security: remove hardcoded secrets, add health endpoint, add security headers

This commit is contained in:
Gan, Jimmy
2026-02-20 22:04:01 +08:00
parent 7aec5976df
commit dd3e8e0d2c
5 changed files with 44 additions and 8 deletions
+3 -1
View File
@@ -34,6 +34,8 @@ services:
- SSH_USER=zjgump
- VPS_SSH_HOST=158.101.140.85
- VPS_SSH_USER=jimmyg
- SECRET_KEY=${SECRET_KEY}
- ADMIN_PASSWORD_HASH=${ADMIN_PASSWORD_HASH}
- TELEGRAM_BOT_TOKEN=${TELEGRAM_BOT_TOKEN:-}
- TELEGRAM_CHAT_ID=${TELEGRAM_CHAT_ID:-}
- TELEGRAM_PROXY=${TELEGRAM_PROXY:-}
@@ -42,7 +44,7 @@ services:
- /volume1/docker/nas-dashboard/ssh/dashboard_terminal:/app/ssh/id_ed25519:ro
- /volume1/docker/nas-dashboard/ssh/vps_terminal:/app/ssh/vps_id_ed25519:ro
healthcheck:
test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:4000/api/system/stats')"]
test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:4000/api/health')"]
interval: 30s
timeout: 5s
retries: 3