6db770b96b
- Add settings form with all config fields (Bot, Commission, Wallets, WireGuard) - POST handler writes .env file and restarts container via process.exit(0) - Secrets (ENCRYPTION_KEY, ADMIN_SECRET, GITEA_TOKEN, WG_PRIVATE_KEY, WG_PRESHARED_KEY) are never sent to browser - masked placeholders used instead - PRESERVE_KEYS enforced: secret keys cannot be overwritten via form - Values sanitized: newlines stripped before writing to .env - start.sh loads .env file before node to override Docker env_file cache - Extract shared escapeHtml utility to escape.js (used by 6 view files) - Update paymentWallets view to link to Settings page instead of .env - Add .env volume mount for settings panel read/write - Fix registerRoutes() not being called in index.js (bot menu buttons)
37 lines
1.1 KiB
YAML
37 lines
1.1 KiB
YAML
version: "3.3"
|
|
services:
|
|
telegram_shop_prod:
|
|
build:
|
|
context: .
|
|
dockerfile: ./Dockerfile
|
|
network: host
|
|
hostname: telegram_shop_prod
|
|
container_name: telegram_shop_prod
|
|
ports:
|
|
- "3001:3001"
|
|
restart: always
|
|
env_file:
|
|
- .env
|
|
volumes:
|
|
- ./db:/app/db/ # Синхронизация базы данных (persistence)
|
|
- ./uploads:/app/uploads/ # Uploaded product photos
|
|
- ./wg/start.sh:/app/start.sh # Монтируем start.sh (генерирует wg0.conf из env)
|
|
- ./.env:/app/.env:rw # Settings panel read/write
|
|
cap_add: # Минимальные привилегии, необходимые только для WireGuard
|
|
- NET_ADMIN
|
|
sysctls:
|
|
- net.ipv4.conf.all.src_valid_mark=1 # Необходимо для маршрутизации
|
|
dns:
|
|
- 8.8.8.8
|
|
- 1.1.1.1
|
|
mem_limit: 512m
|
|
cpus: "1.0"
|
|
healthcheck:
|
|
test: ["CMD", "curl", "-sf", "http://localhost:3001/health"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 60s
|
|
networks:
|
|
default:
|