alexei.dolgolyov
4e23d2b054
This project ships for homelab use; downstream targets (Immich, Gitea,
...) sit on RFC1918 addresses which the SSRF guard blocks by default.
Setting the flag directly in compose — not via ${...} substitution —
avoids the Portainer gotcha where the stack-level "Environment variables"
panel is for compose-file substitutions only, not runtime container env.
Operators who want to run this on a public-facing box can drop the line.
28 lines
1.0 KiB
YAML
28 lines
1.0 KiB
YAML
services:
|
|
notify-bridge:
|
|
image: git.dolgolyov-family.by/alexei.dolgolyov/notify-bridge:latest
|
|
# For local builds instead of pulling from registry:
|
|
# build: .
|
|
container_name: notify-bridge
|
|
restart: unless-stopped
|
|
ports:
|
|
- "8420:8420"
|
|
volumes:
|
|
- notify-bridge-data:/data
|
|
environment:
|
|
- NOTIFY_BRIDGE_SECRET_KEY=${NOTIFY_BRIDGE_SECRET_KEY:?Set NOTIFY_BRIDGE_SECRET_KEY (min 32 chars)}
|
|
- NOTIFY_BRIDGE_CORS_ALLOWED_ORIGINS=${NOTIFY_BRIDGE_CORS_ALLOWED_ORIGINS:-*}
|
|
# Homelab target: allow outbound requests to RFC1918 / link-local addresses.
|
|
# The SSRF guard otherwise rejects 10.*/172.16.*/192.168.*/169.254.* hosts,
|
|
# which breaks tracking of Immich / Gitea / etc. running on the same LAN.
|
|
- NOTIFY_BRIDGE_ALLOW_PRIVATE_URLS=1
|
|
healthcheck:
|
|
test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:8420/api/health')"]
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|
|
start_period: 10s
|
|
|
|
volumes:
|
|
notify-bridge-data:
|