dennii/Termix
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases 22 Wiki Activity

dev-1.7.0 #294

Merged
ZacharyZcR merged 73 commits from main into dev-1.7.0 2025-09-25 04:56:32 +00:00
Conversation 2 Commits 73 Files Changed 83
+66 -2
2 changed files with 66 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 27da06d72f - Show all commits
docker/.env.example
+52
View File
@@ -0,0 +1,52 @@
# Termix Docker Environment Configuration Example
#
# IMPORTANT: This file shows available environment variables.
# For most users, you DON'T need to create a .env file.
# Termix will auto-generate secure keys on first startup.
#
# Copy this file to .env ONLY if you need custom configuration:
# cp docker/.env.example docker/.env
# ===== BASIC CONFIGURATION =====
PORT=8080
NODE_ENV=production
# ===== SSL/HTTPS CONFIGURATION =====
ENABLE_SSL=false
SSL_PORT=8443
SSL_DOMAIN=localhost
SSL_CERT_PATH=/app/ssl/termix.crt
SSL_KEY_PATH=/app/ssl/termix.key
# ===== SECURITY KEYS =====
# WARNING: Only set these if you need specific keys for multi-instance deployment
# For single instance deployment, leave these EMPTY - Termix will auto-generate
# secure random keys and persist them in Docker volumes.
#
# If you DO set these, generate them with: openssl rand -hex 32
JWT_SECRET=
DATABASE_KEY=
INTERNAL_AUTH_TOKEN=
# ===== DATABASE CONFIGURATION =====
DATABASE_ENCRYPTION=true
# ===== CORS CONFIGURATION =====
ALLOWED_ORIGINS=*
gemini-code-assist[bot] commented 2025-09-23 19:31:37 +00:00 (Migrated from github.com)
Review
Copy Link
Copy Source

high

Using * for ALLOWED_ORIGINS is insecure and should be avoided in production as it allows any website to make requests to your Termix instance. This can lead to security vulnerabilities like Cross-Site Request Forgery (CSRF). It would be better to provide a more secure default example, such as ALLOWED_ORIGINS=http://localhost:5173,https://your-termix-domain.com, and add a strong warning in the comments about the risks of using a wildcard.

![high](https://www.gstatic.com/codereviewagent/high-priority.svg) Using `*` for `ALLOWED_ORIGINS` is insecure and should be avoided in production as it allows any website to make requests to your Termix instance. This can lead to security vulnerabilities like Cross-Site Request Forgery (CSRF). It would be better to provide a more secure default example, such as `ALLOWED_ORIGINS=http://localhost:5173,https://your-termix-domain.com`, and add a strong warning in the comments about the risks of using a wildcard.
# ===== DEPLOYMENT NOTES =====
#
# Single Instance (Recommended):
# - Don't create .env file - let Termix auto-generate keys
# - Keys are automatically persisted in Docker volumes
# - Secure and maintenance-free
#
# Multi-Instance Cluster:
# - Set identical JWT_SECRET, DATABASE_KEY, INTERNAL_AUTH_TOKEN across all instances
# - Use shared storage for /app/data and /app/config volumes
# - Ensure all instances can access the same encryption keys
#
# Security Best Practices:
# - Never commit .env files to version control
# - Use Docker secrets in production environments
# - Regularly rotate keys (requires data migration)
docker/docker-compose.yml
+14 -2
View File
@@ -1,3 +1,12 @@
# Termix Docker Compose Configuration
#
# QUICK START: Just run "docker-compose up -d"
# - Security keys are auto-generated on first startup
# - Keys are persisted in Docker volumes (survive container restarts)
# - No manual .env file needed for single-instance deployment
#
# See docker/.env.example for advanced configuration options
services: services:
termix: termix:
build: build:
@@ -12,7 +21,7 @@ services:
- "${SSL_PORT:-8443}:8443" - "${SSL_PORT:-8443}:8443"
volumes: volumes:
- termix-data:/app/data - termix-data:/app/data
- termix-config:/app/config - termix-config:/app/config # Auto-generated .env keys are persisted here
# Optional: Mount custom SSL certificates # Optional: Mount custom SSL certificates
# - ./ssl:/app/ssl:ro # - ./ssl:/app/ssl:ro
environment: environment:
@@ -27,9 +36,12 @@ services:
- SSL_CERT_PATH=${SSL_CERT_PATH:-/app/ssl/termix.crt} - SSL_CERT_PATH=${SSL_CERT_PATH:-/app/ssl/termix.crt}
- SSL_KEY_PATH=${SSL_KEY_PATH:-/app/ssl/termix.key} - SSL_KEY_PATH=${SSL_KEY_PATH:-/app/ssl/termix.key}
# Security keys (set these for production) # Security keys (auto-generated if not provided)
# Leave empty to auto-generate secure random keys on first startup
# Set values only if you need specific keys for multi-instance deployment
- JWT_SECRET=${JWT_SECRET:-} - JWT_SECRET=${JWT_SECRET:-}
- DATABASE_KEY=${DATABASE_KEY:-} - DATABASE_KEY=${DATABASE_KEY:-}
- INTERNAL_AUTH_TOKEN=${INTERNAL_AUTH_TOKEN:-}
# Database configuration # Database configuration
- DATABASE_ENCRYPTION=${DATABASE_ENCRYPTION:-true} - DATABASE_ENCRYPTION=${DATABASE_ENCRYPTION:-true}
1