michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
420 Commits 1 Branch 0 Tags
7785e65d0884f686768292c42860fe20a9ed4901
Commit Graph

6 Commits

Author SHA1 Message Date
Michael Schiemer
7785e65d08 fix(security): prevent debug error pages on staging/production
All checks were successful
Test Runner / test-basic (push) Successful in 8s
Details
Test Runner / test-php (push) Successful in 7s
Details
Deploy Application / deploy (push) Successful in 1m28s
Details 
Root cause: ExceptionHandlingInitializer attempted to autowire
EnvironmentType directly, but it was never registered in the DI
container. This caused the debug mode resolution to fail silently.

Changes:
- Use TypedConfiguration instead of EnvironmentType for proper DI
- Create ErrorHandlingConfig value object to centralize config
- Access debug mode via AppConfig.isDebugEnabled() which respects
  both APP_DEBUG env var AND EnvironmentType.isDebugEnabled()
- Register ErrorHandlingConfig as singleton in container
- Remove diagnostic logging from ResponseErrorRenderer

This ensures that staging/production environments (where
EnvironmentType != DEV) will not display stack traces, code context,
or file paths in error responses.
 2025-11-25 15:01:40 +01:00
Michael Schiemer
520d082393 chore: add diagnostic logging for debug mode verification
All checks were successful
Test Runner / test-basic (push) Successful in 8s
Details
Test Runner / test-php (push) Successful in 8s
Details
Deploy Application / deploy (push) Successful in 1m33s
Details 
This temporary logging will help verify that:
- EnvironmentType is correctly detected as STAGING
- isDebugEnabled() returns false for STAGING
- ResponseErrorRenderer receives isDebugMode=false

Remove after verification is complete.
 2025-11-25 14:44:05 +01:00
Michael Schiemer
dd7cfd97e6 feat: improve stack trace rendering 2025-11-25 04:13:25 +01:00
Michael Schiemer
77abc65cd7 fix: DockerSecretsResolver - don't normalize absolute paths like /var/www/html/...
Some checks failed
Deploy Application / deploy (push) Has been cancelled
Details
2025-11-24 21:28:25 +01:00
Michael Schiemer
36ef2a1e2c fix: Gitea Traefik routing and connection pool optimization
Some checks failed
🚀 Build & Deploy Image / Determine Build Necessity (push) Failing after 10m14s
Details
🚀 Build & Deploy Image / Build Runtime Base Image (push) Has been skipped
Details
🚀 Build & Deploy Image / Build Docker Image (push) Has been skipped
Details
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Details
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Has been skipped
Details
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
Details
Security Vulnerability Scan / Check for Dependency Changes (push) Failing after 11m25s
Details
Security Vulnerability Scan / Composer Security Audit (push) Has been cancelled
Details 
- Remove middleware reference from Gitea Traefik labels (caused routing issues)
- Optimize Gitea connection pool settings (MAX_IDLE_CONNS=30, authentication_timeout=180s)
- Add explicit service reference in Traefik labels
- Fix intermittent 504 timeouts by improving PostgreSQL connection handling

Fixes Gitea unreachability via git.michaelschiemer.de
 2025-11-09 14:46:15 +01:00
Michael Schiemer
95147ff23e refactor(deployment): Remove WireGuard VPN dependency and restore public service access 
Remove WireGuard integration from production deployment to simplify infrastructure:
- Remove docker-compose-direct-access.yml (VPN-bound services)
- Remove VPN-only middlewares from Grafana, Prometheus, Portainer
- Remove WireGuard middleware definitions from Traefik
- Remove WireGuard IPs (10.8.0.0/24) from Traefik forwarded headers

All monitoring services now publicly accessible via subdomains:
- grafana.michaelschiemer.de (with Grafana native auth)
- prometheus.michaelschiemer.de (with Basic Auth)
- portainer.michaelschiemer.de (with Portainer native auth)

All services use Let's Encrypt SSL certificates via Traefik.
 2025-11-05 12:48:25 +01:00