345 lines
13 KiB
Plaintext
345 lines
13 KiB
Plaintext
# ============================================================================
|
|
# FEUERWEHR DASHBOARD - ENVIRONMENT CONFIGURATION
|
|
# ============================================================================
|
|
# This file contains all environment variables needed for the application.
|
|
# Copy this file to .env and fill in your actual values.
|
|
#
|
|
# IMPORTANT SECURITY NOTES:
|
|
# - Never commit .env file to version control
|
|
# - Use strong, randomly generated passwords for production
|
|
# - Rotate secrets regularly
|
|
# - Keep this file secure with restricted permissions (chmod 600 .env)
|
|
# ============================================================================
|
|
|
|
# ============================================================================
|
|
# DATABASE CONFIGURATION
|
|
# ============================================================================
|
|
|
|
# Database name
|
|
# Default: feuerwehr_prod
|
|
# Development: feuerwehr_dev
|
|
POSTGRES_DB=feuerwehr_prod
|
|
|
|
# Database user
|
|
# Default: prod_user
|
|
# Development: dev_user
|
|
POSTGRES_USER=prod_user
|
|
|
|
# Database password
|
|
# REQUIRED in production!
|
|
# Generate with: openssl rand -base64 24
|
|
# WARNING: Never use simple passwords in production!
|
|
POSTGRES_PASSWORD=your_secure_password_here
|
|
|
|
# Database port
|
|
# Default: 5432 (PostgreSQL default)
|
|
# Change if port 5432 is already in use
|
|
POSTGRES_PORT=5432
|
|
|
|
# ============================================================================
|
|
# BACKEND CONFIGURATION
|
|
# ============================================================================
|
|
|
|
# Backend API port
|
|
# Default: 3000
|
|
# The port where the Node.js backend API will listen
|
|
BACKEND_PORT=3000
|
|
|
|
# Node environment
|
|
# Options: development | production | test
|
|
# Production: Enables optimizations and security features
|
|
# Development: Enables debug logging and hot reload
|
|
NODE_ENV=production
|
|
|
|
# Database connection URL
|
|
# Auto-constructed in docker-compose.yml, but can be overridden
|
|
# Format: postgresql://USER:PASSWORD@HOST:PORT/DATABASE
|
|
# For Docker: Use service name (postgres) as host
|
|
# For local dev: Use localhost
|
|
# DATABASE_URL=postgresql://prod_user:your_secure_password_here@postgres:5432/feuerwehr_prod
|
|
|
|
# ============================================================================
|
|
# JWT CONFIGURATION
|
|
# ============================================================================
|
|
|
|
# JWT Secret Key
|
|
# REQUIRED in production!
|
|
# Used to sign and verify JWT tokens
|
|
# Generate with: openssl rand -base64 32
|
|
# WARNING: Keep this secret! Never share or commit this value!
|
|
# SECURITY: Change this value if it's ever compromised
|
|
JWT_SECRET=your_jwt_secret_here
|
|
|
|
# JWT Token Expiration (optional)
|
|
# Access token expiration in seconds
|
|
# Default: 3600 (1 hour)
|
|
# JWT_ACCESS_EXPIRATION=3600
|
|
|
|
# Refresh token expiration in seconds
|
|
# Default: 86400 (24 hours)
|
|
# JWT_REFRESH_EXPIRATION=86400
|
|
|
|
# ============================================================================
|
|
# CORS CONFIGURATION
|
|
# ============================================================================
|
|
|
|
# CORS Allowed Origin
|
|
# The frontend URL that is allowed to make requests to the backend
|
|
# IMPORTANT: Must match your frontend URL exactly!
|
|
# Development: http://localhost:5173 (Vite dev server)
|
|
# Production: https://portal.feuerwehr-rems.at
|
|
# Multiple origins: Use comma-separated values (if supported by your setup)
|
|
CORS_ORIGIN=https://portal.feuerwehr-rems.at
|
|
|
|
# ============================================================================
|
|
# FRONTEND CONFIGURATION
|
|
# ============================================================================
|
|
|
|
# Frontend port
|
|
# Default: 80 (HTTP)
|
|
# Use 443 for HTTPS (requires SSL certificate)
|
|
FRONTEND_PORT=80
|
|
|
|
# API URL for frontend
|
|
# The URL where the frontend will send API requests
|
|
# Development: http://localhost:3000
|
|
# Production: https://portal.feuerwehr-rems.at (proxied via nginx /api/)
|
|
# IMPORTANT: Must be accessible from the user's browser!
|
|
VITE_API_URL=https://portal.feuerwehr-rems.at
|
|
|
|
# Authentik URL for frontend
|
|
# The base URL of your Authentik instance (without application path)
|
|
# Development: http://localhost:9000
|
|
# Production: https://auth.firesuite.feuerwehr-rems.at
|
|
# IMPORTANT: Used for OAuth redirect URL construction
|
|
AUTHENTIK_URL=https://auth.firesuite.feuerwehr-rems.at
|
|
|
|
# ============================================================================
|
|
# AUTHENTIK OAUTH CONFIGURATION
|
|
# ============================================================================
|
|
# Get these values from your Authentik instance
|
|
# See AUTHENTIK_SETUP.md for detailed configuration guide
|
|
|
|
# OAuth Client ID
|
|
# From Authentik: Applications → Providers → Your Provider
|
|
# Used by both backend and frontend. REQUIRED for authentication to work!
|
|
AUTHENTIK_CLIENT_ID=your_client_id_here
|
|
|
|
# OAuth Client Secret
|
|
# From Authentik: Applications → Providers → Your Provider
|
|
