#ask-questions
Title
b
billions-arm-13894
09/23/2022, 1:00 PMHi all!
I have issues with accessing the API on port 3100 and I'm not sure what could be the possible cause for that because it was working in dev environment.
When I run docker-compose up I get this message:
Copy code
growthbook_1 | | /usr/local/src/app/packages/back-end/dist/util/secrets.js:49
growthbook_1 | | throw new Error("Cannot use JWT_SECRET=dev in production. Please set to a long random string.");
growthbook_1 | | ^
growthbook_1 | |
growthbook_1 | | Error: Cannot use JWT_SECRET=dev in production. Please set to a long random string.f
future-teacher-7046
09/23/2022, 1:06 PM
You need to set the JWT_SECRET environment variable to a long random string to use the API in production. Without that, an attacker could easily gain access to the system.
b
billions-arm-13894
09/23/2022, 1:08 PMThanks. I tried copying .env.example -> .env and changing it to some random string but docker-compose still used the old one. Is there a way to "apply" changes to JWT_SECRET?
f
future-teacher-7046
09/23/2022, 1:08 PM
You need to make the changes to the docker-compose file itself. The .env files are only for local development.
b
billions-arm-13894
09/23/2022, 1:14 PMohh thanks a lot for the fast response! it works now.
could you please update the documentation for self hosting because I was unaware of this and could potentially save time for others?
@future-teacher-7046 I had to get back to this because I'm getting similar issue when I deployed everything to AWS. I updated JWT_SECRET and an api call from growthbook app is failing because of cross origin error which is probably because the port is different. is there anything else I need to watch out for? docs are saying:
Make sure CORS settings are correct. Add your URLs to the AllowedOrigins array or set to "*"f
future-teacher-7046
10/06/2022, 1:41 PM
Are you able to go to the API directly in a browser? You should see a JSON response if it's running correctly that shows you the
app_origin7 Views