Compare commits
2 commits
fc3c3a9268
...
f88f44e347
| Author | SHA1 | Date | |
|---|---|---|---|
| f88f44e347 | |||
|
9510e96231 |
2 changed files with 4 additions and 0 deletions
|
|
@ -1,3 +1,6 @@
|
|||
PORT=3001
|
||||
# HEALTH_TOKEN is read at runtime only (process.env at startup).
|
||||
# On Coolify: MUST be is_runtime=true, is_buildtime=false.
|
||||
# Buildtime ARG leaks the secret in clear in application_deployment_queues.logs.
|
||||
HEALTH_TOKEN=change-me-to-a-strong-secret
|
||||
LOGTO_HEALTH_URL=https://auth.lacompagniemaximus.com/oidc/.well-known/openid-configuration
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ API sante minimaliste pour le VPS. ~127 lignes, Node 22 + HTTP natif.
|
|||
|
||||
- Bearer token via env `HEALTH_TOKEN`
|
||||
- Fail-closed : si `HEALTH_TOKEN` non configure, toutes les requetes sont refusees
|
||||
- **Coolify** : `HEALTH_TOKEN` doit etre `is_runtime=true, is_buildtime=false`. Buildtime fait fuiter le secret en clair dans `application_deployment_queues.logs`. Voir `la-compagnie-maximus/docs/coolify-ops.md` section "Secrets en buildtime".
|
||||
|
||||
## Config
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue