From 8a21593d9afdcf621305e0a448d45e4da2e184d6 Mon Sep 17 00:00:00 2001 From: lapin Date: Fri, 24 Oct 2025 15:21:42 +0200 Subject: [PATCH 1/2] Update docker-compose.yml --- docker-compose.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 6dbf0620..6b299a0b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -27,12 +27,14 @@ services: socket: image: socketcluster/socketcluster:v17.4.0 + platform: linux/amd64 restart: unless-stopped ports: - "38000:8000" environment: SOCKETCLUSTER_WORKERS: 10 SOCKETCLUSTER_BROKERS: 10 + SOCKETCLUSTER_OPTIONS: '{"origins":"*:*"}' scheduler: image: fleetbase/fleetbase-api:latest From b9adb92fc13020bcd86fae9d6fae6e90ef36ac33 Mon Sep 17 00:00:00 2001 From: lapin Date: Tue, 28 Oct 2025 10:01:04 +0100 Subject: [PATCH 2/2] Add Docker socket configuration examples and platform compatibility MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit provides proper configuration examples for the SocketCluster WebSocket service and improves platform compatibility. Changes: - Platform: Add linux/amd64 platform specification for Apple Silicon compatibility - CORS: Remove hardcoded permissive origins and add secure configuration examples - Examples: Create docker-compose.override.yml.example with proper WebSocket origins The configuration now supports: - Development: localhost-only origins (http/https/ws/wss protocols) - Production: Domain-specific origins with WebSocket protocol support - Security: Prevents unauthorized cross-origin WebSocket connections Updated documentation explains how to configure WebSocket origins securely for different deployment environments. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- README.md | 14 ++++++++++++-- docker-compose.override.yml.example | 25 +++++++++++++++++++++++++ docker-compose.yml | 4 +++- 3 files changed, 40 insertions(+), 3 deletions(-) create mode 100644 docker-compose.override.yml.example diff --git a/README.md b/README.md index 35a429fa..30901980 100644 --- a/README.md +++ b/README.md @@ -125,10 +125,10 @@ Next copy this value to the `APP_KEY` environment variable in the application co **Routing:** Fleetbase ships with a default OSRM server hosted by `[router.project-osrm.org](https://router.project-osrm.org)` but you’re able to use your own or any other OSRM compatible server. You can modify this in the `console/environments` directory by modifying the .env file of the environment you’re deploying and setting the `OSRM_HOST` to the OSRM server for Fleetbase to use. -**Services:** There are a few environment variables which need to be set for Fleetbase to function with full features. If you’re deploying with docker then it’s easiest to just create a `docker-compose.override.yml` and supply the environment variables in this file. +**Services:** There are a few environment variables which need to be set for Fleetbase to function with full features. If you're deploying with docker then it's easiest to just create a `docker-compose.override.yml` and supply the environment variables in this file. ```yaml -version: “3.8” +version: "3.8" services: application: environment: @@ -141,8 +141,18 @@ services: TWILIO_SID: TWILIO_TOKEN: TWILIO_FROM: + + socket: + environment: + # IMPORTANT: Configure WebSocket origins for security + # Development (localhost only - include WebSocket protocols): + SOCKETCLUSTER_OPTIONS: '{"origins":"http://localhost:*,https://localhost:*,ws://localhost:*,wss://localhost:*"}' + # Production (replace with your actual domain): + # SOCKETCLUSTER_OPTIONS: '{"origins":"https://yourdomain.com:*,wss://yourdomain.com:*"}' ``` +**WebSocket Security:** The `SOCKETCLUSTER_OPTIONS` environment variable controls which domains can connect to the WebSocket server. Always restrict origins to your specific domains in production to prevent security vulnerabilities. + You can learn more about full installation, and configuration in the [official documentation](https://docs.fleetbase.io/getting-started/install). ## 🚀 Deploy on AWS in One Click diff --git a/docker-compose.override.yml.example b/docker-compose.override.yml.example new file mode 100644 index 00000000..ff296310 --- /dev/null +++ b/docker-compose.override.yml.example @@ -0,0 +1,25 @@ +# Docker Compose Override Example +# Copy this file to docker-compose.override.yml and customize for your environment + +version: "3.8" +services: + application: + environment: + CONSOLE_HOST: http://localhost:4200 + # Add your environment-specific variables here + MAIL_MAILER: smtp # or ses, mailgun, postmark, sendgrid + OSRM_HOST: https://router.project-osrm.org + # IPINFO_API_KEY: your_api_key + # GOOGLE_MAPS_API_KEY: your_api_key + # GOOGLE_MAPS_LOCALE: us + # TWILIO_SID: your_twilio_sid + # TWILIO_TOKEN: your_twilio_token + # TWILIO_FROM: your_twilio_phone + + socket: + environment: + # DEVELOPMENT: Allow localhost connections (HTTP, HTTPS, and WebSocket protocols) + SOCKETCLUSTER_OPTIONS: '{"origins":"http://localhost:*,https://localhost:*,ws://localhost:*,wss://localhost:*"}' + + # PRODUCTION: Replace with your actual domain(s) - include all protocols + # SOCKETCLUSTER_OPTIONS: '{"origins":"https://yourdomain.com:*,wss://yourdomain.com:*,https://app.yourdomain.com:*,wss://app.yourdomain.com:*"}' \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 6b299a0b..e341d7b1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -34,7 +34,9 @@ services: environment: SOCKETCLUSTER_WORKERS: 10 SOCKETCLUSTER_BROKERS: 10 - SOCKETCLUSTER_OPTIONS: '{"origins":"*:*"}' + # SOCKETCLUSTER_OPTIONS can be set via docker-compose.override.yml for specific environments + # For production, use: SOCKETCLUSTER_OPTIONS: '{"origins":"https://yourdomain.com:*"}' + # For development, use: SOCKETCLUSTER_OPTIONS: '{"origins":"http://localhost:*"}' scheduler: image: fleetbase/fleetbase-api:latest