| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397 |
- /**
- * Production environment settings
- * (sails.config.*)
- *
- * What you see below is a quick outline of the built-in settings you need
- * to configure your Sails app for production. The configuration in this file
- * is only used in your production environment, i.e. when you lift your app using:
- *
- * ```
- * NODE_ENV=production node app
- * ```
- *
- * > If you're using git as a version control solution for your Sails app,
- * > this file WILL BE COMMITTED to your repository by default, unless you add
- * > it to your .gitignore file. If your repository will be publicly viewable,
- * > don't add private/sensitive data (like API secrets / db passwords) to this file!
- *
- * For more best practices and tips, see:
- * https://sailsjs.com/docs/concepts/deployment
- */
- module.exports = {
- /**************************************************************************
- * *
- * Tell Sails what database(s) it should use in production. *
- * *
- * (https://sailsjs.com/config/datastores) *
- * *
- **************************************************************************/
- datastores: {
- /***************************************************************************
- * *
- * Configure your default production database. *
- * *
- * 1. Choose an adapter: *
- * https://sailsjs.com/plugins/databases *
- * *
- * 2. Install it as a dependency of your Sails app. *
- * (For example: npm install sails-mysql --save) *
- * *
- * 3. Then set it here (`adapter`), along with a connection URL (`url`) *
- * and any other, adapter-specific customizations. *
- * (See https://sailsjs.com/config/datastores for help.) *
- * *
- ***************************************************************************/
- default: {
- // adapter: 'sails-mysql',
- // url: 'mysql://user:password@host:port/database',
- //--------------------------------------------------------------------------
- // /\ To avoid checking it in to version control, you might opt to set
- // || sensitive credentials like `url` using an environment variable.
- //
- // For example:
- // ```
- // sails_datastores__default__url=mysql://admin:myc00lpAssw2D@db.example.com:3306/my_prod_db
- // ```
- //--------------------------------------------------------------------------
- /****************************************************************************
- * *
- * More adapter-specific options *
- * *
- * > For example, for some hosted PostgreSQL providers (like Heroku), the *
- * > extra `ssl: true` option is mandatory and must be provided. *
- * *
- * More info: *
- * https://sailsjs.com/config/datastores *
- * *
- ****************************************************************************/
- // ssl: true,
- },
- },
- models: {
- /***************************************************************************
- * *
- * To help avoid accidents, Sails automatically sets the automigration *
- * strategy to "safe" when your app lifts in production mode. *
- * (This is just here as a reminder.) *
- * *
- * More info: *
- * https://sailsjs.com/docs/concepts/models-and-orm/model-settings#?migrate *
- * *
- ***************************************************************************/
- migrate: 'safe',
- /***************************************************************************
- * *
- * If, in production, this app has access to physical-layer CASCADE *
- * constraints (e.g. PostgreSQL or MySQL), then set those up in the *
- * database and uncomment this to disable Waterline's `cascadeOnDestroy` *
- * polyfill. (Otherwise, if you are using a databse like Mongo, you might *
- * choose to keep this enabled.) *
- * *
- ***************************************************************************/
- // cascadeOnDestroy: false,
- },
- /**************************************************************************
- * *
- * Always disable "shortcut" blueprint routes. *
- * *
- * > You'll also want to disable any other blueprint routes if you are not *
- * > actually using them (e.g. "actions" and "rest") -- but you can do *
- * > that in `config/blueprints.js`, since you'll want to disable them in *
- * > all environments (not just in production.) *
- * *
- ***************************************************************************/
- blueprints: {
- shortcuts: false,
- },
- /***************************************************************************
- * *
- * Configure your security settings for production. *
- * *
- * IMPORTANT: *
- * If web browsers will be communicating with your app, be sure that *
- * you have CSRF protection enabled. To do that, set `csrf: true` over *
- * in the `config/security.js` file (not here), so that CSRF app can be *
- * tested with CSRF protection turned on in development mode too. *
- * *
- ***************************************************************************/
- security: {
- /***************************************************************************
- * *
- * If this app has CORS enabled (see `config/security.js`) with the *
- * `allowCredentials` setting enabled, then you should uncomment the *
- * `allowOrigins` whitelist below. This sets which "origins" are allowed *
