# Monaco USA Portal - Production Environment Configuration # ======================================================== # Copy this file to .env on your production server and configure all values # # IMPORTANT: Never commit .env files to version control! # =========================================== # DOMAIN CONFIGURATION # =========================================== # Your domain name (without https://) DOMAIN=portal.monacousa.org # Email for Let's Encrypt SSL certificate notifications ACME_EMAIL=matt@monacousa.org # =========================================== # POSTGRES DATABASE # =========================================== # Use strong, unique passwords - generate with: openssl rand -base64 32 POSTGRES_USER=postgres POSTGRES_PASSWORD=CHANGE_ME_use_openssl_rand_base64_32 POSTGRES_DB=postgres # =========================================== # JWT CONFIGURATION # =========================================== # CRITICAL: Generate a unique secret for production! # Generate with: openssl rand -base64 32 JWT_SECRET=CHANGE_ME_use_openssl_rand_base64_32 JWT_EXPIRY=3600 # =========================================== # SUPABASE API KEYS # =========================================== # Generate these using your JWT_SECRET at: # https://supabase.com/docs/guides/self-hosting#api-keys # # Or use this command to generate (requires jwt-cli): # jwt encode --secret YOUR_JWT_SECRET --alg HS256 --exp '+100y' '{"role":"anon","iss":"supabase"}' # jwt encode --secret YOUR_JWT_SECRET --alg HS256 --exp '+100y' '{"role":"service_role","iss":"supabase"}' ANON_KEY=CHANGE_ME_generate_with_jwt_tool SERVICE_ROLE_KEY=CHANGE_ME_generate_with_jwt_tool # =========================================== # AUTH CONFIGURATION # =========================================== # Set to true to disable public signups (invite-only) DISABLE_SIGNUP=false # Set to false in production to require email verification ENABLE_EMAIL_AUTOCONFIRM=false # Allowed redirect URLs after auth (comma-separated) ADDITIONAL_REDIRECT_URLS=https://portal.monacousa.org/auth/callback,https://portal.monacousa.org/auth/verify # Rate limit for emails (per hour) RATE_LIMIT_EMAIL_SENT=100 # =========================================== # SMTP EMAIL CONFIGURATION # =========================================== # Required for email verification, password reset, invites SMTP_HOST=mail.monacousa.org SMTP_PORT=587 SMTP_USER=noreply@monacousa.org SMTP_PASS=CHANGE_ME_smtp_password SMTP_ADMIN_EMAIL=noreply@monacousa.org SMTP_SENDER_NAME=Monaco USA # =========================================== # REALTIME / SECURITY # =========================================== # Generate with: openssl rand -base64 64 SECRET_KEY_BASE=CHANGE_ME_use_openssl_rand_base64_64 # =========================================== # POSTGREST # =========================================== PGRST_DB_SCHEMAS=public,storage,graphql_public # =========================================== # SVELTEKIT CONFIGURATION # =========================================== # Body size limit for file uploads (50MB = 52428800 bytes) BODY_SIZE_LIMIT=52428800 # =========================================== # TRAEFIK DASHBOARD AUTH (Optional) # =========================================== # Generate with: htpasswd -nb admin yourpassword # Or use: echo $(htpasswd -nb admin yourpassword) | sed -e s/\\$/\\$\\$/g # The double $$ is required for docker-compose TRAEFIK_DASHBOARD_AUTH=admin:$$apr1$$CHANGE_ME # =========================================== # STUDIO AUTH (Optional - for Supabase Studio access) # =========================================== # Generate with: htpasswd -nb admin yourpassword # Or use: echo $(htpasswd -nb admin yourpassword) | sed -e s/\\$/\\$\\$/g STUDIO_AUTH=admin:$$apr1$$CHANGE_ME