docs: add references to PUB_DISABLE_ALL_EXTERNAL_REQUESTS

2025-10-19 18:23:49 +01:00 · 2025-10-19 18:23:49 +01:00 · c51acba26f
parent 9bae3620ce
commit c51acba26f
5 changed files with 76 additions and 63 deletions
--- a/.env.example
+++ b/.env.example
@ -2,6 +2,7 @@ PUB_HOSTNAME=localhost:5173 # only gets used for plausible (for now)
 PUB_PLAUSIBLE_URL=https://plausible.example.com # can be empty
 PUB_ENV=development # "production", "development", or "nightly"
 PUB_VERTD_URL=https://vertd.vert.sh # default vertd instance
 DISABLE_ALL_EXTERNAL_REQUESTS=false # disables vertd, stripe, plausible, etc. use if your boss complains about privacy
 # please do not change these. donations help a lot
 PUB_DONATION_URL=https://donations.vert.sh
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@ -1,67 +1,68 @@
 name: Docker Image CI
 on:
-  push:
+    push:
-    branches: [ "main" ]
+        branches: ["main"]
-    tags: [ 'v*' ]
+        tags: ["v*"]
-    paths:
+        paths:
-      - 'src/**'
+            - "src/**"
-      - 'static/**'
+            - "static/**"
-  pull_request:
+    pull_request:
-    branches: [ "main" ]
+        branches: ["main"]
-    paths:
+        paths:
-      - 'src/**'
+            - "src/**"
-      - 'static/**'
+            - "static/**"
-  workflow_dispatch:
+    workflow_dispatch:
 jobs:
-  build-and-push:
+    build-and-push:
-    runs-on: ubuntu-latest
+        runs-on: ubuntu-latest
-    permissions:
+        permissions:
-      contents: read
+            contents: read
-      packages: write
+            packages: write
-    steps:
+        steps:
-    - uses: actions/checkout@v4
+            - uses: actions/checkout@v4
-    - name: Set up Docker Buildx
+            - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
+              uses: docker/setup-buildx-action@v3
-    - name: Login to GitHub Container Registry
+            - name: Login to GitHub Container Registry
-      if: github.event_name != 'pull_request'
+              if: github.event_name != 'pull_request'
-      uses: docker/login-action@v3
+              uses: docker/login-action@v3
-      with:
+              with:
-        registry: ghcr.io
+                  registry: ghcr.io
-        username: ${{ github.actor }}
+                  username: ${{ github.actor }}
-        password: ${{ secrets.GITHUB_TOKEN }}
+                  password: ${{ secrets.GITHUB_TOKEN }}
-    - name: Extract metadata
+            - name: Extract metadata
-      id: meta
+              id: meta
-      uses: docker/metadata-action@v5
+              uses: docker/metadata-action@v5
-      with:
+              with:
-        images: ghcr.io/${{ github.repository }}
+                  images: ghcr.io/${{ github.repository }}
-        tags: |
+                  tags: |
-          type=ref,event=branch
+                      type=ref,event=branch
-          type=ref,event=pr
+                      type=ref,event=pr
-          type=semver,pattern={{version}}
+                      type=semver,pattern={{version}}
-          type=semver,pattern={{major}}.{{minor}}
+                      type=semver,pattern={{major}}.{{minor}}
-          type=sha,format=short
+                      type=sha,format=short
-          type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
+                      type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
-    - name: Build and push
+            - name: Build and push
-      uses: docker/build-push-action@v5
+              uses: docker/build-push-action@v5
-      with:
+              with:
-        context: .
+                  context: .
-        push: ${{ github.event_name != 'pull_request' }}
+                  push: ${{ github.event_name != 'pull_request' }}
-        platforms: linux/amd64,linux/arm64
+                  platforms: linux/amd64,linux/arm64
-        tags: ${{ steps.meta.outputs.tags }}
+                  tags: ${{ steps.meta.outputs.tags }}
-        labels: ${{ steps.meta.outputs.labels }}
+                  labels: ${{ steps.meta.outputs.labels }}
-        cache-from: type=gha
+                  cache-from: type=gha
-        cache-to: type=gha,mode=max
+                  cache-to: type=gha,mode=max
-        build-args: |
+                  build-args: |
-          PUB_ENV=production
+                      PUB_ENV=production
