# Production Environment Configuration # Copy this file to .env.prod and update with your production values # ============================================ # CRITICAL: Change all secrets before deploying # ============================================ # Environment ENVIRONMENT=production # Domain Configuration DOMAIN=yourdomain.com ACME_EMAIL=admin@yourdomain.com # Database Configuration (CHANGE PASSWORDS!) POSTGRES_DB=containr POSTGRES_USER=containr_user POSTGRES_PASSWORD=CHANGE_ME_STRONG_PASSWORD_HERE DATABASE_URL=postgres://containr_user:CHANGE_ME_STRONG_PASSWORD_HERE@postgres:5432/containr?sslmode=require MAX_CONNECTIONS=50 MAX_IDLE_CONNECTIONS=10 CONN_MAX_LIFETIME=10m CONN_MAX_IDLE_TIME=5m AUTO_MIGRATE=true MIGRATION_LOCK_TIMEOUT=5m SEED_DATA_ON_START=false # Redis Configuration (CHANGE PASSWORD!) REDIS_PASSWORD=CHANGE_ME_STRONG_REDIS_PASSWORD REDIS_URL=redis://:CHANGE_ME_STRONG_REDIS_PASSWORD@redis:6379/0 # Security Configuration (GENERATE STRONG SECRETS!) # Generate with: openssl rand -base64 32 JWT_SECRET=CHANGE_ME_MINIMUM_32_CHARACTERS_STRONG_SECRET_HERE BETTER_AUTH_SECRET=CHANGE_ME_MINIMUM_32_CHARACTERS_STRONG_SECRET_HERE BETTER_AUTH_INTERNAL_TOKEN=CHANGE_ME_STRONG_INTERNAL_TOKEN_HERE CONTAINR_AGENT_AUTH_TOKEN=CHANGE_ME_STRONG_AGENT_SECRET_HERE # Cookie Configuration (MUST BE TRUE IN PRODUCTION!) COOKIE_SECURE=true COOKIE_DOMAIN=yourdomain.com COOKIE_PATH=/ COOKIE_SAME_SITE=strict # CORS Configuration (SET YOUR ACTUAL DOMAINS!) CORS_ORIGINS=https://yourdomain.com,https://api.yourdomain.com CORS_CREDENTIALS=true # Application URLs VITE_API_URL=https://api.yourdomain.com VITE_AUTH_URL=https://api.yourdomain.com/api/auth BETTER_AUTH_URL=https://api.yourdomain.com BETTER_AUTH_PROXY_URL=http://127.0.0.1:3001 BETTER_AUTH_INTERNAL_URL=http://127.0.0.1:3001/internal/session BETTER_AUTH_TRUSTED_ORIGINS=https://yourdomain.com,https://api.yourdomain.com BETTER_AUTH_AUTO_MIGRATE=true # Server Configuration PORT=8080 HOST=0.0.0.0 AUTH_PORT=3001 MAX_REQUEST_BODY_BYTES=10485760 READ_TIMEOUT=30s WRITE_TIMEOUT=30s IDLE_TIMEOUT=60s SHUTDOWN_TIMEOUT=30s # Security BCRYPT_COST=12 TRUSTED_PROXY_CIDR=172.20.0.0/16 # Rate Limiting FREE_RPM=60 PRO_RPM=600 BUSINESS_RPM=3000 FREE_MONTHLY_QUOTA=10000 PRO_MONTHLY_QUOTA=100000 BUSINESS_MONTHLY_QUOTA=500000 # Logging LOG_LEVEL=info LOG_FORMAT=json LOG_OUTPUT=stdout DEBUG=false # Traefik Configuration TRAEFIK_API_INSECURE=false # Generate with: htpasswd -nb admin yourpassword TRAEFIK_AUTH=admin:$$apr1$$CHANGE_ME_HASH_HERE # Database Connection (for Better Auth) DB_HOST=postgres DB_PORT=5432 DB_NAME=containr DB_USER=containr_user DB_PASSWORD=CHANGE_ME_STRONG_PASSWORD_HERE # Optional: OAuth Providers (if using) # GITHUB_CLIENT_ID=your_github_client_id # GITHUB_CLIENT_SECRET=your_github_client_secret # GITLAB_CLIENT_ID=your_gitlab_client_id # GITLAB_CLIENT_SECRET=your_gitlab_client_secret # Optional: Monitoring & Analytics # SENTRY_DSN=your_sentry_dsn # UMAMI_BASE_URL=your_umami_url # UMAMI_API_KEY=your_umami_key # UMAMI_WEBSITE_ID=your_website_id # Optional: Cloudflare Tunnel # CLOUDFLARED_TOKEN=your_cloudflare_tunnel_token # Optional: Docker Registry # DOCKER_REGISTRY_URL=registry.yourdomain.com # DOCKER_REGISTRY_USERNAME=your_username # DOCKER_REGISTRY_PASSWORD=your_password # Optional: External Services # SLACK_WEBHOOK_URL=your_slack_webhook # SMTP_HOST=smtp.yourdomain.com # SMTP_PORT=587 # SMTP_USER=noreply@yourdomain.com # SMTP_PASSWORD=your_smtp_password # SMTP_FROM=noreply@yourdomain.com # ============================================ # PRODUCTION DEPLOYMENT CHECKLIST # ============================================ # [ ] Changed all passwords and secrets # [ ] Set COOKIE_SECURE=true # [ ] Set ENVIRONMENT=production # [ ] Configured proper CORS_ORIGINS # [ ] Set up SSL certificates # [ ] Configured domain DNS # [ ] Set up database backups # [ ] Configured monitoring # [ ] Set up log aggregation # [ ] Tested in staging first # [ ] Have rollback plan ready