inital
This commit is contained in:
Matthias Hochmeister
279
.env.example
Normal file
279
.env.example
Normal file
@@ -0,0 +1,279 @@
|
||||
# ============================================================================
|
||||
# FEUERWEHR DASHBOARD - ENVIRONMENT CONFIGURATION
|
||||
# ============================================================================
|
||||
# This file contains all environment variables needed for the application.
|
||||
# Copy this file to .env and fill in your actual values.
|
||||
#
|
||||
# IMPORTANT SECURITY NOTES:
|
||||
# - Never commit .env file to version control
|
||||
# - Use strong, randomly generated passwords for production
|
||||
# - Rotate secrets regularly
|
||||
# - Keep this file secure with restricted permissions (chmod 600 .env)
|
||||
# ============================================================================
|
||||
|
||||
# ============================================================================
|
||||
# DATABASE CONFIGURATION
|
||||
# ============================================================================
|
||||
|
||||
# Database name
|
||||
# Default: feuerwehr_prod
|
||||
# Development: feuerwehr_dev
|
||||
POSTGRES_DB=feuerwehr_prod
|
||||
|
||||
# Database user
|
||||
# Default: prod_user
|
||||
# Development: dev_user
|
||||
POSTGRES_USER=prod_user
|
||||
|
||||
# Database password
|
||||
# REQUIRED in production!
|
||||
# Generate with: openssl rand -base64 24
|
||||
# WARNING: Never use simple passwords in production!
|
||||
POSTGRES_PASSWORD=your_secure_password_here
|
||||
|
||||
# Database port
|
||||
# Default: 5432 (PostgreSQL default)
|
||||
# Change if port 5432 is already in use
|
||||
POSTGRES_PORT=5432
|
||||
|
||||
# ============================================================================
|
||||
# BACKEND CONFIGURATION
|
||||
# ============================================================================
|
||||
|
||||
# Backend API port
|
||||
# Default: 3000
|
||||
# The port where the Node.js backend API will listen
|
||||
BACKEND_PORT=3000
|
||||
|
||||
# Node environment
|
||||
# Options: development | production | test
|
||||
# Production: Enables optimizations and security features
|
||||
# Development: Enables debug logging and hot reload
|
||||
NODE_ENV=production
|
||||
|
||||
# Database connection URL
|
||||
# Auto-constructed in docker-compose.yml, but can be overridden
|
||||
# Format: postgresql://USER:PASSWORD@HOST:PORT/DATABASE
|
||||
# For Docker: Use service name (postgres) as host
|
||||
# For local dev: Use localhost
|
||||
# DATABASE_URL=postgresql://prod_user:your_secure_password_here@postgres:5432/feuerwehr_prod
|
||||
|
||||
# ============================================================================
|
||||
# JWT CONFIGURATION
|
||||
# ============================================================================
|
||||
|
||||
# JWT Secret Key
|
||||
# REQUIRED in production!
|
||||
# Used to sign and verify JWT tokens
|
||||
# Generate with: openssl rand -base64 32
|
||||
# WARNING: Keep this secret! Never share or commit this value!
|
||||
# SECURITY: Change this value if it's ever compromised
|
||||
JWT_SECRET=your_jwt_secret_here
|
||||
|
||||
# JWT Token Expiration (optional)
|
||||
# Access token expiration in seconds
|
||||
# Default: 3600 (1 hour)
|
||||
# JWT_ACCESS_EXPIRATION=3600
|
||||
|
||||
# Refresh token expiration in seconds
|
||||
# Default: 86400 (24 hours)
|
||||
# JWT_REFRESH_EXPIRATION=86400
|
||||
|
||||
# ============================================================================
|
||||
# CORS CONFIGURATION
|
||||
# ============================================================================
|
||||
|
||||
# CORS Allowed Origin
|
||||
# The frontend URL that is allowed to make requests to the backend
|
||||
# IMPORTANT: Must match your frontend URL exactly!
|
||||
# Development: http://localhost:5173 (Vite dev server)
|
||||
# Production: https://dashboard.yourdomain.com
|
||||
# Multiple origins: Use comma-separated values (if supported by your setup)
|
||||
CORS_ORIGIN=http://localhost:80
