diff --git a/.env.production.example b/.env.production.example new file mode 100644 index 0000000..5f47ec6 --- /dev/null +++ b/.env.production.example @@ -0,0 +1,101 @@ +# Monaco USA Portal - Production Environment Configuration +# ======================================================== +# Copy this file to .env on your production server and configure all values +# +# IMPORTANT: Never commit .env files to version control! + +# =========================================== +# DOMAIN CONFIGURATION +# =========================================== +# Your domain name (without https://) +DOMAIN=portal.monacousa.org + +# Email for Let's Encrypt SSL certificate notifications +ACME_EMAIL=matt@monacousa.org + +# =========================================== +# POSTGRES DATABASE +# =========================================== +# Use strong, unique passwords - generate with: openssl rand -base64 32 +POSTGRES_USER=postgres +POSTGRES_PASSWORD=CHANGE_ME_use_openssl_rand_base64_32 +POSTGRES_DB=postgres + +# =========================================== +# JWT CONFIGURATION +# =========================================== +# CRITICAL: Generate a unique secret for production! +# Generate with: openssl rand -base64 32 +JWT_SECRET=CHANGE_ME_use_openssl_rand_base64_32 +JWT_EXPIRY=3600 + +# =========================================== +# SUPABASE API KEYS +# =========================================== +# Generate these using your JWT_SECRET at: +# https://supabase.com/docs/guides/self-hosting#api-keys +# +# Or use this command to generate (requires jwt-cli): +# jwt encode --secret YOUR_JWT_SECRET --alg HS256 --exp '+100y' '{"role":"anon","iss":"supabase"}' +# jwt encode --secret YOUR_JWT_SECRET --alg HS256 --exp '+100y' '{"role":"service_role","iss":"supabase"}' + +ANON_KEY=CHANGE_ME_generate_with_jwt_tool +SERVICE_ROLE_KEY=CHANGE_ME_generate_with_jwt_tool + +# =========================================== +# AUTH CONFIGURATION +# =========================================== +# Set to true to disable public signups (invite-only) +DISABLE_SIGNUP=false + +# Set to false in production to require email verification +ENABLE_EMAIL_AUTOCONFIRM=false + +# Allowed redirect URLs after auth (comma-separated) +ADDITIONAL_REDIRECT_URLS=https://portal.monacousa.org/auth/callback,https://portal.monacousa.org/auth/verify + +# Rate limit for emails (per hour) +RATE_LIMIT_EMAIL_SENT=100 + +# =========================================== +# SMTP EMAIL CONFIGURATION +# =========================================== +# Required for email verification, password reset, invites +SMTP_HOST=mail.monacousa.org +SMTP_PORT=587 +SMTP_USER=noreply@monacousa.org +SMTP_PASS=CHANGE_ME_smtp_password +SMTP_ADMIN_EMAIL=noreply@monacousa.org +SMTP_SENDER_NAME=Monaco USA + +# =========================================== +# REALTIME / SECURITY +# =========================================== +# Generate with: openssl rand -base64 64 +SECRET_KEY_BASE=CHANGE_ME_use_openssl_rand_base64_64 + +# =========================================== +# POSTGREST +# =========================================== +PGRST_DB_SCHEMAS=public,storage,graphql_public + +# =========================================== +# SVELTEKIT CONFIGURATION +# =========================================== +# Body size limit for file uploads (50MB = 52428800 bytes) +BODY_SIZE_LIMIT=52428800 + +# =========================================== +# TRAEFIK DASHBOARD AUTH (Optional) +# =========================================== +# Generate with: htpasswd -nb admin yourpassword +# Or use: echo $(htpasswd -nb admin yourpassword) | sed -e s/\\$/\\$\\$/g +# The double $$ is required for docker-compose +TRAEFIK_DASHBOARD_AUTH=admin:$$apr1$$CHANGE_ME + +# =========================================== +# STUDIO AUTH (Optional - for Supabase Studio access) +# =========================================== +# Generate with: htpasswd -nb admin yourpassword +# Or use: echo $(htpasswd -nb admin yourpassword) | sed -e s/\\$/\\$\\$/g +STUDIO_AUTH=admin:$$apr1$$CHANGE_ME diff --git a/.gitignore b/.gitignore index 3b462cb..1868831 100644 --- a/.gitignore +++ b/.gitignore @@ -16,6 +16,7 @@ Thumbs.db .env .env.* !.env.example +!.env.production.example !.env.test # Vite