zephyrdark
39d2226d95
Some checks failed
Deploy to Production / deploy (push) Failing after 46s
- Remove nginx from docker-compose.prod.yml (NPM handles reverse proxy) - Add Next.js rewrites to proxy /api/* to backend (backend fully hidden) - Bind frontend to 127.0.0.1:3000 only (NPM proxies externally) - Replace hardcoded localhost:8000 in history page with api client - Make CORS origins configurable via environment variable - Restrict CORS methods to GET/POST/PUT/DELETE - Add Gitea Actions deploy workflow with secrets-based env management - Add security headers (X-Frame-Options, X-Content-Type-Options, Referrer-Policy) - Add BACKEND_URL build arg to frontend Dockerfile for standalone builds Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
23 lines
653 B
Plaintext
23 lines
653 B
Plaintext
# Galaxis-Po Production Environment Variables
|
|
# These values should be set as Gitea Secrets, not in this file.
|
|
# This file is a reference template only.
|
|
|
|
# Database
|
|
DB_USER=galaxy
|
|
DB_PASSWORD=your_strong_password_here
|
|
DB_NAME=galaxy_po
|
|
|
|
# JWT Authentication (generate with: openssl rand -hex 32)
|
|
JWT_SECRET=your_jwt_secret_key_here_at_least_32_characters
|
|
|
|
# Korea Investment & Securities OpenAPI
|
|
KIS_APP_KEY=your_kis_app_key
|
|
KIS_APP_SECRET=your_kis_app_secret
|
|
KIS_ACCOUNT_NO=your_account_number
|
|
|
|
# DART OpenAPI (Financial Statements)
|
|
DART_API_KEY=your_dart_api_key
|
|
|
|
# CORS (comma-separated origins, used by backend)
|
|
CORS_ORIGINS=https://your-domain.com
|