r/mnemosyne
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(nginx): overhaul config with dynamic resolution and media serving
All checks were successful
CVE Scan & Docker Build / security-scan (push) Successful in 1m12s
Details
CVE Scan & Docker Build / build-and-push (push) Successful in 1m5s
Details

Browse Source 
- Add Docker DNS resolver to prevent stale upstream IPs after container restarts
- Preserve X-Forwarded-Proto from HAProxy for correct HTTPS detection
- Mount mnemosyne-media volume for direct /media/ serving
- Add IP allowlisting for probe/metrics endpoints (RFC1918 + loopback)
- Fix access_log inheritance so probe paths are properly suppressed
- Expand inline documentation covering routing model and conventions
This commit is contained in:
Robert Helewka
2026-05-04 07:41:15 -04:00
parent 003f958f7b
commit c9328c58fc
2 changed files with 188 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docker-compose.yaml
View File

@@ -270,6 +270,7 @@ services:
volumes:
- ./nginx/mnemosyne.conf:/etc/nginx/conf.d/default.conf:ro
- mnemosyne-static:/var/www/static:ro
- mnemosyne-media:/var/www/media:ro
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost/live/"]
interval: 30s