|
||||
|
||||
# ============================================================================
|
||||
# FRONTEND CONFIGURATION
|
||||
# ============================================================================
|
||||
|
||||
# Frontend port
|
||||
# Default: 80 (HTTP)
|
||||
# Use 443 for HTTPS (requires SSL certificate)
|
||||
FRONTEND_PORT=80
|
||||
|
||||
# API URL for frontend
|
||||
# The URL where the frontend will send API requests
|
||||
# Development: http://localhost:3000
|
||||
# Production: https://api.yourdomain.com
|
||||
# IMPORTANT: Must be accessible from the user's browser!
|
||||
VITE_API_URL=http://localhost:3000
|
||||
|
||||
# ============================================================================
|
||||
# AUTHENTIK OAUTH CONFIGURATION
|
||||
# ============================================================================
|
||||
# Get these values from your Authentik instance
|
||||
# See AUTHENTIK_SETUP.md for detailed configuration guide
|
||||
|
||||
# OAuth Client ID
|
||||
# From Authentik: Applications → Providers → Your Provider
|
||||
# REQUIRED for authentication to work!
|
||||
AUTHENTIK_CLIENT_ID=your_client_id_here
|
||||
|
||||
# OAuth Client Secret
|
||||
# From Authentik: Applications → Providers → Your Provider
|
||||
# REQUIRED for authentication to work!
|
||||
# WARNING: Keep this secret! Never share or commit this value!
|
||||
AUTHENTIK_CLIENT_SECRET=your_client_secret_here
|
||||
|
||||
# OAuth Issuer URL
|
||||
# From Authentik: Applications → Providers → Your Provider → OpenID Configuration
|
||||
# Format: https://auth.yourdomain.com/application/o/your-app-slug/
|
||||
# IMPORTANT: Must end with a trailing slash (/)
|
||||
# Development: http://localhost:9000/application/o/feuerwehr-dashboard/
|
||||
# Production: https://auth.yourdomain.com/application/o/feuerwehr-dashboard/
|
||||
AUTHENTIK_ISSUER=https://auth.yourdomain.com/application/o/feuerwehr-dashboard/
|
||||
|
||||
# OAuth Redirect URI
|
||||
# The URL where Authentik will redirect after successful authentication
|
||||
# Must match EXACTLY what you configured in Authentik
|
||||
# Development: http://localhost:5173/auth/callback
|
||||
# Production: https://dashboard.yourdomain.com/auth/callback
|
||||
AUTHENTIK_REDIRECT_URI=https://dashboard.yourdomain.com/auth/callback
|
||||
|
||||
# OAuth Scopes (optional, has defaults)
|
||||
# Default: openid profile email
|
||||
# AUTHENTIK_SCOPES=openid profile email
|
||||
|
||||
# ============================================================================
|
||||
# LOGGING CONFIGURATION (Optional)
|
||||
# ============================================================================
|
||||
|
||||
# Log level
|
||||
# Options: error | warn | info | debug
|
||||
# Production: info or warn
|
||||
# Development: debug
|
||||
# LOG_LEVEL=info
|
||||
|
||||
# Log file path (optional)
|
||||
# Default: logs/app.log
|
||||
# LOG_FILE_PATH=logs/app.log
|
||||
|
||||
# ============================================================================
|
||||
# RATE LIMITING CONFIGURATION (Optional)
|
||||
# ============================================================================
|
||||
|
||||
# Rate limit window in milliseconds
|
||||
# Default: 900000 (15 minutes)
|
||||
# RATE_LIMIT_WINDOW_MS=900000
|
||||
|
||||
# Maximum requests per window
|
||||
# Default: 100
|
||||
# RATE_LIMIT_MAX=100
|
||||
|
||||
# ============================================================================
|
||||
# DEVELOPMENT OVERRIDES
|
||||
# ============================================================================
|
||||
# Uncomment these for local development outside Docker
|
||||
|
||||
# Development database connection (when running backend locally)
|
||||
# DATABASE_URL=postgresql://dev_user:dev_password@localhost:5432/feuerwehr_dev
|
||||
|
||||
# Development Authentik configuration
|
||||
# AUTHENTIK_ISSUER=http://localhost:9000/application/o/feuerwehr-dashboard/
|
||||
# AUTHENTIK_REDIRECT_URI=http://localhost:5173/auth/callback
|
||||
|
||||
# Development CORS (allow Vite dev server)
|
