https://www.growthbook.io/ logo
#ask-questions
Title
# ask-questions
b

billions-arm-13894

09/23/2022, 1:00 PM
Hi all! I have issues with accessing the API on port 3100 and I'm not sure what could be the possible cause for that because it was working in dev environment. When I run docker-compose up I get this message:
Copy code
growthbook_1  |  | /usr/local/src/app/packages/back-end/dist/util/secrets.js:49
growthbook_1  |  |     throw new Error("Cannot use JWT_SECRET=dev in production. Please set to a long random string.");
growthbook_1  |  |     ^
growthbook_1  |  |
growthbook_1  |  | Error: Cannot use JWT_SECRET=dev in production. Please set to a long random string.
I haven't notice it before and currently that is the only thing that I found weird. Do you know if this could be a reason for not being able to access api. Here is the screenshot from UI also:
f

future-teacher-7046

09/23/2022, 1:06 PM
You need to set the JWT_SECRET environment variable to a long random string to use the API in production. Without that, an attacker could easily gain access to the system.
b

billions-arm-13894

09/23/2022, 1:08 PM
Thanks. I tried copying .env.example -> .env and changing it to some random string but docker-compose still used the old one. Is there a way to "apply" changes to JWT_SECRET?
f

future-teacher-7046

09/23/2022, 1:08 PM
You need to make the changes to the docker-compose file itself. The .env files are only for local development.
b

billions-arm-13894

09/23/2022, 1:14 PM
ohh thanks a lot for the fast response! it works now. could you please update the documentation for self hosting because I was unaware of this and could potentially save time for others?
@future-teacher-7046 I had to get back to this because I'm getting similar issue when I deployed everything to AWS. I updated JWT_SECRET and an api call from growthbook app is failing because of cross origin error which is probably because the port is different. is there anything else I need to watch out for? docs are saying:
Make sure CORS settings are correct. Add your URLs to the AllowedOrigins array or set to "*"
and I'm not sure where and if I need to set this
f

future-teacher-7046

10/06/2022, 1:41 PM
Are you able to go to the API directly in a browser? You should see a JSON response if it's running correctly that shows you the
app_origin
. Make sure that matches the front-end. If the API isn't loading on its own, then check the container logs. It's likely the back-end failed to start for some reason.
14 Views