From 30631504f156c06ab1b50e14afa6189cf3fb37d9 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 1 Jul 2026 22:51:46 -0400 Subject: [PATCH] fix production domain --- .env.docker.production.example | 2 +- .env.docker.production.generated | 2 +- production/.env.docker.production.example | 2 +- production/docker-compose.production.yml | 10 ++++----- production/scripts/docker-prod-common.sh | 25 ++++++++++++++++------- 5 files changed, 26 insertions(+), 15 deletions(-) diff --git a/.env.docker.production.example b/.env.docker.production.example index bb050cb..d9a9d1e 100644 --- a/.env.docker.production.example +++ b/.env.docker.production.example @@ -1,5 +1,5 @@ # ── Traefik domains — used in docker-compose labels ────────────────────────── -ACME_EMAIL=ops@example.com +ACME_EMAIL=rentaldrivego@gmail.com API_DOMAIN=api.rentaldrivego.ma PUBLIC_SITE_DOMAIN=rentaldrivego.ma PGMANAGE_DOMAIN=pgmanage.rentaldrivego.ma diff --git a/.env.docker.production.generated b/.env.docker.production.generated index 43ae4ca..8ecfa49 100644 --- a/.env.docker.production.generated +++ b/.env.docker.production.generated @@ -1,5 +1,5 @@ # Traefik domains -ACME_EMAIL=ops@example.com +ACME_EMAIL=rentaldrivego@gmail.com API_DOMAIN=api.example.com PUBLIC_SITE_DOMAIN=example.com PGMANAGE_DOMAIN=pgmanage.example.com diff --git a/production/.env.docker.production.example b/production/.env.docker.production.example index 2db0a80..2c3327d 100644 --- a/production/.env.docker.production.example +++ b/production/.env.docker.production.example @@ -1,5 +1,5 @@ # Traefik domains -ACME_EMAIL=ops@example.com +ACME_EMAIL=rentaldrivego@gmail.com API_DOMAIN=api.rentaldrivego.ma PUBLIC_SITE_DOMAIN=rentaldrivego.ma PGMANAGE_DOMAIN=pgmanage.rentaldrivego.ma diff --git a/production/docker-compose.production.yml b/production/docker-compose.production.yml index ee5f7a7..a7111cd 100644 --- a/production/docker-compose.production.yml +++ b/production/docker-compose.production.yml @@ -123,7 +123,7 @@ services: restart: unless-stopped labels: - traefik.enable=true - - traefik.http.routers.api.rule=Host(`${API_DOMAIN}`) && !HeadersRegexp(`x-middleware-subrequest`, `.+`) + - traefik.http.routers.api.rule=Host(`${API_DOMAIN}`) && !HeaderRegexp(`x-middleware-subrequest`, `.+`) - traefik.http.routers.api.entrypoints=websecure - traefik.http.routers.api.tls=true - traefik.http.routers.api.tls.certresolver=letsencrypt @@ -171,7 +171,7 @@ services: restart: unless-stopped labels: - traefik.enable=true - - traefik.http.routers.homepage.rule=(Host(`${PUBLIC_SITE_DOMAIN}`) || Host(`www.${PUBLIC_SITE_DOMAIN}`)) && !HeadersRegexp(`x-middleware-subrequest`, `.+`) + - traefik.http.routers.homepage.rule=(Host(`${PUBLIC_SITE_DOMAIN}`) || Host(`www.${PUBLIC_SITE_DOMAIN}`)) && !HeaderRegexp(`x-middleware-subrequest`, `.+`) - traefik.http.routers.homepage.entrypoints=websecure - traefik.http.routers.homepage.tls=true - traefik.http.routers.homepage.tls.certresolver=letsencrypt @@ -215,7 +215,7 @@ services: restart: unless-stopped labels: - traefik.enable=true - - traefik.http.routers.storefront.rule=(Host(`${PUBLIC_SITE_DOMAIN}`) || Host(`www.${PUBLIC_SITE_DOMAIN}`)) && PathPrefix(`/explore`, `/renter`, `/sign-in`) + - traefik.http.routers.storefront.rule=(Host(`${PUBLIC_SITE_DOMAIN}`) || Host(`www.${PUBLIC_SITE_DOMAIN}`)) && (PathPrefix(`/explore`) || PathPrefix(`/renter`) || PathPrefix(`/sign-in`)) - traefik.http.routers.storefront.entrypoints=websecure - traefik.http.routers.storefront.tls=true - traefik.http.routers.storefront.tls.certresolver=letsencrypt @@ -259,7 +259,7 @@ services: restart: unless-stopped labels: - traefik.enable=true - - traefik.http.routers.dashboard.rule=(Host(`${PUBLIC_SITE_DOMAIN}`) || Host(`www.${PUBLIC_SITE_DOMAIN}`)) && PathPrefix(`/dashboard`) && !HeadersRegexp(`x-middleware-subrequest`, `.