mirror of
https://github.com/DRYTRIX/TimeTracker.git
synced 2026-05-17 10:29:49 -05:00
Dries Peeters
55ae923636
- Move docker-compose.* (analytics, https, local-test, remote) to docker/ - Move logrotate.conf.example to docker/
76 lines
2.7 KiB
YAML
76 lines
2.7 KiB
YAML
services:
|
|
app:
|
|
image: ghcr.io/drytrix/timetracker:development
|
|
container_name: timetracker-app-remote-dev
|
|
environment:
|
|
- TZ=${TZ:-Europe/Brussels}
|
|
- CURRENCY=${CURRENCY:-EUR}
|
|
- ROUNDING_MINUTES=${ROUNDING_MINUTES:-1}
|
|
- SINGLE_ACTIVE_TIMER=${SINGLE_ACTIVE_TIMER:-true}
|
|
- ALLOW_SELF_REGISTER=${ALLOW_SELF_REGISTER:-true}
|
|
- IDLE_TIMEOUT_MINUTES=${IDLE_TIMEOUT_MINUTES:-30}
|
|
- ADMIN_USERNAMES=${ADMIN_USERNAMES:-admin}
|
|
# IMPORTANT: Change SECRET_KEY in production! Used for sessions and CSRF tokens.
|
|
# Generate a secure key: python -c "import secrets; print(secrets.token_hex(32))"
|
|
#
|
|
# TROUBLESHOOTING: If forms fail with "CSRF token missing or invalid":
|
|
# 1. Verify SECRET_KEY is set and doesn't change between restarts
|
|
# 2. Check CSRF is enabled: WTF_CSRF_ENABLED=true
|
|
# 3. Ensure cookies are enabled in your browser
|
|
# 4. If behind a reverse proxy, ensure it forwards cookies correctly
|
|
# 5. Check the token hasn't expired (increase WTF_CSRF_TIME_LIMIT if needed)
|
|
# For details: docs/CSRF_CONFIGURATION.md
|
|
- SECRET_KEY=${SECRET_KEY:-your-secret-key-change-this}
|
|
- DATABASE_URL=postgresql+psycopg2://timetracker:timetracker@db:5432/timetracker
|
|
- LOG_FILE=/app/logs/timetracker.log
|
|
# CSRF Protection (enabled by default for security)
|
|
- WTF_CSRF_ENABLED=${WTF_CSRF_ENABLED:-true}
|
|
- WTF_CSRF_TIME_LIMIT=${WTF_CSRF_TIME_LIMIT:-3600}
|
|
# Enable secure cookies for HTTPS deployments
|
|
- SESSION_COOKIE_SECURE=${SESSION_COOKIE_SECURE:-true}
|
|
- REMEMBER_COOKIE_SECURE=${REMEMBER_COOKIE_SECURE:-true}
|
|
ports:
|
|
- "8080:8080"
|
|
volumes:
|
|
- app_data_remote_dev:/data
|
|
- app_uploads_remote_dev:/app/app/static/uploads
|
|
- ./logs:/app/logs
|
|
depends_on:
|
|
db:
|
|
condition: service_healthy
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: ["CMD", "curl", "-f", "-s", "-o", "/dev/null", "http://localhost:8080/_health"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 40s
|
|
|
|
db:
|
|
image: postgres:16-alpine
|
|
container_name: timetracker-db-remote-dev
|
|
environment:
|
|
- POSTGRES_DB=${POSTGRES_DB:-timetracker}
|
|
- POSTGRES_USER=${POSTGRES_USER:-timetracker}
|
|
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-timetracker}
|
|
- TZ=${TZ:-Europe/Brussels}
|
|
volumes:
|
|
- db_data_remote_dev:/var/lib/postgresql/data
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 5
|
|
start_period: 30s
|
|
restart: unless-stopped
|
|
|
|
volumes:
|
|
app_data_remote_dev:
|
|
driver: local
|
|
app_uploads_remote_dev:
|
|
driver: local
|
|
db_data_remote_dev:
|
|
driver: local
|
|
|
|
|