security updates
This commit is contained in:
@@ -1,13 +1,39 @@
|
||||
# Dev override: attach kong + edge functions to the external "dev_edge" network
|
||||
# so the shared Caddy and the dev frps can reach them by DNS name, and set the
|
||||
# dev tunnel base domain for the on-demand-TLS authorizer + frps auth plugin.
|
||||
#
|
||||
# COLLISION-PROOFING (alias-residual elimination):
|
||||
# * The dev service KEYS are now globally unique (kong-dev / functions-dev), so
|
||||
# the auto service-name alias on the Caddy-shared "dev_edge" network is the
|
||||
# UNIQUE *-dev name -- a bare logical name (kong/functions) can never resolve
|
||||
# to a dev container from Caddy.
|
||||
# * The bare names are re-exposed ONLY on the internal project "default" network
|
||||
# (which Caddy is NOT attached to) so every in-stack consumer that still uses
|
||||
# http://kong:8000 / http://functions:9000 (kong.yml, edge-fn source, studio /
|
||||
# functions env, vector) keeps resolving with zero changes.
|
||||
services:
|
||||
kong:
|
||||
networks: [default, dev_edge]
|
||||
functions:
|
||||
networks: [default, dev_edge]
|
||||
kong-dev:
|
||||
networks:
|
||||
default:
|
||||
aliases:
|
||||
- kong
|
||||
dev_edge:
|
||||
aliases:
|
||||
- kong-dev
|
||||
functions-dev:
|
||||
networks:
|
||||
default:
|
||||
aliases:
|
||||
- functions
|
||||
dev_edge:
|
||||
aliases:
|
||||
- functions-dev
|
||||
ask-delegation: {}
|
||||
environment:
|
||||
TUNNEL_BASE_DOMAIN: dev.linumiq.net
|
||||
networks:
|
||||
dev_edge:
|
||||
external: true
|
||||
# On-demand-TLS ask delegation network (shared with prod edge authorizer).
|
||||
ask-delegation:
|
||||
external: true
|
||||
|
||||
@@ -46,7 +46,7 @@ services:
|
||||
# Uncomment to use Big Query backend for analytics
|
||||
# NEXT_ANALYTICS_BACKEND_PROVIDER: bigquery
|
||||
|
||||
kong:
|
||||
kong-dev:
|
||||
container_name: supabase-dev-kong
|
||||
image: kong:2.8.1
|
||||
restart: unless-stopped
|
||||
@@ -62,7 +62,7 @@ services:
|
||||
KONG_DECLARATIVE_CONFIG: /home/kong/kong.yml
|
||||
# https://github.com/supabase/cli/issues/14
|
||||
KONG_DNS_ORDER: LAST,A,CNAME
|
||||
KONG_PLUGINS: request-transformer,cors,key-auth,acl,basic-auth
|
||||
KONG_PLUGINS: request-transformer,cors,key-auth,acl,basic-auth,request-termination
|
||||
KONG_NGINX_PROXY_PROXY_BUFFER_SIZE: 160k
|
||||
KONG_NGINX_PROXY_PROXY_BUFFERS: 64 160k
|
||||
SUPABASE_ANON_KEY: ${ANON_KEY}
|
||||
@@ -299,7 +299,7 @@ services:
|
||||
PG_META_DB_USER: supabase_admin
|
||||
PG_META_DB_PASSWORD: ${POSTGRES_PASSWORD}
|
||||
|
||||
functions:
|
||||
functions-dev:
|
||||
container_name: supabase-dev-edge-functions
|
||||
image: supabase/edge-runtime:v1.58.3
|
||||
restart: unless-stopped
|
||||
@@ -316,6 +316,7 @@ services:
|
||||
VERIFY_JWT: "${FUNCTIONS_VERIFY_JWT}"
|
||||
REDIS_URL: ${REDIS_URL}
|
||||
STRIPE_STUB_WEBHOOK_SECRET: ${STRIPE_STUB_WEBHOOK_SECRET}
|
||||
AUTH_WEBHOOK_SECRET: ${AUTH_WEBHOOK_SECRET}
|
||||
volumes:
|
||||
- ./volumes/functions:/home/deno/functions:Z
|
||||
command:
|
||||
|
||||
Reference in New Issue
Block a user