elpatron/Idle-Fantasy-Save-Viewer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Harden app for production behind nginx Proxy Manager.

Browse Source 
Remove path-based import, add rate limits and upload caps, security headers, proxy trust, bundled Chart.js, non-root Docker, and NPM deployment docs.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
elpatron
2026-06-19 16:23:27 +02:00
parent f2c564e69a
commit 58b9e0bb0a
8 changed files with 232 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Dockerfile
+12 -4
View File
@@ -4,18 +4,26 @@ WORKDIR /app
ENV PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1 \
DATA_DIR=/data
DATA_DIR=/data \
TRUST_PROXY=1 \
DISABLE_LOCAL_VIEWER=1 \
PREFERRED_URL_SCHEME=https \
MAX_UPLOAD_MB=10
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
COPY app.py db.py parser.py categories.py validation.py viewers.py ./
COPY app.py db.py parser.py categories.py validation.py viewers.py security.py ./
COPY templates/ templates/
COPY static/ static/
RUN mkdir -p /data/viewers /data/uploads
RUN mkdir -p /data/viewers /data/uploads \
&& useradd --create-home --uid 1000 --shell /usr/sbin/nologin appuser \
&& chown -R appuser:appuser /app /data
USER appuser
VOLUME ["/data"]
EXPOSE 5000
CMD ["gunicorn", "--bind", "0.0.0.0:5000", "--workers", "2", "--threads", "4", "app:app"]
CMD ["gunicorn", "--bind", "0.0.0.0:5000", "--workers", "2", "--threads", "4", "--timeout", "120", "app:app"]