mirror of
https://github.com/Dvorinka/Containr.git
synced 2026-06-03 20:12:58 +00:00
small fix, don't worry about it
This commit is contained in:
Tomas Dvorak
@@ -0,0 +1,139 @@
|
||||
# Production Environment Configuration
|
||||
# Copy this file to .env.prod and update with your production values
|
||||
|
||||
# ============================================
|
||||
# CRITICAL: Change all secrets before deploying
|
||||
# ============================================
|
||||
|
||||
# Environment
|
||||
ENVIRONMENT=production
|
||||
|
||||
# Domain Configuration
|
||||
DOMAIN=yourdomain.com
|
||||
ACME_EMAIL=admin@yourdomain.com
|
||||
|
||||
# Database Configuration (CHANGE PASSWORDS!)
|
||||
POSTGRES_DB=containr
|
||||
POSTGRES_USER=containr_user
|
||||
POSTGRES_PASSWORD=CHANGE_ME_STRONG_PASSWORD_HERE
|
||||
DATABASE_URL=postgres://containr_user:CHANGE_ME_STRONG_PASSWORD_HERE@postgres:5432/containr?sslmode=require
|
||||
MAX_CONNECTIONS=50
|
||||
MAX_IDLE_CONNECTIONS=10
|
||||
CONN_MAX_LIFETIME=10m
|
||||
CONN_MAX_IDLE_TIME=5m
|
||||
AUTO_MIGRATE=true
|
||||
MIGRATION_LOCK_TIMEOUT=5m
|
||||
SEED_DATA_ON_START=false
|
||||
|
||||
# Redis Configuration (CHANGE PASSWORD!)
|
||||
REDIS_PASSWORD=CHANGE_ME_STRONG_REDIS_PASSWORD
|
||||
REDIS_URL=redis://:CHANGE_ME_STRONG_REDIS_PASSWORD@redis:6379/0
|
||||
|
||||
# Security Configuration (GENERATE STRONG SECRETS!)
|
||||
# Generate with: openssl rand -base64 32
|
||||
JWT_SECRET=CHANGE_ME_MINIMUM_32_CHARACTERS_STRONG_SECRET_HERE
|
||||
BETTER_AUTH_SECRET=CHANGE_ME_MINIMUM_32_CHARACTERS_STRONG_SECRET_HERE
|
||||
BETTER_AUTH_INTERNAL_TOKEN=CHANGE_ME_STRONG_INTERNAL_TOKEN_HERE
|
||||
CONTAINR_AGENT_AUTH_TOKEN=CHANGE_ME_STRONG_AGENT_SECRET_HERE
|
||||
|
||||
# Cookie Configuration (MUST BE TRUE IN PRODUCTION!)
|
||||
COOKIE_SECURE=true
|
||||
COOKIE_DOMAIN=yourdomain.com
|
||||
COOKIE_PATH=/
|
||||
COOKIE_SAME_SITE=strict
|
||||
|
||||
# CORS Configuration (SET YOUR ACTUAL DOMAINS!)
|
||||
CORS_ORIGINS=https://yourdomain.com,https://api.yourdomain.com
|
||||
CORS_CREDENTIALS=true
|
||||
|
||||
# Application URLs
|
||||
VITE_API_URL=https://api.yourdomain.com
|
||||
VITE_AUTH_URL=https://api.yourdomain.com/api/auth
|
||||
BETTER_AUTH_URL=https://api.yourdomain.com
|
||||
BETTER_AUTH_PROXY_URL=http://127.0.0.1:3001
|
||||
BETTER_AUTH_INTERNAL_URL=http://127.0.0.1:3001/internal/session
|
||||
BETTER_AUTH_TRUSTED_ORIGINS=https://yourdomain.com,https://api.yourdomain.com
|
||||
BETTER_AUTH_AUTO_MIGRATE=true
|
||||
|
||||
# Server Configuration
|
||||
PORT=8080
|
||||
HOST=0.0.0.0
|
||||
AUTH_PORT=3001