- * to send cross-domain (CORS) requests to your Sails app. *
- * *
- * > Replace "https://example.com" with the URL of your production server. *
- * > Be sure to use the right protocol! ("http://" vs. "https://") *
- * *
- ***************************************************************************/
- cors: {
- // allowOrigins: [
- // 'https://example.com',
- // ]
- },
- },
- /***************************************************************************
- * *
- * Configure how your app handles sessions in production. *
- * *
- * (https://sailsjs.com/config/session) *
- * *
- * > If you have disabled the "session" hook, then you can safely remove *
- * > this section from your `config/env/production.js` file. *
- * *
- ***************************************************************************/
- session: {
- /***************************************************************************
- * *
- * Production session store configuration. *
- * *
- * Uncomment the following lines to finish setting up a package called *
- * "connect-redis" that will use Redis to store and retrieve session data. *
- * This makes your app more scalable by allowing you to share sessions *
- * across a cluster of multiple Sails/Node.js servers and/or processes. *
- * (See http://bit.ly/redis-session-config for more info.) *
- * *
- * > While "connect-redis" is a popular choice for Sails apps, many other *
- * > compatible packages (like "connect-mongo") are available on NPM. *
- * > (For a full list, see https://sailsjs.com/plugins/sessions) *
- * *
- ***************************************************************************/
- // adapter: 'connect-redis',
- // url: 'redis://user:password@localhost:6379/dbname',
- //--------------------------------------------------------------------------
- // /\ OR, to avoid checking it in to version control, you might opt to
- // || set sensitive credentials like this using an environment variable.
- //
- // For example:
- // ```
- // sails_session__url=redis://admin:myc00lpAssw2D@bigsquid.redistogo.com:9562/sessions
- // ```
- //
- //--------------------------------------------------------------------------
- /***************************************************************************
- * *
- * Production configuration for the session ID cookie. *
- * *
- * Tell browsers (or other user agents) to ensure that session ID cookies *
- * are always transmitted via HTTPS, and that they expire 24 hours after *
- * they are set. *
- * *
- * Note that with `secure: true` set, session cookies will _not_ be *
- * transmitted over unsecured (HTTP) connections. Also, for apps behind *
- * proxies (like Heroku), the `trustProxy` setting under `http` must be *
- * configured in order for `secure: true` to work. *
- * *
- * > While you might want to increase or decrease the `maxAge` or provide *
- * > other options, you should always set `secure: true` in production *
- * > if the app is being served over HTTPS. *
- * *
- * Read more: *
- * https://sailsjs.com/config/session#?the-session-id-cookie *
- * *
- ***************************************************************************/
- cookie: {
- // secure: true,
- maxAge: 24 * 60 * 60 * 1000, // 24 hours
- },
- },
- /**************************************************************************
- * *
- * Set up Socket.io for your production environment. *
- * *
- * (https://sailsjs.com/config/sockets) *
- * *
- * > If you have disabled the "sockets" hook, then you can safely remove *
- * > this section from your `config/env/production.js` file. *
- * *
- ***************************************************************************/
- sockets: {
- /***************************************************************************
- * *
- * Uncomment the `onlyAllowOrigins` whitelist below to configure which *
- * "origins" are allowed to open socket connections to your Sails app. *
- * *
- * > Replace "https://example.com" etc. with the URL(s) of your app. *
- * > Be sure to use the right protocol! ("http://" vs. "https://") *
- * *
- ***************************************************************************/
- // onlyAllowOrigins: [
- // 'https://example.com',
- // 'https://staging.example.com',
- // ],
- /***************************************************************************
- * *
- * If you are deploying a cluster of multiple servers and/or processes, *
- * then uncomment the following lines. This tells Socket.io about a Redis *
- * server it can use to help it deliver broadcasted socket messages. *
- * *
- * > Be sure you have a compatible version of socket.io-redis installed! *
- * > (See https://sailsjs.com/config/sockets for the latest version info) *
- * *
- * (https://sailsjs.com/docs/concepts/deployment/scaling) *
- * *
- ***************************************************************************/
- // adapter: 'socket.io-redis',
- // url: 'redis://user:password@bigsquid.redistogo.com:9562/dbname',
- //--------------------------------------------------------------------------
- // /\ OR, to avoid checking it in to version control, you might opt to
- // || set sensitive credentials like this using an environment variable.
