adamspiers.org / quickslice
Auto-indexing service and GraphQL API for AT Protocol Records
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

docs: remove deprecated env vars from deployment guide

Chad Miller 7da58643 32aec919

+2 -24
+2 -24
docs/deployment.md
··· 10 10 | `HOST` | No | `127.0.0.1` | Server bind address. Set to `0.0.0.0` for containers | 11 11 | `PORT` | No | `8080` | Server port | 12 12 | `SECRET_KEY_BASE` | Recommended | Auto-generated | Session encryption key (64+ chars). **Must persist across restarts** | 13 - | `ADMIN_DIDS` | Optional | - | Comma-separated DIDs for admin access (e.g., `did:plc:abc,did:plc:xyz`) | 14 13 | `EXTERNAL_BASE_URL` | Optional | `http://localhost:8080` | Base URL of your application (used for OAuth redirect URIs and client metadata). Use `http://127.0.0.1:8080` for loopback mode | 15 14 | `OAUTH_LOOPBACK_MODE` | Optional | `false` | Set to `true` for local development without ngrok. Uses loopback client IDs instead of client metadata URLs | 16 - | `OAUTH_SUPPORTED_SCOPES` | Optional | `atproto transition:generic` | Space-separated OAuth scopes to request (used in loopback client IDs and client metadata) | 17 - | `JETSTREAM_URL` | No | `wss://jetstream2.us-west.bsky.network/subscribe` | Jetstream WebSocket endpoint | 18 - | `RELAY_URL` | No | `https://relay1.us-west.bsky.network` | AT Protocol relay URL | 19 - | `PLC_DIRECTORY_URL` | No | `https://plc.directory` | PLC directory URL | 15 + | `PLC_DIRECTORY_URL` | Optional | `https://plc.directory` | PLC directory URL override (useful for self-hosted PLC directories) | 20 16 21 17 ### Critical Environment Variables 22 18 23 19 - **DATABASE_URL**: Must point to a persistent volume location 24 20 - **SECRET_KEY_BASE**: Generate with `openssl rand -base64 48`. Store as a secret and keep persistent 25 21 - **HOST**: Set to `0.0.0.0` in container environments 26 - - **ADMIN_DIDS**: Required for backfill and settings page access 27 22 28 23 ## SQLite Volume Setup 29 24 ··· 79 74 80 75 ```bash 81 76 fly secrets set SECRET_KEY_BASE=$(openssl rand -base64 48) 82 - 83 - # Optional: Admin access 84 - fly secrets set ADMIN_DIDS=did:plc:your_did 85 77 ``` 86 78 87 79 ### 4. Deploy ··· 114 106 SECRET_KEY_BASE=<generate-with-openssl-rand> 115 107 ``` 116 108 117 - Optional variables: 118 - ``` 119 - ADMIN_DIDS=did:plc:your_did 120 - ``` 121 - 122 109 ### 3. Add a volume 123 110 124 111 In the Railway dashboard: ··· 176 163 - PORT=8080 177 164 - DATABASE_URL=/data/quickslice.db 178 165 - SECRET_KEY_BASE=${SECRET_KEY_BASE} 179 - - ADMIN_DIDS=${ADMIN_DIDS} 180 166 restart: unless-stopped 181 167 healthcheck: 182 168 test: ["CMD", "wget", "--spider", "-q", "http://localhost:8080/health"] ··· 192 178 193 179 ```bash 194 180 SECRET_KEY_BASE=<generate-with-openssl-rand> 195 - ADMIN_DIDS=did:plc:your_did 196 181 ``` 197 182 198 183 Start the service: ··· 218 203 219 204 ### Access GraphiQL 220 205 221 - Navigate to `/graphiql` (requires `ADMIN_DIDS` configuration). 206 + Navigate to `/graphiql` (requires authentication). 222 207 223 208 ### Database access 224 209 ··· 296 281 - Scale memory for high-traffic deployments 297 282 - Use SSD-backed volumes for SQLite performance 298 283 - Monitor database size and scale volume as needed 299 - 300 - ## Security 301 - 302 - 1. **Always set SECRET_KEY_BASE** - Generate a strong random key and keep it persistent 303 - 2. **Use HTTPS in production** - Both Fly.io and Railway handle this automatically 304 - 3. **Restrict admin access** - Set `ADMIN_DIDS` to limit who can access GraphiQL and backfill endpoints 305 - 4. **Store secrets securely** - Use platform secret management, never commit secrets to git