||||
# CORS_ORIGIN=http://localhost:5173
|
||||
|
||||
# Development API URL (for frontend .env)
|
||||
# VITE_API_URL=http://localhost:3000
|
||||
|
||||
# ============================================================================
|
||||
# EXAMPLE: COMPLETE DEVELOPMENT CONFIGURATION
|
||||
# ============================================================================
|
||||
#
|
||||
# POSTGRES_DB=feuerwehr_dev
|
||||
# POSTGRES_USER=dev_user
|
||||
# POSTGRES_PASSWORD=dev_password
|
||||
# POSTGRES_PORT=5432
|
||||
# BACKEND_PORT=3000
|
||||
# NODE_ENV=development
|
||||
# JWT_SECRET=dev_secret_do_not_use_in_production
|
||||
# CORS_ORIGIN=http://localhost:5173
|
||||
# FRONTEND_PORT=80
|
||||
# VITE_API_URL=http://localhost:3000
|
||||
# AUTHENTIK_CLIENT_ID=dev_client_id
|
||||
# AUTHENTIK_CLIENT_SECRET=dev_client_secret
|
||||
# AUTHENTIK_ISSUER=http://localhost:9000/application/o/feuerwehr-dashboard/
|
||||
# AUTHENTIK_REDIRECT_URI=http://localhost:5173/auth/callback
|
||||
# LOG_LEVEL=debug
|
||||
#
|
||||
# ============================================================================
|
||||
|
||||
# ============================================================================
|
||||
# EXAMPLE: COMPLETE PRODUCTION CONFIGURATION
|
||||
# ============================================================================
|
||||
#
|
||||
# POSTGRES_DB=feuerwehr_prod
|
||||
# POSTGRES_USER=prod_user
|
||||
# POSTGRES_PASSWORD=<generated-with-openssl-rand-base64-24>
|
||||
# POSTGRES_PORT=5432
|
||||
# BACKEND_PORT=3000
|
||||
# NODE_ENV=production
|
||||
# JWT_SECRET=<generated-with-openssl-rand-base64-32>
|
||||
# CORS_ORIGIN=https://dashboard.yourdomain.com
|
||||
# FRONTEND_PORT=80
|
||||
# VITE_API_URL=https://api.yourdomain.com
|
||||
# AUTHENTIK_CLIENT_ID=<from-authentik>
|
||||
# AUTHENTIK_CLIENT_SECRET=<from-authentik>
|
||||
# AUTHENTIK_ISSUER=https://auth.yourdomain.com/application/o/feuerwehr-dashboard/
|
||||
# AUTHENTIK_REDIRECT_URI=https://dashboard.yourdomain.com/auth/callback
|
||||
# LOG_LEVEL=info
|
||||
#
|
||||
# ============================================================================
|
||||
|
||||
# ============================================================================
|
||||
# QUICK SETUP GUIDE
|
||||
# ============================================================================
|
||||
#
|
||||
# 1. Copy this file:
|
||||
# cp .env.example .env
|
||||
#
|
||||
# 2. Generate secure secrets:
|
||||
# JWT_SECRET=$(openssl rand -base64 32)
|
||||
# POSTGRES_PASSWORD=$(openssl rand -base64 24)
|
||||
#
|
||||
# 3. Configure Authentik:
|
||||
# - Follow AUTHENTIK_SETUP.md
|
||||
# - Copy Client ID and Client Secret
|
||||
# - Set correct redirect URIs
|
||||
#
|
||||
# 4. Update URLs:
|
||||
# - Replace yourdomain.com with your actual domain
|
||||
# - Ensure CORS_ORIGIN matches frontend URL
|
||||
# - Ensure VITE_API_URL is accessible from browser
|
||||
#
|
||||
# 5. Secure the file:
|
||||
# chmod 600 .env
|
||||
#
|
||||
# 6. Deploy:
|
||||
# make prod
|
||||
#
|
||||
# ============================================================================
|
||||
|
||||
# ============================================================================
|
||||
# TROUBLESHOOTING
|
||||
# ============================================================================
|
||||
#
|
||||
# - CORS errors: Ensure CORS_ORIGIN exactly matches frontend URL
|
||||
# - Auth errors: Verify all AUTHENTIK_* variables are correct
|
||||
# - Database errors: Check POSTGRES_* credentials match docker-compose.yml
|
||||
# - Token errors: Ensure JWT_SECRET is set and not changed
|
||||
# - Redirect errors: AUTHENTIK_REDIRECT_URI must match Authentik exactly
|
||||
#
|
||||
# For more help, see:
|
||||
# - README.md - General troubleshooting
|
||||
# - DEPLOYMENT.md - Production deployment
|
||||
# - AUTHENTIK_SETUP.md - Authentik configuration
|
||||
# - DEVELOPMENT.md - Development setup
|
||||
#
|
||||
# ============================================================================
|
||||
Reference in New Issue
Block a user