fix: setting error.

Author: PttCodingMan

.env.example

@@ -15,17 +15,20 @@ COOKIE_SECURE=false  # Set to true in production with HTTPS
 # Extra origins allowed for CSRF/CORS (comma-separated). localhost:5173 and
 # localhost:3000 are always allowed. Set your public URL here in prod.
 ALLOWED_ORIGINS=
-
-# ── Frontend ──
-VITE_API_URL=http://localhost:8000
+# Trust X-Forwarded-For from a reverse proxy when computing rate-limit keys.
+# The shipped docker-compose runs nginx in front of the backend and sets this
+# to true via the compose env block; only enable here if you put a different
+# trusted proxy in front. Leaving this off behind a proxy collapses every
+# client to the proxy's IP.
+TRUST_PROXY=false
 
 # ── AI Chat (optional) ──
 # Defaults target Gemini. Get an API key at https://aistudio.google.com/apikey
 # Any OpenAI-compatible provider works — just change AI_BASE_URL + AI_MODEL.
 AI_ENABLED=false
 AI_BASE_URL=https://generativelanguage.googleapis.com/v1beta/openai
 AI_API_KEY=
-AI_MODEL=gemini-2.5-flash
+AI_MODEL=gemini-2.0-flash
 AI_MAX_CONTEXT_PAGES=5
 AI_EXCERPT_CHARS=1500
 AI_RATE_LIMIT_PER_HOUR=20
@@ -37,7 +40,8 @@ AI_RATE_LIMIT_PER_HOUR=20
 
 # ── OIDC / OAuth SSO (optional) ──
 # Public URL the browser can reach — used to build OIDC redirect_uri.
-# Dev with Vite proxy: http://localhost:5173   Prod: https://wiki.example.com
+# Dev with Vite proxy: http://localhost:5173   Docker: http://localhost:3000
+# (compose overrides this automatically)            Prod: https://wiki.example.com
 PUBLIC_BASE_URL=http://localhost:8000
 
 OIDC_ENABLED=false
@@ -90,6 +94,3 @@ LDAP_SYNC_GROUPS=false
 LDAP_GROUP_BASE=ou=groups,dc=example,dc=com
 LDAP_GROUP_FILTER=(&(objectClass=groupOfNames)(member={user_dn}))
 LDAP_ADMIN_GROUPS=wiki-admins
-
-# ── Webhook (Phase 7, 可選) ──
-WEBHOOK_URLS=

.github/workflows/ci.yml

@@ -159,6 +159,10 @@ jobs:
             echo "skip=false" >> $GITHUB_OUTPUT
           fi
 
+      - name: Set up QEMU
+        if: steps.check.outputs.skip != 'true'
+        uses: docker/setup-qemu-action@v3
+
       - name: Set up Docker Buildx
         if: steps.check.outputs.skip != 'true'
         uses: docker/setup-buildx-action@v3
@@ -190,6 +194,7 @@ jobs:
           context: .
           file: ./${{ matrix.component }}/Dockerfile
           push: true
+          platforms: linux/amd64,linux/arm64
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha

backend/Dockerfile

@@ -17,4 +17,6 @@ COPY backend/ .
 COPY VERSION /app/VERSION
 
 EXPOSE 8000
+HEALTHCHECK --interval=30s --timeout=5s --start-period=15s --retries=3 \
+  CMD python -c "import urllib.request,sys; sys.exit(0 if urllib.request.urlopen('http://localhost:8000/api/health',timeout=3).status==200 else 1)" || exit 1
 CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]

backend/app/config.py

@@ -15,7 +15,6 @@ class Settings(BaseSettings):
     DB_PATH: str = "./data/just-wiki.db"
     MEDIA_DIR: str = "./data/media"
 
-    VITE_API_URL: str = "http://localhost:8000"
     COOKIE_SECURE: bool = False  # Set to True in production with HTTPS
 
     # Comma-separated list of origins allowed for CSRF/CORS on top of the
@@ -110,9 +109,13 @@ class Settings(BaseSettings):
     # one directory up (so `make dev-backend`, which cds into backend/, still
     # picks up the project-root .env). pydantic-settings uses the first file
     # that exists.
+    #
+    # extra='ignore' so renaming/removing a setting doesn't crash on existing
+    # deployments where the user's .env still has the old key.
     model_config = {
         "env_file": (".env", "../.env"),
         "env_file_encoding": "utf-8",
+        "extra": "ignore",
     }
 
 

docker-compose.yml

@@ -4,18 +4,27 @@ services:
     build:
       context: .
       dockerfile: backend/Dockerfile
-    ports:
-      - "8000:8000"
     volumes:
       - ./data:/app/data
-    env_file: .env
-    # Override the dev-oriented paths in .env so the container reads/writes
-    # the mounted /app/data volume regardless of what DATA_DIR is set to in
-    # the shared .env file.
+    env_file:
+      - path: .env
+        required: false
+    # Override the dev-oriented defaults so the container reads/writes the
+    # mounted /app/data volume and treats the frontend nginx (port 3000) as
+    # the public ingress — OIDC redirect_uri must round-trip through nginx.
+    # TRUST_PROXY=true because nginx is the only reachable peer.
     environment:
       DATA_DIR: /app/data
       DB_PATH: /app/data/just-wiki.db
       MEDIA_DIR: /app/data/media
+      PUBLIC_BASE_URL: ${PUBLIC_BASE_URL:-http://localhost:3000}
+      TRUST_PROXY: "true"
+    healthcheck:
+      test: ["CMD", "python", "-c", "import urllib.request,sys; sys.exit(0 if urllib.request.urlopen('http://localhost:8000/api/health',timeout=3).status==200 else 1)"]
+      interval: 30s
+      timeout: 5s
+      start_period: 15s
+      retries: 3
     restart: unless-stopped
 
   frontend:
@@ -26,5 +35,6 @@ services:
     ports:
       - "3000:3000"
     depends_on:
-      - backend
+      backend:
+        condition: service_healthy
     restart: unless-stopped

frontend/nginx.conf

@@ -7,6 +7,9 @@ server {
         proxy_pass http://backend:8000;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $host;
     }
 
     location / {