Ulas
3f387b616e
With the previous default of 'loopback', Express ignored X-Forwarded-Proto headers from Caddy/nginx when running in Docker (bridge IP, not loopback). This caused req.secure=false, which made express-session silently drop the session cookie on login - resulting in a 401 on every subsequent request. Changing the default to 1 (trust one proxy hop) fixes this for all standard Docker+reverse-proxy deployments without requiring manual configuration.
31 lines
916 B
YAML
31 lines
916 B
YAML
services:
|
|
oikos:
|
|
image: ghcr.io/ulsklyc/oikos:latest
|
|
build: . # optional: use --build to build locally instead
|
|
container_name: oikos
|
|
restart: unless-stopped
|
|
ports:
|
|
- "0.0.0.0:3000:3000"
|
|
volumes:
|
|
- oikos_data:/data
|
|
env_file:
|
|
- .env
|
|
environment:
|
|
- NODE_ENV=production
|
|
- DB_PATH=/data/oikos.db
|
|
# Reverse proxy setup (Caddy, nginx, Traefik):
|
|
# - Remove SESSION_SECURE=false (default is true)
|
|
# - TRUST_PROXY is automatically set to 1 (trust one proxy hop)
|
|
# Direct HTTP access (no reverse proxy):
|
|
- SESSION_SECURE=false
|
|
healthcheck:
|
|
test: ["CMD", "node", "-e", "require('http').get('http://localhost:3000/health', r => process.exit(r.statusCode === 200 ? 0 : 1))"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 10s
|
|
|
|
volumes:
|
|
oikos_data:
|
|
driver: local
|