nginx includes auth_enabled.conf, (re)written at container start from BASIC_AUTH_USER/PASSWORD (htpasswd via apache2-utils). Both set => the site + /api require a shared login; unset => open (local dev not locked out). Set both on the Coolify web service to protect the deployment.
33 lines
1.1 KiB
YAML
33 lines
1.1 KiB
YAML
services:
|
|
web:
|
|
build: .
|
|
# No host port binding: Coolify's proxy routes the domain to this service
|
|
# over the internal network (see docker_compose_domains). Host bindings
|
|
# would collide with Coolify's own :80 / other apps on the host.
|
|
expose:
|
|
- "80"
|
|
environment:
|
|
# Set both on the Coolify app to require a shared login for the whole site.
|
|
- BASIC_AUTH_USER=${BASIC_AUTH_USER:-}
|
|
- BASIC_AUTH_PASSWORD=${BASIC_AUTH_PASSWORD:-}
|
|
depends_on:
|
|
- api
|
|
|
|
api:
|
|
build: ./backend
|
|
environment:
|
|
- PORT=8000
|
|
- DB_PATH=/app/data/app.db
|
|
# Set these as env vars on the Coolify app to switch from demo fixtures
|
|
# to live data. Empty Napta creds -> the backend serves fixtures.
|
|
- NAPTA_CLIENT_ID=${NAPTA_CLIENT_ID:-}
|
|
- NAPTA_CLIENT_SECRET=${NAPTA_CLIENT_SECRET:-}
|
|
- NAPTA_BASE_URL=${NAPTA_BASE_URL:-https://app.napta.io/api/v1}
|
|
- SLACK_BOT_TOKEN=${SLACK_BOT_TOKEN:-}
|
|
volumes:
|
|
- ./data:/app/data
|
|
# Internal only — the web (nginx) service reaches it at http://api:8000 on
|
|
# the compose network. Not published to the host.
|
|
expose:
|
|
- "8000"
|