diff --git a/Dockerfile b/Dockerfile index c2acc781..777f7443 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,11 +27,12 @@ RUN mkdir -p /opt/built && mix release --path /opt/built FROM alpine:3.10 AS app ENV LANG=C.UTF-8 \ - SRTM_CACHE=/opt/app/.srtm_cache + SRTM_CACHE=/opt/app/.srtm_cache \ + HOME=/opt/app RUN apk add --update --no-cache bash openssl tzdata -WORKDIR /opt/app +WORKDIR $HOME COPY --chown=nobody entrypoint.sh / COPY --from=builder --chown=nobody /opt/built . diff --git a/README.md b/README.md index d15043a8..d9bce764 100644 --- a/README.md +++ b/README.md @@ -149,24 +149,25 @@ TeslaMate uses environment variables for runtime configuration. ### Environment Variables -| Variable Name | Description | Default Value | -| ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------ | ------------- | -| DATABASE_USER | Username (**required**) | / | -| DATABASE_PASS | User password (**required**) | / | -| DATABASE_NAME | The database to connect to (**required**) | / | -| DATABASE_HOST | Hostname of the database server (**required**) | / | -| DATABASE_PORT | Port of the database server | 5432 | -| DATABASE_POOL_SIZE | Size of the database connection pool | 5 | -| VIRTUAL_HOST | Host part used for generating URLs throughout the app | localhost | -| PORT | Port where the web interface is exposed | 4000 | -| DISABLE_MQTT | Disables the MQTT feature if `true` | false | -| MQTT_HOST | Hostname of the broker (**required** unless DISABLE_MQTT is `true`) | / | -| MQTT_USERNAME | Username _(optional)_ | / | -| MQTT_PASSWORD | Password _(optional)_ | / | -| MQTT_TLS | Enables TLS if `true` _(optional)_ | false | -| MQTT_TLS_ACCEPT_INVALID_CERTS | Accepts invalid certificates if `true` _(optional)_ | false | -| LOCALE | The default locale for the web interface and addresses. Currently available: `en` (default) and `de` | en | -| TZ | Used to establish the local time zone. See [List of tz database time zones](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). | / | +| Variable Name | Description | Default Value | +| ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------- | +| DATABASE_USER | Username (**required**) | / | +| DATABASE_PASS | User password (**required**) | / | +| DATABASE_NAME | The database to connect to (**required**) | / | +| DATABASE_HOST | Hostname of the database server (**required**) | / | +| DATABASE_PORT | Port of the database server | 5432 | +| DATABASE_POOL_SIZE | Size of the database connection pool | 5 | +| VIRTUAL_HOST | Host part used for generating URLs throughout the app | localhost | +| CHECK_ORIGIN | Configures whether to check the origin header or not _(optional)_. May be `true` (default), `false` or a comma-separated list of hosts that are allowed (e.g. `https://example.com,//another.com:888`). Hosts also support wildcards. It defaults to true and, in such case, it will check against the host value in `VIRTUAL_HOST`. | true | +| PORT | Port where the web interface is exposed | 4000 | +| DISABLE_MQTT | Disables the MQTT feature if `true` | false | +| MQTT_HOST | Hostname of the broker (**required** unless DISABLE_MQTT is `true`) | / | +| MQTT_USERNAME | Username _(optional)_ | / | +| MQTT_PASSWORD | Password _(optional)_ | / | +| MQTT_TLS | Enables TLS if `true` _(optional)_ | false | +| MQTT_TLS_ACCEPT_INVALID_CERTS | Accepts invalid certificates if `true` _(optional)_ | false | +| LOCALE | The default locale for the web interface and addresses. Currently available: `en` (default) and `de` | en | +| TZ | Used to establish the local time zone. See [List of tz database time zones](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). | / | ## Upgrading diff --git a/config/releases.exs b/config/releases.exs index f5e87212..ee1f8581 100644 --- a/config/releases.exs +++ b/config/releases.exs @@ -7,7 +7,12 @@ defmodule Util do def validate_locale!("en"), do: "en" def validate_locale!("de"), do: "de" - def validate_locale!(lang), do: raise("Unsopported locale #{inspect(lang)}") + def validate_locale!(lang), do: raise("Unsopported locale: #{inspect(lang)}") + + def parse_check_origin!("true"), do: true + def parse_check_origin!("false"), do: false + def parse_check_origin!(hosts) when is_binary(hosts), do: String.split(hosts, ",") + def parse_check_origin!(hosts), do: raise("Invalid check_origin option: #{inspect(hosts)}") end config :gettext, @@ -26,7 +31,8 @@ config :teslamate, TeslaMateWeb.Endpoint, http: [:inet6, port: System.get_env("PORT", "4000")], url: [host: System.get_env("VIRTUAL_HOST", "localhost"), port: 80], secret_key_base: System.get_env("SECRET_KEY_BASE", Util.random_encoded_bytes()), - live_view: [signing_salt: System.get_env("SIGNING_SALT", Util.random_encoded_bytes())] + live_view: [signing_salt: System.get_env("SIGNING_SALT", Util.random_encoded_bytes())], + check_origin: System.get_env("CHECK_ORIGIN", "true") |> Util.parse_check_origin!() if System.get_env("DISABLE_MQTT") != "true" do config :teslamate, :mqtt,