+`) + - traefik.http.routers.dashboard.rule=(Host(`${PUBLIC_SITE_DOMAIN}`) || Host(`www.${PUBLIC_SITE_DOMAIN}`)) && PathPrefix(`/dashboard`) && !HeaderRegexp(`x-middleware-subrequest`, `.+`) - traefik.http.routers.dashboard.entrypoints=websecure - traefik.http.routers.dashboard.tls=true - traefik.http.routers.dashboard.tls.certresolver=letsencrypt @@ -303,7 +303,7 @@ services: restart: unless-stopped labels: - traefik.enable=true - - traefik.http.routers.admin.rule=(Host(`${PUBLIC_SITE_DOMAIN}`) || Host(`www.${PUBLIC_SITE_DOMAIN}`)) && PathPrefix(`/admin`) && !HeadersRegexp(`x-middleware-subrequest`, `.+`) + - traefik.http.routers.admin.rule=(Host(`${PUBLIC_SITE_DOMAIN}`) || Host(`www.${PUBLIC_SITE_DOMAIN}`)) && PathPrefix(`/admin`) && !HeaderRegexp(`x-middleware-subrequest`, `.+`) - traefik.http.routers.admin.entrypoints=websecure - traefik.http.routers.admin.tls=true - traefik.http.routers.admin.tls.certresolver=letsencrypt diff --git a/production/scripts/docker-prod-common.sh b/production/scripts/docker-prod-common.sh index b44838b..7cc9bb6 100755 --- a/production/scripts/docker-prod-common.sh +++ b/production/scripts/docker-prod-common.sh @@ -10,6 +10,10 @@ PROJECT_NAME="${DOCKER_PROD_PROJECT_NAME:-rentaldrivego-prod}" TRAEFIK_NETWORK="${DOCKER_PROD_TRAEFIK_NETWORK:-traefik-proxy}" VOLUME_BACKUP_IMAGE="${DOCKER_VOLUME_BACKUP_IMAGE:-postgres:16-alpine}" API_UPLOADS_VOLUME="${DOCKER_PROD_API_UPLOADS_VOLUME:-${PROJECT_NAME}_api_uploads}" +DEFAULT_ACME_EMAIL="rentaldrivego@gmail.com" +DEFAULT_API_DOMAIN="api.rentaldrivego.ma" +DEFAULT_PUBLIC_SITE_DOMAIN="rentaldrivego.ma" +DEFAULT_CORS_ORIGINS="https://rentaldrivego.ma,https://www.rentaldrivego.ma" ensure_env_file() { if [[ ! -f "${ENV_FILE}" ]]; then @@ -71,6 +75,7 @@ load_prod_env_exports() { local key for key in \ + ACME_EMAIL \ APP_IMAGE \ APP_VERSION \ IMAGE_TAG \ @@ -86,8 +91,9 @@ load_prod_env_exports() { } validate_prod_env_file() { - local api_domain public_site_domain cors_origins postgres_password redis_password jwt_secret + local acme_email api_domain public_site_domain cors_origins postgres_password redis_password jwt_secret + acme_email="$(read_env_value ACME_EMAIL)" api_domain="$(read_env_value API_DOMAIN)" public_site_domain="$(read_env_value PUBLIC_SITE_DOMAIN)" cors_origins="$(read_env_value CORS_ORIGINS)" @@ -95,18 +101,23 @@ validate_prod_env_file() { redis_password="$(read_env_value REDIS_PASSWORD)" jwt_secret="$(read_env_value JWT_SECRET)" - if [[ -z "${api_domain}" || "${api_domain}" == *example.com* ]]; then - echo "Invalid API_DOMAIN in ${ENV_FILE}. Set it to the real production API hostname, not example.com." >&2 + if [[ "${acme_email}" != "${DEFAULT_ACME_EMAIL}" ]]; then + echo "Invalid ACME_EMAIL in ${ENV_FILE}. Set ACME_EMAIL=${DEFAULT_ACME_EMAIL} for Let's Encrypt." >&2 exit 1 fi - if [[ -z "${public_site_domain}" || "${public_site_domain}" == *example.com* ]]; then - echo "Invalid PUBLIC_SITE_DOMAIN in ${ENV_FILE}. Set it to the real production site hostname, not example.com." >&2 + if [[ "${api_domain}" != "${DEFAULT_API_DOMAIN}" ]]; then + echo "Invalid API_DOMAIN in ${ENV_FILE}. Set API_DOMAIN=${DEFAULT_API_DOMAIN}." >&2 exit 1 fi - if [[ -z "${cors_origins}" || "${cors_origins}" == *example.com* ]]; then - echo "Invalid CORS_ORIGINS in ${ENV_FILE}. Replace example.com origins with the real production domains." >&2 + if [[ "${public_site_domain}" != "${DEFAULT_PUBLIC_SITE_DOMAIN}" ]]; then + echo "Invalid PUBLIC_SITE_DOMAIN in ${ENV_FILE}. Set PUBLIC_SITE_DOMAIN=${DEFAULT_PUBLIC_SITE_DOMAIN}." >&2 + exit 1 + fi + + if [[ "${cors_origins}" != "${DEFAULT_CORS_ORIGINS}" ]]; then + echo "Invalid CORS_ORIGINS in ${ENV_FILE}. Set CORS_ORIGINS=${DEFAULT_CORS_ORIGINS}." >&2 exit 1 fi