Add deployment-safe backend config and production-safe CORS defaults

2026-04-06 20:47:31 +02:00
parent 1a7096b276
commit c2982116a8
4 changed files with 52 additions and 9 deletions
--- a/backend/.env.example
+++ b/backend/.env.example
@@ -8,6 +8,12 @@ BANGUI_DATABASE_PATH=bangui.db
 # Path to the fail2ban Unix domain socket.
 BANGUI_FAIL2BAN_SOCKET=/var/run/fail2ban/fail2ban.sock

+# Path to the fail2ban configuration directory used by the web UI.
+BANGUI_FAIL2BAN_CONFIG_DIR=/config/fail2ban
+
+# Shell command used to start fail2ban during recovery operations.
+BANGUI_FAIL2BAN_START_COMMAND=fail2ban-client start
+
 # Secret key used to sign session tokens. Use a long, random string.
 # Generate with: python -c "import secrets; print(secrets.token_hex(64))"
 BANGUI_SESSION_SECRET=replace-this-with-a-long-random-secret
@@ -23,4 +29,5 @@ BANGUI_LOG_LEVEL=info

 # Comma-separated list of allowed CORS origins when the frontend is served
 # from a different origin than the backend.
+# Leave this blank in production when the UI is served from the same origin.
 BANGUI_CORS_ALLOWED_ORIGINS=http://localhost:5173