130 lines
4.3 KiB
Plaintext
130 lines
4.3 KiB
Plaintext
# ============================================
|
|
# Monaco USA Portal - Production Configuration
|
|
# ============================================
|
|
# Copy this file to .env and configure the values below.
|
|
# Then run ./setup.sh to generate secrets and kong.yml.
|
|
#
|
|
# Variables marked [AUTO-GENERATED] will be created by setup.sh
|
|
# if left empty or containing placeholder text.
|
|
# ============================================
|
|
|
|
# ============================================
|
|
# DOMAIN CONFIGURATION (Required)
|
|
# ============================================
|
|
# Your domain name (without https://)
|
|
DOMAIN=portal.monacousa.org
|
|
|
|
# Email for Let's Encrypt SSL certificates
|
|
ACME_EMAIL=admin@monacousa.org
|
|
|
|
# ============================================
|
|
# DATABASE CONFIGURATION
|
|
# ============================================
|
|
# PostgreSQL settings
|
|
POSTGRES_USER=postgres
|
|
POSTGRES_DB=postgres
|
|
|
|
# [AUTO-GENERATED] Database password - leave as placeholder for auto-generation
|
|
# To generate manually: openssl rand -base64 32
|
|
POSTGRES_PASSWORD=CHANGE_ME_RUN_SETUP_SH
|
|
|
|
# ============================================
|
|
# JWT CONFIGURATION
|
|
# ============================================
|
|
# [AUTO-GENERATED] JWT secret for Supabase auth - leave as placeholder
|
|
# To generate manually: openssl rand -base64 32
|
|
JWT_SECRET=CHANGE_ME_RUN_SETUP_SH
|
|
|
|
# JWT token expiry in seconds (default: 1 hour)
|
|
JWT_EXPIRY=3600
|
|
|
|
# [AUTO-GENERATED] Anonymous API key - leave as placeholder
|
|
# This is a JWT signed with JWT_SECRET with role=anon
|
|
ANON_KEY=your-anon-key-will-be-generated
|
|
|
|
# [AUTO-GENERATED] Service role API key - leave as placeholder
|
|
# This is a JWT signed with JWT_SECRET with role=service_role
|
|
SERVICE_ROLE_KEY=your-service-role-key-will-be-generated
|
|
|
|
# These are aliases used by the portal app
|
|
PUBLIC_SUPABASE_ANON_KEY=${ANON_KEY}
|
|
SUPABASE_SERVICE_ROLE_KEY=${SERVICE_ROLE_KEY}
|
|
|
|
# ============================================
|
|
# REALTIME CONFIGURATION
|
|
# ============================================
|
|
# [AUTO-GENERATED] Secret key for realtime service
|
|
# To generate manually: openssl rand -base64 64
|
|
SECRET_KEY_BASE=generate-a-64-char-secret-key-run-setup-sh
|
|
|
|
# ============================================
|
|
# EMAIL CONFIGURATION (Optional but Recommended)
|
|
# ============================================
|
|
# SMTP settings for sending emails (password resets, invitations, etc.)
|
|
# Leave empty to disable email functionality (users won't receive confirmation emails)
|
|
SMTP_HOST=smtp.gmail.com
|
|
SMTP_PORT=587
|
|
SMTP_USER=
|
|
SMTP_PASS=
|
|
SMTP_ADMIN_EMAIL=noreply@monacousa.org
|
|
SMTP_SENDER_NAME=Monaco USA
|
|
|
|
# Set to true to auto-confirm emails (not recommended for production)
|
|
ENABLE_EMAIL_AUTOCONFIRM=false
|
|
|
|
# Rate limit for emails sent per hour
|
|
RATE_LIMIT_EMAIL_SENT=100
|
|
|
|
# ============================================
|
|
# PORTAL APPLICATION CONFIGURATION
|
|
# ============================================
|
|
# Docker image for the portal app
|
|
# Change this to use a different registry or version
|
|
PORTAL_IMAGE=code.letsbe.solutions/letsbe/monacousa-portal:latest
|
|
|
|
# Maximum file upload size in bytes (default: 50MB)
|
|
BODY_SIZE_LIMIT=52428800
|
|
|
|
# Disable public signup (true = only admin can create accounts)
|
|
DISABLE_SIGNUP=false
|
|
|
|
# Additional redirect URLs for OAuth (comma-separated)
|
|
ADDITIONAL_REDIRECT_URLS=
|
|
|
|
# ============================================
|
|
# POSTGREST CONFIGURATION
|
|
# ============================================
|
|
# Database schemas exposed via REST API
|
|
PGRST_DB_SCHEMAS=public,storage,graphql_public
|
|
|
|
# ============================================
|
|
# SECURITY - DASHBOARD ACCESS (Optional)
|
|
# ============================================
|
|
# Basic auth for Traefik dashboard (format: user:password-hash)
|
|
# Generate with: htpasswd -nB admin
|
|
# Example: admin:$apr1$xyz...
|
|
TRAEFIK_DASHBOARD_AUTH=
|
|
|
|
# Basic auth for Supabase Studio (format: user:password-hash)
|
|
# Generate with: htpasswd -nB admin
|
|
STUDIO_AUTH=
|
|
|
|
# ============================================
|
|
# NOTES
|
|
# ============================================
|
|
# 1. After configuring this file, run: ./setup.sh
|
|
# This will:
|
|
# - Generate any missing secrets
|
|
# - Create kong.yml from template
|
|
# - Validate your configuration
|
|
#
|
|
# 2. Start the services: docker compose up -d
|
|
#
|
|
# 3. Check status: docker compose ps
|
|
#
|
|
# 4. View logs: docker compose logs -f
|
|
#
|
|
# 5. First visit to https://DOMAIN will redirect to /setup
|
|
# to create the initial admin account.
|
|
# ============================================
|