06db1504693e6c912e51499b76e' JWT_SECRET: '<SET_IN_CONTAINER_STATION>'
JWT_EXPIRATION: '8h' JWT_EXPIRATION: '8h'
JWT_REFRESH_SECRET: 'a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2' JWT_REFRESH_SECRET: '<SET_IN_CONTAINER_STATION>'
# --- Numbering --- # --- Numbering ---
NUMBERING_LOCK_TIMEOUT: '5000' NUMBERING_LOCK_TIMEOUT: '5000'
NUMBERING_RESERVATION_TTL: '300' NUMBERING_RESERVATION_TTL: '300'
@@ -107,7 +110,7 @@ services:
HOSTNAME: '0.0.0.0' HOSTNAME: '0.0.0.0'
PORT: '3000' PORT: '3000'
# --- NextAuth --- # --- NextAuth ---
AUTH_SECRET: 'eebc122aa65adde8c76c6a0847d9649b2b67a06db1504693e6c912e51499b76e' AUTH_SECRET: '<SET_IN_CONTAINER_STATION>'
AUTH_URL: 'https://lcbp3.np-dms.work' AUTH_URL: 'https://lcbp3.np-dms.work'
networks: networks:
- lcbp3 - lcbp3