@@ -7,28 +7,28 @@ services:
77 environment :
88 - DATABASE_URL=file:/app/prisma/dev.db
99 - PORT=8000
10- - NODE_ENV=development
11- - AUTH_MODE=${AUTH_MODE:-oidc_enforced }
10+ - NODE_ENV=production
11+ - AUTH_MODE=${AUTH_MODE:-local }
1212 # Keep disabled by default; only enable when a trusted proxy sanitizes forwarded headers.
1313 - TRUST_PROXY=false
1414 # Optional for single-instance deployments:
1515 # if unset, backend auto-generates and persists one in the volume.
1616 # Recommended to set explicitly for portability and multi-instance setups.
1717 - JWT_SECRET=${JWT_SECRET}
1818 - CSRF_SECRET=${CSRF_SECRET}
19- # Local OIDC settings for dev compose.
20- - OIDC_PROVIDER_NAME=Keycloak
21- # Browser-facing issuer URL.
22- - OIDC_ISSUER_URL=http://localhost:8080/realms/excalidash/
23- # Backend-only discovery URL on the shared container network.
24- - OIDC_DISCOVERY_URL=http://keycloak:8080/realms/excalidash/
25- - OIDC_CLIENT_ID=excalidash
26- # Local OIDC test secret; align with oidc/keycloak/realm-excalidash.json.
27- - OIDC_ID_TOKEN_SIGNED_RESPONSE_ALG=RS256
28- - OIDC_CLIENT_SECRET=excalidash-dev-secret
29- - OIDC_REDIRECT_URI=http://localhost:6767/api/auth/oidc/callback
30- - OIDC_SCOPES=openid profile email
31- - OIDC_ADMIN_GROUPS=admins
19+ # # Local OIDC settings for dev compose.
20+ # - OIDC_PROVIDER_NAME=Keycloak
21+ # # Browser-facing issuer URL.
22+ # - OIDC_ISSUER_URL=http://localhost:8080/realms/excalidash/
23+ # # Backend-only discovery URL on the shared container network.
24+ # - OIDC_DISCOVERY_URL=http://keycloak:8080/realms/excalidash/
25+ # - OIDC_CLIENT_ID=excalidash
26+ # # Local OIDC test secret; align with oidc/keycloak/realm-excalidash.json.
27+ # - OIDC_ID_TOKEN_SIGNED_RESPONSE_ALG=RS256
28+ # - OIDC_CLIENT_SECRET=excalidash-dev-secret
29+ # - OIDC_REDIRECT_URI=http://localhost:6767/api/auth/oidc/callback
30+ # - OIDC_SCOPES=openid profile email
31+ # - OIDC_ADMIN_GROUPS=admins
3232 volumes :
3333 - backend-data:/app/prisma
3434 networks :
0 commit comments