yiekheng
ebccad2094
End-state: a single web service (Next.js dashboard) per deployment, no
side-by-side Flask UI. The image name 'cm-web' now points at the Next.js
build; the legacy 'cm-web-next' tag is no longer published.
Changes:
- Delete app/cm_web_view.py and the Flask docker/web/Dockerfile.
- Rename docker/web-next/ → docker/web/ (Next.js Dockerfile takes the
cm-web slot).
- docker-compose.yml: drop the web-view service. Rename web-next → web,
container ${CM_DEPLOY_NAME}-web-next → ${CM_DEPLOY_NAME}-web, image
cm-web-next → cm-web, named volume web-next-auth-data → web-auth-data.
transfer-bot's depends_on no longer references web-view (vestigial
startup ordering, never a runtime dependency).
- docker-compose.override.yml: same rename, dockerfile path updated.
- envs: drop CM_WEB_NEXT_HOST_PORT. Repurpose CM_WEB_HOST_PORT for the
Next.js port (8010 dev, 8011 rex, 8012 siong) — same numeric values
formerly held by CM_WEB_NEXT_HOST_PORT, so aaPanel routes don't move.
- scripts/dev.sh: drops web-view + web-next from up/reset-db/logs;
--remove-orphans still cleans up legacy containers from before cutover.
- scripts/publish.sh: drop the cm-web-next build target.
- tests/test_debug_enabled.py: drop app.cm_web_view from the helper
matrix (cm_api is now the only Flask entrypoint with _debug_enabled).
- AGENTS.md / README.md / docs/aapanel-hardening.md: rewrite Flask-era
references; add migration steps for existing stacks; update aaPanel
port references (8000/8001/8005 → 8010/8011/8012).
- .gitignore: add .env, .venv/, .playwright-mcp/, node_modules/, .next/
so 'git add -A' can't accidentally stage secrets or build artifacts.
Operator action required to upgrade an existing deployment:
1. .env: drop CM_WEB_NEXT_HOST_PORT line. Set CM_WEB_HOST_PORT to
what CM_WEB_NEXT_HOST_PORT was. Make sure CM_AUTH_SECRET is set.
2. aaPanel: if proxy_pass pointed at the legacy Flask port
(8000/8001/8005), switch it to the new one (8010/8011/8012).
3. Pull the new cm-web image (Next.js) and redeploy the stack. The
old ${CM_DEPLOY_NAME}-web-view and ${CM_DEPLOY_NAME}-web-next
containers will be replaced by a single ${CM_DEPLOY_NAME}-web.
Verified locally: docker-compose YAML parses; transfer-bot runtime is
unchanged (only depends_on tidied); 38-test python suite passes.
44 lines
1.1 KiB
Plaintext
44 lines
1.1 KiB
Plaintext
# siong deployment template. Copy to envs/siong/.env (which is gitignored) and
|
|
# fill in the real secrets for the siong environment, OR paste the variables
|
|
# directly into the Portainer stack environment.
|
|
|
|
# === Runtime ===
|
|
# Leave unset (or 'false') in production. Setting CM_DEBUG=true exposes the
|
|
# Werkzeug debugger and is RCE if the port is reachable.
|
|
CM_DEBUG=false
|
|
|
|
# === Deployment Identity ===
|
|
CM_DEPLOY_NAME=siong-cm
|
|
CM_WEB_HOST_PORT=8012
|
|
|
|
# === Docker Registry / Build ===
|
|
CM_IMAGE_PREFIX=gitea.04080616.xyz/yiekheng
|
|
DOCKER_IMAGE_TAG=latest
|
|
|
|
# === Telegram ===
|
|
TELEGRAM_BOT_TOKEN=
|
|
TELEGRAM_ALERT_CHAT_ID=
|
|
TELEGRAM_ALERT_BOT_TOKEN=
|
|
|
|
# === Database ===
|
|
DB_HOST=
|
|
DB_USER=
|
|
DB_PASSWORD=
|
|
DB_NAME=
|
|
DB_PORT=3306
|
|
DB_CONNECTION_TIMEOUT=8
|
|
DB_CONNECT_RETRIES=5
|
|
DB_CONNECT_RETRY_DELAY=2
|
|
|
|
# === Bot Config ===
|
|
CM_PREFIX_PATTERN=
|
|
CM_AGENT_ID=
|
|
CM_AGENT_PASSWORD=
|
|
CM_SECURITY_PIN=
|
|
CM_BOT_BASE_URL=
|
|
|
|
# === Auth (cm-web session signing) ===
|
|
# 64-character hex (32 bytes). Generate with: openssl rand -hex 32
|
|
# Rotating this secret invalidates all existing sessions (forces re-login).
|
|
CM_AUTH_SECRET=
|