sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): harden Redis auth, restrict /metrics, document Gitea port fix
Some checks failed
CI / ruff (push) Successful in 10s
Details
CI / docs (push) Has been cancelled
Details
CI / deploy (push) Has been cancelled
Details
CI / validate (push) Has been cancelled
Details
CI / dependency-scanning (push) Has been cancelled
Details
CI / pytest (push) Has been cancelled
Details

Browse Source 
- Add Redis password via REDIS_PASSWORD env var (--requirepass flag)
- Update all REDIS_URL and REDIS_ADDR references to include password
- Restrict /metrics endpoint to localhost and Docker internal networks (403 for external requests)
- Document Gitea port 3000 localhost binding fix (must be applied manually on server)
- Add REDIS_PASSWORD to .env.example

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Samir Boulahtit
2026-03-04 23:15:15 +01:00
parent a7392de9f6
commit b68d542258
4 changed files with 60 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
docker-compose.yml
View File

@@ -21,7 +21,7 @@ services:
redis:
image: redis:7-alpine
restart: always
command: redis-server --maxmemory 100mb --maxmemory-policy allkeys-lru
command: redis-server --maxmemory 100mb --maxmemory-policy allkeys-lru --requirepass ${REDIS_PASSWORD:-changeme}
mem_limit: 128m
healthcheck:
test: ["CMD", "redis-cli", "ping"]
@@ -42,7 +42,7 @@ services:
environment:
DATABASE_URL: postgresql://orion_user:secure_password@db:5432/orion_db
JWT_SECRET_KEY: ${JWT_SECRET_KEY:-your-super-secret-key}
REDIS_URL: redis://redis:6379/0
REDIS_URL: redis://:${REDIS_PASSWORD:-changeme}@redis:6379/0
USE_CELERY: "true"
depends_on:
db:
@@ -73,7 +73,7 @@ services:
env_file: .env
environment:
DATABASE_URL: postgresql://orion_user:secure_password@db:5432/orion_db
REDIS_URL: redis://redis:6379/0
REDIS_URL: redis://:${REDIS_PASSWORD:-changeme}@redis:6379/0
depends_on:
db:
condition: service_healthy
@@ -101,7 +101,7 @@ services:
env_file: .env
environment:
DATABASE_URL: postgresql://orion_user:secure_password@db:5432/orion_db
REDIS_URL: redis://redis:6379/0
REDIS_URL: redis://:${REDIS_PASSWORD:-changeme}@redis:6379/0
depends_on:
db:
condition: service_healthy
@@ -123,7 +123,7 @@ services:
ports:
- "127.0.0.1:5555:5555"
environment:
REDIS_URL: redis://redis:6379/0
REDIS_URL: redis://:${REDIS_PASSWORD:-changeme}@redis:6379/0
FLOWER_BASIC_AUTH: ${FLOWER_USER:-admin}:${FLOWER_PASSWORD:-changeme}
depends_on:
redis:
@@ -238,7 +238,7 @@ services:
ports:
- "127.0.0.1:9121:9121"
environment:
REDIS_ADDR: redis://redis:6379
REDIS_ADDR: redis://:${REDIS_PASSWORD:-changeme}@redis:6379
depends_on:
redis:
condition: service_healthy