gendesign/.env.example
lekss361 71cbdbe238 feat(security): GlitchTip forwarder для basic_auth 401 events (Phase 2 PR #426)
Добавляет sidecar glitchtip-auth-forwarder который tails Caddy access log,
фильтрует 401 события и шлёт их в GlitchTip через Sentry SDK.

- ops/glitchtip-auth-forwarder/forwarder.py: tail + throttle + atomic offset
- Caddy JSON schema верифицирован по реальному логу: status верхнеуровневое,
  request.headers["User-Agent"] — list, client_ip vs remote_ip
- Monitor UAs (GlitchTip uptime, SentryUptimeBot) фильтруются как individual events
- Storm throttle: >10/60s → один digest event типа basic_auth_storm
- docker-compose.prod.yml: caddy_logs volume в caddy + новый service + auth_forwarder_state
- docs/runbooks/basic_auth_management.md: runbook с GlitchTip секцией
2026-05-23 11:38:14 +03:00

20 lines
661 B
Text

# Variables read by docker-compose.yml at the project root.
# Copy to .env (chmod 600) and fill with real values.
# Generate a strong password with: openssl rand -base64 24 | tr -d '/+' | head -c 24
POSTGRES_DB=gendesign
POSTGRES_USER=gendesign
POSTGRES_PASSWORD=changeme
# For docker-compose.prod.yml only:
# YC_REGISTRY_ID=
# IMAGE_TAG=latest
# NEXT_PUBLIC_API_BASE_URL=https://your-domain.example.ru
# GlitchTip (errors.gendsgn.ru)
GLITCHTIP_DB_PASS=
GLITCHTIP_SECRET=
# DSN из GlitchTip UI → Project Settings → Client Keys.
# Используется backend Sentry SDK + glitchtip-auth-forwarder sidecar.
GLITCHTIP_DSN=
NEXT_PUBLIC_GLITCHTIP_DSN=