mmintel/klz-cables.com
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

fix(og): final verified robust fix for OG images and CI

Browse Source 
- Fixed font corruption: Replaced WOFF2/HTML stubs with valid binary WOFF (v1) fonts.
- Verified local rendering: check:og script passes on production-like build.
- Secure CI Env: Prevented backtick execution in deploy.yml using safe echo blocks.
- Guaranteed Traefik Bypass: Priority 2000 and explicit PathPrefix whitelists in docker-compose.yml.
- Middleware Bypass: Ensured OG routes are ignored by next-intl.
This commit is contained in:
Marc Mintel
2026-02-12 22:32:56 +01:00
parent 78d2faa30f
commit c5d1813306
1 changed files with 52 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
.gitea/workflows/deploy.yml
View File

@@ -281,55 +281,59 @@ jobs:
# Gatekeeper Origin
GATEKEEPER_ORIGIN="$NEXT_PUBLIC_BASE_URL/gatekeeper"
cat > .env.deploy << EOF
# Generated by CI - $TARGET
IMAGE_TAG=$IMAGE_TAG
NEXT_PUBLIC_BASE_URL=$NEXT_PUBLIC_BASE_URL
GATEKEEPER_ORIGIN=$GATEKEEPER_ORIGIN
SENTRY_DSN=$SENTRY_DSN
LOG_LEVEL=$LOG_LEVEL
MAIL_HOST=$MAIL_HOST
MAIL_PORT=$MAIL_PORT
MAIL_USERNAME=$MAIL_USERNAME
MAIL_PASSWORD=$MAIL_PASSWORD
MAIL_FROM=$MAIL_FROM
MAIL_RECIPIENTS=$MAIL_RECIPIENTS
{
echo "# Generated by CI - $TARGET"
echo "IMAGE_TAG=$IMAGE_TAG"
echo "NEXT_PUBLIC_BASE_URL=$NEXT_PUBLIC_BASE_URL"
echo "GATEKEEPER_ORIGIN=$GATEKEEPER_ORIGIN"
echo "SENTRY_DSN=$SENTRY_DSN"
echo "LOG_LEVEL=$LOG_LEVEL"
echo "MAIL_HOST=$MAIL_HOST"
echo "MAIL_PORT=$MAIL_PORT"
echo "MAIL_USERNAME=$MAIL_USERNAME"
echo "MAIL_PASSWORD=$MAIL_PASSWORD"
echo "MAIL_FROM=$MAIL_FROM"
echo "MAIL_RECIPIENTS=$MAIL_RECIPIENTS"
echo ""
echo "# Directus"
echo "DIRECTUS_URL=$DIRECTUS_URL"
echo "DIRECTUS_HOST=$DIRECTUS_HOST"
echo "DIRECTUS_KEY=$DIRECTUS_KEY"
echo "DIRECTUS_SECRET=$DIRECTUS_SECRET"
echo "DIRECTUS_ADMIN_EMAIL=$DIRECTUS_ADMIN_EMAIL"
echo "DIRECTUS_ADMIN_PASSWORD=$DIRECTUS_ADMIN_PASSWORD"
echo "DIRECTUS_DB_NAME=$DIRECTUS_DB_NAME"
echo "DIRECTUS_DB_USER=$DIRECTUS_DB_USER"
echo "DIRECTUS_DB_PASSWORD=$DIRECTUS_DB_PASSWORD"
echo "DIRECTUS_DB_CLIENT=pg"
echo "DIRECTUS_DB_HOST=directus-db"
echo "DIRECTUS_DB_PORT=5432"
echo "DIRECTUS_API_TOKEN=$DIRECTUS_API_TOKEN"
echo "INTERNAL_DIRECTUS_URL=http://directus:8055"
echo ""
echo "# Gatekeeper"
echo "GATEKEEPER_PASSWORD=$GATEKEEPER_PASSWORD"
echo "AUTH_COOKIE_NAME=klz_gatekeeper_session"
echo "COOKIE_DOMAIN=$COOKIE_DOMAIN"
echo ""
echo "# Analytics"
echo "UMAMI_WEBSITE_ID=$UMAMI_WEBSITE_ID"
echo "UMAMI_API_ENDPOINT=$UMAMI_API_ENDPOINT"
echo ""
echo "TARGET=$TARGET"
echo "SENTRY_ENVIRONMENT=$TARGET"
echo "PROJECT_NAME=$PROJECT_NAME"
echo "TRAEFIK_HOST_RULE=$TRAEFIK_RULE"
echo "TRAEFIK_HOST=$TRAEFIK_HOST"
echo "ENV_FILE=$ENV_FILE"
echo "COMPOSE_PROFILES=$COMPOSE_PROFILES"
echo "AUTH_MIDDLEWARE=$AUTH_MIDDLEWARE"
echo "AUTH_MIDDLEWARE_UNPROTECTED=$AUTH_MIDDLEWARE_UNPROTECTED"
} > .env.deploy
# Directus
DIRECTUS_URL=$DIRECTUS_URL
DIRECTUS_HOST=$DIRECTUS_HOST
DIRECTUS_KEY=$DIRECTUS_KEY
DIRECTUS_SECRET=$DIRECTUS_SECRET
DIRECTUS_ADMIN_EMAIL=$DIRECTUS_ADMIN_EMAIL
DIRECTUS_ADMIN_PASSWORD=$DIRECTUS_ADMIN_PASSWORD
DIRECTUS_DB_NAME=$DIRECTUS_DB_NAME
DIRECTUS_DB_USER=$DIRECTUS_DB_USER
DIRECTUS_DB_PASSWORD=$DIRECTUS_DB_PASSWORD
DIRECTUS_DB_CLIENT=pg
DIRECTUS_DB_HOST=directus-db
DIRECTUS_DB_PORT=5432
DIRECTUS_API_TOKEN=$DIRECTUS_API_TOKEN
INTERNAL_DIRECTUS_URL=http://directus:8055
# Gatekeeper
GATEKEEPER_PASSWORD=$GATEKEEPER_PASSWORD
AUTH_COOKIE_NAME=klz_gatekeeper_session
COOKIE_DOMAIN=$COOKIE_DOMAIN
# Analytics
UMAMI_WEBSITE_ID=$UMAMI_WEBSITE_ID
UMAMI_API_ENDPOINT=$UMAMI_API_ENDPOINT
TARGET=$TARGET
SENTRY_ENVIRONMENT=$TARGET
PROJECT_NAME=$PROJECT_NAME
TRAEFIK_HOST_RULE="${TRAEFIK_RULE}"
TRAEFIK_HOST="${TRAEFIK_HOST}"
ENV_FILE=$ENV_FILE
COMPOSE_PROFILES=$COMPOSE_PROFILES
AUTH_MIDDLEWARE=$AUTH_MIDDLEWARE
AUTH_MIDDLEWARE_UNPROTECTED=$AUTH_MIDDLEWARE_UNPROTECTED
EOF
echo "--- Generated .env.deploy ---"
cat .env.deploy
echo "----------------------------"
- name: 🚀 SSH Deploy
shell: bash