torsten/harheimertc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update deployment script to ensure persistent data management, enhance backup and restore processes, and improve error handling. Modify .gitignore to exclude sensitive production data and update deployment documentation to reflect changes. Add environment variable loading for production secrets in configuration files.

Browse Source
This commit is contained in:
Torsten Schulz (local)
2026-01-07 17:42:04 +01:00
parent 7fb65723c7
commit a29200ea91
6 changed files with 127 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
harheimertc.config.cjs
View File

@@ -1,3 +1,11 @@
// Load environment variables from .env (production secrets)
try {
// eslint-disable-next-line global-require
require('dotenv').config({ path: '/var/www/harheimertc/.env' })
} catch (_e) {
// If dotenv isn't available or .env missing, continue (process.env may be set elsewhere)
}
module.exports = {
apps: [{
name: 'harheimertc',
@@ -10,7 +18,32 @@ module.exports = {
max_memory_restart: '1G',
env: {
NODE_ENV: 'production',
PORT: 3100
PORT: 3100,
// Secrets/Config (loaded from .env above, if present)
ENCRYPTION_KEY: process.env.ENCRYPTION_KEY,
JWT_SECRET: process.env.JWT_SECRET,
SMTP_HOST: process.env.SMTP_HOST,
SMTP_PORT: process.env.SMTP_PORT,
SMTP_USER: process.env.SMTP_USER,
SMTP_PASS: process.env.SMTP_PASS,
SMTP_FROM: process.env.SMTP_FROM,
SMTP_ADMIN: process.env.SMTP_ADMIN,
NUXT_PUBLIC_BASE_URL: process.env.NUXT_PUBLIC_BASE_URL,
COOKIE_SECURE: process.env.COOKIE_SECURE,
COOKIE_SAMESITE: process.env.COOKIE_SAMESITE,
CSP_ENABLED: process.env.CSP_ENABLED,
CSP_REPORT_ONLY: process.env.CSP_REPORT_ONLY,
CSP_VALUE: process.env.CSP_VALUE,
HIBP_ENABLED: process.env.HIBP_ENABLED,
HIBP_USER_AGENT: process.env.HIBP_USER_AGENT,
HIBP_TIMEOUT_MS: process.env.HIBP_TIMEOUT_MS,
HIBP_CACHE_TTL_MS: process.env.HIBP_CACHE_TTL_MS,
HIBP_FAIL_CLOSED: process.env.HIBP_FAIL_CLOSED,
AUDIT_LOG_ENABLED: process.env.AUDIT_LOG_ENABLED,
WEBAUTHN_ORIGIN: process.env.WEBAUTHN_ORIGIN,
WEBAUTHN_RP_ID: process.env.WEBAUTHN_RP_ID,
WEBAUTHN_RP_NAME: process.env.WEBAUTHN_RP_NAME,
WEBAUTHN_REQUIRE_UV: process.env.WEBAUTHN_REQUIRE_UV
},
error_file: '/var/log/pm2/harheimertc-error.log',
out_file: '/var/log/pm2/harheimertc-out.log',