|
||||
MAX_REQUEST_BODY_BYTES=10485760
|
||||
READ_TIMEOUT=30s
|
||||
WRITE_TIMEOUT=30s
|
||||
IDLE_TIMEOUT=60s
|
||||
SHUTDOWN_TIMEOUT=30s
|
||||
|
||||
# Security
|
||||
BCRYPT_COST=12
|
||||
TRUSTED_PROXY_CIDR=172.20.0.0/16
|
||||
|
||||
# Rate Limiting
|
||||
FREE_RPM=60
|
||||
PRO_RPM=600
|
||||
BUSINESS_RPM=3000
|
||||
FREE_MONTHLY_QUOTA=10000
|
||||
PRO_MONTHLY_QUOTA=100000
|
||||
BUSINESS_MONTHLY_QUOTA=500000
|
||||
|
||||
# Logging
|
||||
LOG_LEVEL=info
|
||||
LOG_FORMAT=json
|
||||
LOG_OUTPUT=stdout
|
||||
DEBUG=false
|
||||
|
||||
# Traefik Configuration
|
||||
TRAEFIK_API_INSECURE=false
|
||||
# Generate with: htpasswd -nb admin yourpassword
|
||||
TRAEFIK_AUTH=admin:$$apr1$$CHANGE_ME_HASH_HERE
|
||||
|
||||
# Database Connection (for Better Auth)
|
||||
DB_HOST=postgres
|
||||
DB_PORT=5432
|
||||
DB_NAME=containr
|
||||
DB_USER=containr_user
|
||||
DB_PASSWORD=CHANGE_ME_STRONG_PASSWORD_HERE
|
||||
|
||||
# Optional: OAuth Providers (if using)
|
||||
# GITHUB_CLIENT_ID=your_github_client_id
|
||||
# GITHUB_CLIENT_SECRET=your_github_client_secret
|
||||
# GITLAB_CLIENT_ID=your_gitlab_client_id
|
||||
# GITLAB_CLIENT_SECRET=your_gitlab_client_secret
|
||||
|
||||
# Optional: Monitoring & Analytics
|
||||
# SENTRY_DSN=your_sentry_dsn
|
||||
# UMAMI_BASE_URL=your_umami_url
|
||||
# UMAMI_API_KEY=your_umami_key
|
||||
# UMAMI_WEBSITE_ID=your_website_id
|
||||
|
||||
# Optional: Cloudflare Tunnel
|
||||
# CLOUDFLARED_TOKEN=your_cloudflare_tunnel_token
|
||||
|
||||
# Optional: Docker Registry
|
||||
# DOCKER_REGISTRY_URL=registry.yourdomain.com
|
||||
# DOCKER_REGISTRY_USERNAME=your_username
|
||||
# DOCKER_REGISTRY_PASSWORD=your_password
|
||||
|
||||
# Optional: External Services
|
||||
# SLACK_WEBHOOK_URL=your_slack_webhook
|
||||
# SMTP_HOST=smtp.yourdomain.com
|
||||
# SMTP_PORT=587
|
||||
# SMTP_USER=noreply@yourdomain.com
|
||||
# SMTP_PASSWORD=your_smtp_password
|
||||
# SMTP_FROM=noreply@yourdomain.com
|
||||
|
||||
# ============================================
|
||||
# PRODUCTION DEPLOYMENT CHECKLIST
|
||||
# ============================================
|
||||
# [ ] Changed all passwords and secrets
|
||||
# [ ] Set COOKIE_SECURE=true
|
||||
# [ ] Set ENVIRONMENT=production
|
||||
# [ ] Configured proper CORS_ORIGINS
|
||||
# [ ] Set up SSL certificates
|
||||
# [ ] Configured domain DNS
|
||||
# [ ] Set up database backups
|
||||
# [ ] Configured monitoring
|
||||
# [ ] Set up log aggregation
|
||||
# [ ] Tested in staging first
|
||||
# [ ] Have rollback plan ready
|
||||
Reference in New Issue
Block a user