letsbe
/
monacousa-portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
monacousa-portal/.env.production.example

102 lines
3.6 KiB
Plaintext
Raw Blame History

# Monaco USA Portal - Production Environment Configuration
# ========================================================
# Copy this file to .env on your production server and configure all values
#
# IMPORTANT: Never commit .env files to version control!
# ===========================================
# DOMAIN CONFIGURATION
# ===========================================
# Your domain name (without https://)
DOMAIN=portal.monacousa.org
# Email for Let's Encrypt SSL certificate notifications
ACME_EMAIL=matt@monacousa.org
# ===========================================
# POSTGRES DATABASE
# ===========================================
# Use strong, unique passwords - generate with: openssl rand -base64 32
POSTGRES_USER=postgres
POSTGRES_PASSWORD=CHANGE_ME_use_openssl_rand_base64_32
POSTGRES_DB=postgres
# ===========================================
# JWT CONFIGURATION
# ===========================================
# CRITICAL: Generate a unique secret for production!
# Generate with: openssl rand -base64 32
JWT_SECRET=CHANGE_ME_use_openssl_rand_base64_32
JWT_EXPIRY=3600
# ===========================================
# SUPABASE API KEYS
# ===========================================
# Generate these using your JWT_SECRET at:
# https://supabase.com/docs/guides/self-hosting#api-keys
#
# Or use this command to generate (requires jwt-cli):
# jwt encode --secret YOUR_JWT_SECRET --alg HS256 --exp '+100y' '{"role":"anon","iss":"supabase"}'
# jwt encode --secret YOUR_JWT_SECRET --alg HS256 --exp '+100y' '{"role":"service_role","iss":"supabase"}'
ANON_KEY=CHANGE_ME_generate_with_jwt_tool
SERVICE_ROLE_KEY=CHANGE_ME_generate_with_jwt_tool
# ===========================================
# AUTH CONFIGURATION
# ===========================================
# Set to true to disable public signups (invite-only)
DISABLE_SIGNUP=false
# Set to false in production to require email verification
ENABLE_EMAIL_AUTOCONFIRM=false
# Allowed redirect URLs after auth (comma-separated)
ADDITIONAL_REDIRECT_URLS=https://portal.monacousa.org/auth/callback,https://portal.monacousa.org/auth/verify
# Rate limit for emails (per hour)
RATE_LIMIT_EMAIL_SENT=100
# ===========================================
# SMTP EMAIL CONFIGURATION
# ===========================================
# Required for email verification, password reset, invites
SMTP_HOST=mail.monacousa.org
SMTP_PORT=587
SMTP_USER=noreply@monacousa.org
SMTP_PASS=CHANGE_ME_smtp_password
SMTP_ADMIN_EMAIL=noreply@monacousa.org
SMTP_SENDER_NAME=Monaco USA
# ===========================================
# REALTIME / SECURITY
# ===========================================
# Generate with: openssl rand -base64 64
SECRET_KEY_BASE=CHANGE_ME_use_openssl_rand_base64_64
# ===========================================
# POSTGREST
# ===========================================
PGRST_DB_SCHEMAS=public,storage,graphql_public
# ===========================================
# SVELTEKIT CONFIGURATION
# ===========================================
# Body size limit for file uploads (50MB = 52428800 bytes)
BODY_SIZE_LIMIT=52428800
# ===========================================
# TRAEFIK DASHBOARD AUTH (Optional)
# ===========================================
# Generate with: htpasswd -nb admin yourpassword
# Or use: echo $(htpasswd -nb admin yourpassword) | sed -e s/\\$/\\$\\$/g
# The double $$ is required for docker-compose
TRAEFIK_DASHBOARD_AUTH=admin:$$apr1$$CHANGE_ME
# ===========================================
# STUDIO AUTH (Optional - for Supabase Studio access)
# ===========================================
# Generate with: htpasswd -nb admin yourpassword
# Or use: echo $(htpasswd -nb admin yourpassword) | sed -e s/\\$/\\$\\$/g
STUDIO_AUTH=admin:$$apr1$$CHANGE_ME
Reference in New Issue View Git Blame Copy Permalink