-          PUB_HOSTNAME=${{ vars.PUB_HOSTNAME || '' }}
+                      PUB_HOSTNAME=${{ vars.PUB_HOSTNAME || '' }}
-          PUB_PLAUSIBLE_URL=${{ vars.PUB_PLAUSIBLE_URL || '' }}
+                      PUB_PLAUSIBLE_URL=${{ vars.PUB_PLAUSIBLE_URL || '' }}
-          PUB_VERTD_URL=https://vertd.vert.sh
+                      PUB_VERTD_URL=https://vertd.vert.sh
-          PUB_DONATION_URL=https://donations.vert.sh
+                      PUB_DISABLE_ALL_EXTERNAL_REQUESTS=false
-          PUB_STRIPE_KEY=pk_live_51RDVmAGSxPVad6bQwzVNnbc28nlmzA30krLWk1fefCMpUPiSRPkavMMbGqa8A3lUaOCMlsUEVy2CWDYg0ip3aPpL00ZJlsMkf2
+                      PUB_DONATION_URL=https://donations.vert.sh
                      PUB_STRIPE_KEY=pk_live_51RDVmAGSxPVad6bQwzVNnbc28nlmzA30krLWk1fefCMpUPiSRPkavMMbGqa8A3lUaOCMlsUEVy2CWDYg0ip3aPpL00ZJlsMkf2
--- a/4
+++ b/4
@ -6,6 +6,7 @@ ARG PUB_ENV
 ARG PUB_HOSTNAME
 ARG PUB_PLAUSIBLE_URL
 ARG PUB_VERTD_URL
 ARG PUB_DISABLE_ALL_EXTERNAL_REQUESTS
 ARG PUB_DONATION_URL
 ARG PUB_STRIPE_KEY
@ -13,6 +14,7 @@ ENV PUB_ENV=${PUB_ENV}
 ENV PUB_HOSTNAME=${PUB_HOSTNAME}
 ENV PUB_PLAUSIBLE_URL=${PUB_PLAUSIBLE_URL}
 ENV PUB_VERTD_URL=${PUB_VERTD_URL}
 ENV PUB_DISABLE_ALL_EXTERNAL_REQUESTS=${PUB_DISABLE_ALL_EXTERNAL_REQUESTS}
 ENV PUB_DONATION_URL=${PUB_DONATION_URL}
 ENV PUB_STRIPE_KEY=${PUB_STRIPE_KEY}
@ -33,4 +35,4 @@ COPY ./nginx/default.conf /etc/nginx/conf.d/default.conf
 COPY --from=builder /app/build /usr/share/nginx/html
 HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
-    CMD curl --fail --silent --output /dev/null http://localhost || exit 1
+	CMD curl --fail --silent --output /dev/null http://localhost || exit 1
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -8,6 +8,7 @@ services:
        PUB_HOSTNAME: ${PUB_HOSTNAME:-localhost:5173}
        PUB_PLAUSIBLE_URL: ${PUB_PLAUSIBLE_URL:-}
        PUB_ENV: ${PUB_ENV:-production}
        PUB_DISABLE_ALL_EXTERNAL_REQUESTS: ${DISABLE_ALL_EXTERNAL_REQUESTS:-false}
        PUB_VERTD_URL: ${PUB_VERTD_URL:-}
        PUB_DONATION_URL: ${PUB_DONATION_URL:-https://donations.vert.sh}
        PUB_STRIPE_KEY: ${PUB_STRIPE_KEY:-pk_live_51RDVmAGSxPVad6bQwzVNnbc28nlmzA30krLWk1fefCMpUPiSRPkavMMbGqa8A3lUaOCMlsUEVy2CWDYg0ip3aPpL00ZJlsMkf2}
--- a/docs/DOCKER.md
+++ b/docs/DOCKER.md
@ -6,13 +6,16 @@ This file covers how to run VERT under a Docker container.
 - [Using an image from the GitHub Container Registry](#using-an-image-from-the-github-container-registry)
 ### Manually building the image
 First, clone the repository:
 ```shell
 $ git clone https://github.com/VERT-sh/VERT
 $ cd VERT/
 ```
 Then build a Docker image with:
 ```shell
 $ docker build -t vert-sh/vert \
    --build-arg PUB_ENV=production \
@ -20,10 +23,12 @@ $ docker build -t vert-sh/vert \
    --build-arg PUB_PLAUSIBLE_URL=https://plausible.example.com \
    --build-arg PUB_VERTD_URL=https://vertd.vert.sh \
    --build-arg PUB_DONATION_URL=https://donations.vert.sh \
 	--build-arg PUB_DISABLE_ALL_EXTERNAL_REQUESTS=false
    --build-arg PUB_STRIPE_KEY="" .
 ```
 You can then run it by using:
 ```shell
 $ docker run -d \
    --restart unless-stopped \
@ -33,6 +38,7 @@ $ docker run -d \
 ```
 This will do the following:
 - Use the previously built image as the container `vert`, in detached mode
 - Continuously restart the container until manually stopped
 - Map `3000/tcp` (host) to `80/tcp` (container)
@ -40,7 +46,9 @@ This will do the following:
 We also have a [`docker-compose.yml`](/docker-compose.yml) file available. Use `docker compose up` if you want to start the stack, or `docker compose down` to bring it down. You can pass `--build` to `docker compose up` to rebuild the Docker image (useful if you've changed any of the environment variables) as well as `-d` to start it in detached mode. You can read more about Docker Compose in general [here](https://docs.docker.com/compose/intro/compose-application-model/).
 ### Using an image from the GitHub Container Registry
 While there's an image you can pull instead of cloning the repo and building the image yourself, you will not be able to update any of the environment variables (e.g. `PUB_PLAUSIBLE_URL`) as they're baked directly into the image and not obtained during runtime. If you're okay with this, you can simply run this command instead:
 ```shell
 $ docker run -d \
    --restart unless-stopped \