diff --git a/.env.example b/.env.example index 3622c660c7..0cd016b0d3 100644 --- a/.env.example +++ b/.env.example @@ -40,10 +40,10 @@ DOMAIN_SERVER=http://localhost:3080 ADMIN_PANEL_URL= # Session encryption key for the bundled admin panel (min 32 characters). -# The admin panel ships enabled in docker-compose/deploy-compose; the value -# below is a development default. Generate a unique one for production: +# Required when using the bundled admin panel in docker-compose/deploy-compose. +# Generate a unique value before starting the stack: # openssl rand -hex 32 -ADMIN_PANEL_SESSION_SECRET=0f7114d0b0b192b59fde7e3b730949b27d49a8717fa32ad3167d94c7684fede3 +ADMIN_PANEL_SESSION_SECRET= # Host port for the bundled admin panel (default docker-compose only). # In deploy-compose the panel is served at http://admin.localhost via nginx. diff --git a/deploy-compose.yml b/deploy-compose.yml index 77d6161a7d..a024d97259 100644 --- a/deploy-compose.yml +++ b/deploy-compose.yml @@ -48,7 +48,9 @@ services: restart: always environment: - PORT=3000 - - SESSION_SECRET=${ADMIN_PANEL_SESSION_SECRET:-${CREDS_KEY}} + # Plain expansion (not :?) so `docker compose down`/`pull` still run when this is unset. + # The panel itself refuses to start without it; set ADMIN_PANEL_SESSION_SECRET in .env. + - SESSION_SECRET=${ADMIN_PANEL_SESSION_SECRET} - API_SERVER_URL=http://api:3080 - VITE_API_BASE_URL=${DOMAIN_CLIENT:-http://localhost} - SESSION_COOKIE_SECURE=${ADMIN_PANEL_SESSION_COOKIE_SECURE:-false} diff --git a/docker-compose.yml b/docker-compose.yml index 1476231df6..0fada4bb69 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -45,7 +45,9 @@ services: restart: always environment: - PORT=3000 - - SESSION_SECRET=${ADMIN_PANEL_SESSION_SECRET:-${CREDS_KEY}} + # Plain expansion (not :?) so `docker compose down`/`pull` still run when this is unset. + # The panel itself refuses to start without it; set ADMIN_PANEL_SESSION_SECRET in .env. + - SESSION_SECRET=${ADMIN_PANEL_SESSION_SECRET} - API_SERVER_URL=http://api:${PORT:-3080} - VITE_API_BASE_URL=${DOMAIN_CLIENT:-http://localhost:3080} - SESSION_COOKIE_SECURE=${ADMIN_PANEL_SESSION_COOKIE_SECURE:-false}