Nautilus/ledgerdock
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Serve production frontend via Nginx static build

Browse Source
This commit is contained in:
Beda Schmid
2026-03-02 15:50:34 -03:00
parent b5b74845f2
commit d50169b883
8 changed files with 45 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
doc/operations-and-configuration.md
View File

@@ -86,7 +86,7 @@ Use `.env.example` as baseline. The table below documents user-managed settings
| `APP_ENV` | `development` | `production` |
| `HOST_BIND_IP` | `127.0.0.1` or local LAN bind if needed | `127.0.0.1` (publish behind proxy only) |
| `PUBLIC_BASE_URL` | `http://localhost:8000` | `https://api.example.com` |
| `VITE_API_BASE` | empty for host-derived `http://<frontend-host>:8000/api/v1`, or explicit local URL | `https://api.example.com/api/v1` |
| `VITE_API_BASE` | empty for host-derived `http://<frontend-host>:8000/api/v1`, or explicit local URL | `https://api.example.com/api/v1` (build-time value for production frontend image) |
| `VITE_ALLOWED_HOSTS` | optional comma-separated hostnames, for example `localhost,docs.lan` | optional comma-separated public frontend hostnames, for example `app.example.com` |
| `CORS_ORIGINS` | `["http://localhost:5173","http://localhost:3000"]` | exact frontend origins only, for example `["https://app.example.com"]` |
| `REDIS_URL` | `redis://:<password>@redis:6379/0` in isolated local network | `rediss://:<password>@redis.internal:6379/0` |
@@ -139,13 +139,14 @@ Recommended LIVE pattern:
## Frontend Runtime
- Frontend no longer consumes `VITE_API_TOKEN`.
- Frontend startup mode is environment-driven:
- `APP_ENV=development` runs `vite dev`
- `APP_ENV=production` runs `vite build` then `vite preview`
- Frontend image target is environment-driven:
- `APP_ENV=development` builds the `development` target and runs Vite dev server
- `APP_ENV=production` builds the `production` target and serves static assets through Nginx
- Frontend Docker targets are selected from `APP_ENV`, so use `development` or `production` values.
- Vite dev server host allowlist uses the union of:
- hostnames extracted from `CORS_ORIGINS`
- optional explicit hostnames from `VITE_ALLOWED_HOSTS`
- The same host allowlist policy is applied to both Vite `server` and `preview`.
- `VITE_ALLOWED_HOSTS` only affects development mode where Vite is running.
- Session authentication is cookie-based; browser reloads and new tabs can reuse an active session until it expires or is revoked.
- Protected media and file download flows still use authenticated fetch plus blob/object URL handling.