olivier
af2a01b169
Permet de restreindre l'écoute à l'interface réseau exposée au reverse-proxy, sans toucher aux interfaces non concernées (ex. loopback, interfaces LAN). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
60 lines
3.2 KiB
Bash
60 lines
3.2 KiB
Bash
# Stupid Simple Network Inventory — environment variables
|
|
# Copy this file to .env and fill in the values.
|
|
# NEVER commit .env to version control.
|
|
|
|
# ── JWT Secret ───────────────────────────────────────────────────────���──────
|
|
# Required in production. If unset, a random key is auto-generated and stored
|
|
# in db_data/secret_key.txt (0600 permissions). All sessions are invalidated
|
|
# when this key changes (key rotation).
|
|
#
|
|
# Generate a strong secret:
|
|
# python3 -c "import secrets; print(secrets.token_hex(32))"
|
|
# Or use a Docker secret (recommended for production).
|
|
SECRET_KEY=
|
|
|
|
# ── Initial admin password ──────────────────────────────────────────────────
|
|
# Set this before the first run to bypass the admin/admin bootstrap.
|
|
# When set: admin is created with this password and must_change_password=0.
|
|
# When unset: admin is created with password "admin" and must_change_password=1
|
|
# (forced password change on first login).
|
|
#
|
|
# This variable is only read when the users table is empty (first run).
|
|
# It has no effect on subsequent starts.
|
|
INITIAL_ADMIN_PASSWORD=
|
|
|
|
# ── CORS allowed origins ─────────────────────────────────────────────────────
|
|
# Comma-separated list of allowed origins, or "*" for all (default).
|
|
# The app is designed for same-origin access via the Nginx reverse proxy.
|
|
# Restrict this if you expose the API to multiple origins.
|
|
#
|
|
# Examples:
|
|
# ALLOWED_ORIGINS=* (default — permissive)
|
|
# ALLOWED_ORIGINS=https://inventory.example.com
|
|
# ALLOWED_ORIGINS=https://a.example.com,https://b.example.com
|
|
# ALLOWED_ORIGINS= (empty — disables CORS headers)
|
|
ALLOWED_ORIGINS=*
|
|
|
|
# ── Bind address ─────────────────────────────────────────────────────────────
|
|
# IP address the application listens on (port 8080).
|
|
# Default: 0.0.0.0 (all interfaces).
|
|
# Set to the IP of the interface facing the reverse proxy when the reverse proxy
|
|
# runs on a separate machine — avoids exposing the app on unintended interfaces.
|
|
#
|
|
# Examples:
|
|
# BIND_ADDRESS=0.0.0.0 (default — all interfaces)
|
|
# BIND_ADDRESS=192.168.1.10 (LAN interface only)
|
|
# BIND_ADDRESS=127.0.0.1 (loopback — reverse proxy on the same host)
|
|
BIND_ADDRESS=0.0.0.0
|
|
|
|
# ── Container user IDs ───────────────────────────────────────────────────────
|
|
# UID and GID used to run the backend process inside the container.
|
|
# Must match the host user owning ./db_data/ to allow read/write on the
|
|
# bind-mounted volume without root privileges.
|
|
#
|
|
# Get your values: id -u && id -g
|
|
# Then create the data directory before the first run:
|
|
# mkdir -p db_data
|
|
#
|
|
DOCKER_UID=1000
|
|
DOCKER_GID=1000
|