set better security defaults in docker-compose.yml

lrstanley · web-flow · commit a1e5e6234fcf · 2019-05-07T15:07:59.000-04:00
Without `APP_DEBUG=false` or `APP_ENV=production`, this may lead to unwanted exposure of environment variables when a user hits an exception (or even a 404). With docker specifically, these environment variables also include the database credentials. This change will ensure this debugging functionality is not enabled by default.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -28,6 +28,8 @@ services:
       - DB_PREFIX=chq_
       - APP_KEY=${APP_KEY:-null}
       - APP_LOG=errorlog
+      - APP_ENV=production
+      - APP_DEBUG=false
       - DEBUG=false
     depends_on:
       - postgres
