Setup Redis passwords to be used in Vm installation or via Docker

Setup so that CORS_ORIGIN error appears on the frontend to help new installations
2025-11-02 13:03:34 +00:00 · 2025-10-18 16:14:09 +01:00
parent 52c8ba6b03
commit 5004e062b4
18 changed files with 606 additions and 72 deletions
--- a/docker/backend.Dockerfile.dockerignore
+++ b/docker/backend.Dockerfile.dockerignore
@@ -1 +1,3 @@
 **/env.example
+**/.env
+**/.env.*
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -1,3 +1,19 @@
+# Change 3 Passwords in this file:
+# Generate passwords with 'openssl rand -hex 64'
+# 
+# 1. The database password in the environment variable POSTGRES_PASSWORD
+# 2. The redis password in the command redis-server --requirepass your-redis-password-here
+# 3. The jwt secret in the environment variable JWT_SECRET
+#
+#
+# Change 2 URL areas in this file:
+# 1. Setup your CORS_ORIGIN to what url you will use for accessing PatchMon frontend url
+# 2. Setup your SERVER_PROTOCOL, SERVER_HOST and SERVER_PORT to what you will use for linux agents to access PatchMon
+#
+# This is generally the same as your CORS_ORIGIN url , in some cases it might be different - SERVER_* variables are used in the scripts for Server connection.
+# You can also change this in the front-end but in the case of docker-compose - it is overwritten by the variables set here.
+
+
 name: patchmon

 services:
@@ -7,7 +23,7 @@ services:
    environment:
      POSTGRES_DB: patchmon_db
      POSTGRES_USER: patchmon_user
-      POSTGRES_PASSWORD: # CREATE A STRONG PASSWORD AND PUT IT HERE
+      POSTGRES_PASSWORD: # CREATE A STRONG DB PASSWORD AND PUT IT HERE
    volumes:
      - postgres_data:/var/lib/postgresql/data
    healthcheck:
@@ -19,11 +35,11 @@ services:
  redis:
    image: redis:7-alpine
    restart: unless-stopped
-    command: redis-server --requirepass your-redis-password-here
+    command: redis-server --requirepass your-redis-password-here # CHANGE THIS TO YOUR REDIS PASSWORD
    volumes:
      - redis_data:/data
    healthcheck:
-      test: ["CMD", "redis-cli", "--no-auth-warning", "-a", "your-redis-password-here", "ping"]
+      test: ["CMD", "redis-cli", "--no-auth-warning", "-a", "your-redis-password-here", "ping"] # CHANGE THIS TO YOUR REDIS PASSWORD
      interval: 3s
      timeout: 5s
      retries: 7
@@ -35,7 +51,7 @@ services:
    environment:
      LOG_LEVEL: info
      DATABASE_URL: postgresql://patchmon_user:REPLACE_YOUR_POSTGRES_PASSWORD_HERE@database:5432/patchmon_db
-      JWT_SECRET: # CREATE A STRONG SECRET AND PUT IT HERE - Generate with 'openssl rand -hex 64'
+      JWT_SECRET: # CREATE A STRONG SECRET AND PUT IT HERE
      SERVER_PROTOCOL: http
      SERVER_HOST: localhost
      SERVER_PORT: 3000
--- a/docker/nginx.conf.template
+++ b/docker/nginx.conf.template
@@ -41,7 +41,7 @@ server {
        # Preserve original client IP through proxy chain
        proxy_set_header X-Original-Forwarded-For $http_x_forwarded_for;

-        # CORS headers for API calls
+        # CORS headers for API calls - even though backend is doing it
        add_header Access-Control-Allow-Origin * always;
        add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
        add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization" always;
@@ -77,10 +77,10 @@ server {
        proxy_request_buffering off;
        proxy_max_temp_file_size 0;

-        # CORS headers for SSE
-        add_header Access-Control-Allow-Origin * always;
-        add_header Access-Control-Allow-Methods "GET, OPTIONS" always;
-        add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization" always;
+        # CORS headers for SSE - commented out to let backend handle CORS
+        # add_header Access-Control-Allow-Origin * always;
+        # add_header Access-Control-Allow-Methods "GET, OPTIONS" always;
+        # add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization" always;

        # Handle preflight requests
        if ($request_method = 'OPTIONS') {
--- a/docker/redis.conf
+++ b/docker/redis.conf
@@ -1,35 +0,0 @@
-# Redis Configuration for PatchMon Production
-# Security settings
-# requirepass ${REDIS_PASSWORD}  # Disabled - using command-line password instead
-rename-command FLUSHDB ""
-rename-command FLUSHALL ""
-rename-command DEBUG ""
-rename-command CONFIG "CONFIG_DISABLED"
-
-# Memory management
-maxmemory 256mb
-maxmemory-policy allkeys-lru
-
-# Persistence settings
-save 900 1
-save 300 10
-save 60 10000
-
-# Logging
-loglevel notice
-logfile ""
-
-# Network security
-bind 127.0.0.1
-protected-mode yes
-
-# Performance tuning
-tcp-keepalive 300
-timeout 0
-
-# Disable dangerous commands
-rename-command SHUTDOWN "SHUTDOWN_DISABLED"
-rename-command KEYS ""
-rename-command MONITOR ""
-rename-command SLAVEOF ""
-rename-command REPLICAOF ""