maximus/vps-health-api
1
0
Fork 0
Code Issues 2 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Compare commits

base: maximus:f88f44e347ce0101a240809261d563f7d7d53413
Branches Tags
maximus:main
maximus:issue-3-defenseurs-findings
maximus:feat/reports-scans-archive-fallback
maximus:issue-4-runtime-only-coolify-secrets
..
compare: maximus:fc3c3a92685659c979754ecc87c8fec0b1a48ac1
Branches Tags
maximus:issue-3-defenseurs-findings
maximus:main
maximus:feat/reports-scans-archive-fallback
maximus:issue-4-runtime-only-coolify-secrets

No commits in common. "f88f44e347ce0101a240809261d563f7d7d53413" and "fc3c3a92685659c979754ecc87c8fec0b1a48ac1" have entirely different histories.
f88f44e347 ... fc3c3a9268

2 changed files with 0 additions and 4 deletions
Show stats Expand all files Collapse all files

3
.env.example
View file

@ -1,6 +1,3 @@
PORT=3001 PORT=3001
# HEALTH_TOKEN is read at runtime only (process.env at startup).
# On Coolify: MUST be is_runtime=true, is_buildtime=false.
# Buildtime ARG leaks the secret in clear in application_deployment_queues.logs.
HEALTH_TOKEN=change-me-to-a-strong-secret HEALTH_TOKEN=change-me-to-a-strong-secret
LOGTO_HEALTH_URL=https://auth.lacompagniemaximus.com/oidc/.well-known/openid-configuration LOGTO_HEALTH_URL=https://auth.lacompagniemaximus.com/oidc/.well-known/openid-configuration

1
CLAUDE.md
View file

@ -11,7 +11,6 @@ API sante minimaliste pour le VPS. ~127 lignes, Node 22 + HTTP natif.
- Bearer token via env `HEALTH_TOKEN` - Bearer token via env `HEALTH_TOKEN`
- Fail-closed : si `HEALTH_TOKEN` non configure, toutes les requetes sont refusees - Fail-closed : si `HEALTH_TOKEN` non configure, toutes les requetes sont refusees
- **Coolify** : `HEALTH_TOKEN` doit etre `is_runtime=true, is_buildtime=false`. Buildtime fait fuiter le secret en clair dans `application_deployment_queues.logs`. Voir `la-compagnie-maximus/docs/coolify-ops.md` section "Secrets en buildtime".
## Config ## Config