- //
- // For example:
- // ```
- // sails_sockets__url=redis://admin:myc00lpAssw2D@bigsquid.redistogo.com:9562/
- // ```
- //--------------------------------------------------------------------------
- },
- /**************************************************************************
- * *
- * Set the production log level. *
- * *
- * (https://sailsjs.com/config/log) *
- * *
- ***************************************************************************/
- log: {
- level: 'debug'
- },
- http: {
- /***************************************************************************
- * *
- * The number of milliseconds to cache static assets in production. *
- * (the "max-age" to include in the "Cache-Control" response header) *
- * *
- ***************************************************************************/
- cache: 365.25 * 24 * 60 * 60 * 1000, // One year
- /***************************************************************************
- * *
- * Proxy settings *
- * *
- * If your app will be deployed behind a proxy/load balancer - for example, *
- * on a PaaS like Heroku - then uncomment the `trustProxy` setting below. *
- * This tells Sails/Express how to interpret X-Forwarded headers. *
- * *
- * This setting is especially important if you are using secure cookies *
- * (see the `cookies: secure` setting under `session` above) or if your app *
- * relies on knowing the original IP address that a request came from. *
- * *
- * (https://sailsjs.com/config/http) *
- * *
- ***************************************************************************/
- // trustProxy: true,
- },
- /**************************************************************************
- * *
- * Lift the server on port 80. *
- * (if deploying behind a proxy, or to a PaaS like Heroku or Deis, you *
- * probably don't need to set a port here, because it is oftentimes *
- * handled for you automatically. If you are not sure if you need to set *
- * this, just try deploying without setting it and see if it works.) *
- * *
- ***************************************************************************/
- // port: 80,
- /**************************************************************************
- * *
- * Configure an SSL certificate *
- * *
- * For the safety of your users' data, you should use SSL in production. *
- * ...But in many cases, you may not actually want to set it up _here_. *
- * *
- * Normally, this setting is only relevant when running a single-process *
- * deployment, with no proxy/load balancer in the mix. But if, on the *
- * other hand, you are using a PaaS like Heroku, you'll want to set up *
- * SSL in your load balancer settings (usually somewhere in your hosting *
- * provider's dashboard-- not here.) *
- * *
- * > For more information about configuring SSL in Sails, see: *
- * > https://sailsjs.com/config/*#?sailsconfigssl *
- * *
- **************************************************************************/
- // ssl: undefined,
- /**************************************************************************
- * *
- * Production overrides for any custom settings specific to your app. *
- * (for example, production credentials for 3rd party APIs like Stripe) *
- * *
- * > See config/custom.js for more info on how to configure these options. *
- * *
- ***************************************************************************/
- custom: {
- baseUrl: 'https://example.com',
- internalEmailAddress: 'support@example.com',
- // mailgunDomain: 'mg.example.com',
- // mailgunSecret: 'key-prod_fake_bd32301385130a0bafe030c',
- // stripeSecret: 'sk_prod__fake_Nfgh82401348jaDa3lkZ0d9Hm',
- //--------------------------------------------------------------------------
- // /\ OR, to avoid checking them in to version control, you might opt to
- // || set sensitive credentials like these using environment variables.
- //
- // For example:
- // ```
- // sails_custom__mailgunDomain=mg.example.com
- // sails_custom__mailgunSecret=key-prod_fake_bd32301385130a0bafe030c
- // sails_custom__stripeSecret=sk_prod__fake_Nfgh82401348jaDa3lkZ0d9Hm
- // ```
- //--------------------------------------------------------------------------
- },
- };
|
