Scott.Idem/OSIT-AE-Docker-Env
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Scott.Idem:47fe502dc11b0ee7fc5f2e355b8babe1a613a60d
Branches Tags
Scott.Idem:master Scott.Idem:dev_cluster Scott.Idem:development Scott.Idem:development-old
...
compare: Scott.Idem:dev_cluster
Branches Tags
Scott.Idem:dev_cluster Scott.Idem:development Scott.Idem:master Scott.Idem:development-old

2 Commits
47fe502dc1 ... dev_cluste

Author SHA1 Message Date
Scott Idem
ef249b1745 Fix Bitbucket auth migration in deploy workflow 2026-06-09 08:32:57 -04:00
Scott Idem
6c6de37419 fix: restrict Dozzle to localhost-only binding 
Bind Dozzle to 127.0.0.1 to prevent exposure on external/LAN interfaces.
Previously bound to 0.0.0.0, allowing unauthenticated access to container
logs from any network-reachable host.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-29 14:02:48 -04:00
3 changed files with 17 additions and 2 deletions
Expand all files Collapse all files

2
README.md
View File

@@ -43,7 +43,7 @@ Create the base directory and clone this environment:
```bash
sudo mkdir -p /srv/env/aether
sudo chown -R $USER:$USER /srv/env/aether
git clone https://bitbucket.org/oneskyit/one-sky-it-container-environment.git /srv/env/aether/container_env
git clone git@bitbucket.org:oneskyit/one-sky-it-container-environment.git /srv/env/aether/container_env
```
### 3. Configure Environment Settings

15
deploy.sh
View File

@@ -16,6 +16,18 @@
set -euo pipefail
ensure_bitbucket_ssh_remote() {
local repo_path=$1
local remote_url
local remote_path
remote_url=$(git -C "$repo_path" remote get-url origin)
if [[ "$remote_url" =~ ^https://([^@/]+@)?bitbucket\.org/(.+)$ ]]; then
remote_path=${BASH_REMATCH[2]}
git -C "$repo_path" remote set-url origin "git@bitbucket.org:${remote_path}"
fi
}
ENV=${1:-}
if [ -z "$ENV" ]; then
echo "Usage: $0 <prod|test> [app_branch] [api_branch]"
@@ -55,14 +67,17 @@ echo ""
# --- Pull repos ---
echo "[1/4] Pulling container env..."
ensure_bitbucket_ssh_remote "$COMPOSE_DIR"
git -C "$COMPOSE_DIR" pull --ff-only
echo ""
echo "[2/4] Pulling app ($APP_BRANCH)..."
ensure_bitbucket_ssh_remote "$APP_DIR"
git -C "$APP_DIR" pull --ff-only origin "$APP_BRANCH"
echo ""
echo "[3/4] Pulling API ($API_BRANCH)..."
ensure_bitbucket_ssh_remote "$API_DIR"
git -C "$API_DIR" pull --ff-only origin "$API_BRANCH"
# --- Build and deploy ---

2
docker-compose.yml
View File

@@ -202,7 +202,7 @@ services:
volumes:
- /var/run/docker.sock:/var/run/docker.sock
ports:
- "${AE_DOZZLE_PORT:-8881}:8080"
- "127.0.0.1:${AE_DOZZLE_PORT:-8881}:8080"
restart: unless-stopped
logging:
driver: "json-file"