From 8f2af87d9a836e6169f8d15182b3953f5c33a923 Mon Sep 17 00:00:00 2001 From: Ynda Jas Date: Fri, 10 Jan 2025 20:23:52 +0000 Subject: [PATCH] WIP unchecked changes to be reviewed then fixed up --- config/environments/production.rb | 76 +++++++++++-------------------- 1 file changed, 26 insertions(+), 50 deletions(-) diff --git a/config/environments/production.rb b/config/environments/production.rb index e78e876..8d789d7 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -9,80 +9,56 @@ # Eager load code on boot for better performance and memory savings (ignored by Rake tasks). config.eager_load = true - # Full error reports are disabled and caching is turned on. - config.consider_all_requests_local = false - config.action_controller.perform_caching = true - - # Ensures that a master key has been made available in ENV["RAILS_MASTER_KEY"], config/master.key, or an environment - # key such as config/credentials/production.key. This key is used to decrypt credentials (and other encrypted files). - # config.require_master_key = true - - # Disable serving static files from `public/`, relying on NGINX/Apache to do so instead. - config.public_file_server.enabled = ENV["RAILS_SERVE_STATIC_FILES"].present? - - # Compress CSS using a preprocessor. - # config.assets.css_compressor = :sass + # Full error reports are disabled. + config.consider_all_requests_local = false - # Do not fallback to assets pipeline if a precompiled asset is missed. - config.assets.compile = false + # Turn on fragment caching in view templates. + config.action_controller.perform_caching = true - # Compress JavaScript - config.assets.js_compressor = :terser + # Cache assets for far-future expiry since they are all digest stamped. + config.public_file_server.headers = { "cache-control" => "public, max-age=#{1.year.to_i}" } # Enable serving of images, stylesheets, and JavaScripts from an asset server. # config.asset_host = "http://assets.example.com" - # Specifies the header that your server uses for sending files. - # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for Apache - # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX - # Assume all access to the app is happening through a SSL-terminating reverse proxy. - # Can be used together with config.force_ssl for Strict-Transport-Security and secure cookies. - # config.assume_ssl = true + config.assume_ssl = true # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. - # config.force_ssl = true + config.force_ssl = true # Skip http-to-https redirect for the default health check endpoint. # config.ssl_options = { redirect: { exclude: ->(request) { request.path == "/up" } } } - # Log to STDOUT by default - if ENV["RAILS_LOG_TO_STDOUT"].present? - logger = ActiveSupport::Logger.new($stdout) - logger.formatter = config.log_formatter - config.logger = ActiveSupport::TaggedLogging.new(logger) - end - - # Prepend all log lines with the following tags. + # Log to STDOUT with the current request id as a default log tag. config.log_tags = [:request_id] + config.logger = ActiveSupport::TaggedLogging.logger($stdout) - # "info" includes generic and useful information about system operation, but avoids logging too much - # information to avoid inadvertent exposure of personally identifiable information (PII). If you - # want to log everything, set the level to "debug". + # Change to "debug" to log everything (including potentially personally-identifiable information!) config.log_level = ENV.fetch("RAILS_LOG_LEVEL", "info") - # Use a different cache store in production. + # Prevent health checks from clogging up the logs. + config.silence_healthcheck_path = "/up" + + # Don't log any deprecations. + config.active_support.report_deprecations = false + + # Replace the default in-process memory cache store with a durable alternative. # config.cache_store = :mem_cache_store - # Use a real queuing backend for Active Job (and separate queues per environment). - # config.active_job.queue_adapter = :resque - # config.active_job.queue_name_prefix = "govspeak_preview_production" + # Replace the default in-process and non-durable queuing backend for Active Job. + # config.active_job.queue_adapter = :resque # Enable locale fallbacks for I18n (makes lookups for any locale fall back to # the I18n.default_locale when a translation cannot be found). config.i18n.fallbacks = true - # Use default logging formatter so that PID and timestamp are not suppressed. - config.log_formatter = ::Logger::Formatter.new - - # Don't log any deprecations. - config.active_support.report_deprecations = false - # Enable DNS rebinding protection and other `Host` header attacks. - config.hosts = [ - /govspeak-preview\..*\.gov.uk$/, - ] - + # config.hosts = [ + # "example.com", # Allow requests from example.com + # /.*\.example\.com/ # Allow requests from subdomains like `www.example.com` + # ] + # # Skip DNS rebinding protection for the default health check endpoint. - config.host_authorization = { exclude: ->(request) { request.path.match?("^\/healthcheck") } } + # config.host_authorization = { exclude: ->(request) { request.path == "/up" } } end