# REQUIRED for authentication to work!
|
|
# WARNING: Keep this secret! Never share or commit this value!
|
|
AUTHENTIK_CLIENT_SECRET=your_client_secret_here
|
|
|
|
# OAuth Issuer URL
|
|
# From Authentik: Applications → Providers → Your Provider → OpenID Configuration
|
|
# Format: https://auth.firesuite.feuerwehr-rems.at/application/o/your-app-slug/
|
|
# IMPORTANT: Must end with a trailing slash (/)
|
|
# Development: http://localhost:9000/application/o/feuerwehr-dashboard/
|
|
# Production: https://auth.firesuite.feuerwehr-rems.at/application/o/feuerwehr-dashboard/
|
|
AUTHENTIK_ISSUER=https://auth.firesuite.feuerwehr-rems.at/application/o/feuerwehr-dashboard/
|
|
|
|
# OAuth Redirect URI
|
|
# The URL where Authentik will redirect after successful authentication
|
|
# Must match EXACTLY what you configured in Authentik
|
|
# Development: http://localhost:5173/auth/callback
|
|
# Production: https://portal.feuerwehr-rems.at/auth/callback
|
|
AUTHENTIK_REDIRECT_URI=https://portal.feuerwehr-rems.at/auth/callback
|
|
|
|
# OAuth Scopes (optional, has defaults)
|
|
# Default: openid profile email
|
|
# AUTHENTIK_SCOPES=openid profile email
|
|
|
|
# ============================================================================
|
|
# NEXTCLOUD CONFIGURATION
|
|
# ============================================================================
|
|
|
|
# Nextcloud base URL
|
|
# The URL of your Nextcloud instance
|
|
# Used by the backend for Nextcloud integration
|
|
NEXTCLOUD_URL=https://cloud.feuerwehr-rems.at
|
|
|
|
# ============================================================================
|
|
# BOOKSTACK CONFIGURATION
|
|
# ============================================================================
|
|
|
|
# BookStack base URL
|
|
# The URL of your BookStack instance (without trailing slash)
|
|
BOOKSTACK_URL=https://docs.feuerwehr-rems.at
|
|
|
|
# BookStack API Token ID
|
|
# Create via BookStack user profile → API Tokens
|
|
BOOKSTACK_TOKEN_ID=your_bookstack_token_id
|
|
|
|
# BookStack API Token Secret
|
|
# Create via BookStack user profile → API Tokens
|
|
# WARNING: Keep this secret!
|
|
BOOKSTACK_TOKEN_SECRET=your_bookstack_token_secret
|
|
|
|
# ============================================================================
|
|
# VIKUNJA CONFIGURATION
|
|
# ============================================================================
|
|
|
|
# Vikunja base URL
|
|
# The URL of your Vikunja instance (without trailing slash)
|
|
VIKUNJA_URL=https://tasks.feuerwehr-rems.at
|
|
|
|
# Vikunja API Token
|
|
# Create via Vikunja user settings → API Tokens
|
|
# WARNING: Keep this secret!
|
|
VIKUNJA_API_TOKEN=your_vikunja_api_token
|
|
|
|
# ============================================================================
|
|
# FDISK SYNC CONFIGURATION
|
|
# ============================================================================
|
|
|
|
# FDISK login credentials
|
|
# Used by the fdisk-sync service to scrape member data from app.fdisk.at
|
|
# REQUIRED for the sync service to work
|
|
FDISK_USERNAME=your_fdisk_username
|
|
FDISK_PASSWORD=your_fdisk_password
|
|
|
|
# Internal URL of the fdisk-sync control server
|
|
# Used by the backend to proxy manual trigger and log requests
|
|
# In Docker Compose this is fixed — only change if you remap the port
|
|
FDISK_SYNC_URL=http://fdisk-sync:3001
|
|
|
|
# ============================================================================
|
|
# LOGGING CONFIGURATION (Optional)
|
|
# ============================================================================
|
|
|
|
# Log level
|
|
# Options: error | warn | info | debug
|
|
# Production: info or warn
|
|
# Development: debug
|
|
# LOG_LEVEL=info
|
|
|
|
# Log file path (optional)
|
|
# Default: logs/app.log
|
|
# LOG_FILE_PATH=logs/app.log
|
|
|
|
# ============================================================================
|
|
# RATE LIMITING CONFIGURATION (Optional)
|
|
# ============================================================================
|
|
|
|
# Rate limit window in milliseconds
|
|
# Default: 900000 (15 minutes)
|
|
# RATE_LIMIT_WINDOW_MS=900000
|
|
|
|
# Maximum requests per window
|
|
# Default: 100
|
|
# RATE_LIMIT_MAX=100
|
|
|
|
# ============================================================================
|
|
# DEVELOPMENT OVERRIDES
|
|
# ============================================================================
|
|
# Uncomment these for local development outside Docker
|
|
|
|
# Development database connection (when running backend locally)
|
|
# DATABASE_URL=postgresql://dev_user:dev_password@localhost:5432/feuerwehr_dev
|
|
|
|
# Development Authentik configuration
|
|
# AUTHENTIK_ISSUER=http://localhost:9000/application/o/feuerwehr-dashboard/
|
|
# AUTHENTIK_REDIRECT_URI=http://localhost:5173/auth/callback
|
|
|
|
# Development CORS (allow Vite dev server)
|
|
# CORS_ORIGIN=http://localhost:5173
|
|
|
|
# Development API URL (for frontend .env)
|
|
# VITE_API_URL=http://localhost:3000
|
|
|
|
# ============================================================================
|
|
# EXAMPLE: COMPLETE DEVELOPMENT CONFIGURATION
|
|
# ============================================================================
|
|
#
|
|
# POSTGRES_DB=feuerwehr_dev
|
|
# POSTGRES_USER=dev_user
|
|
# POSTGRES_PASSWORD=dev_password
|
|
# POSTGRES_PORT=5432
|
|
# BACKEND_PORT=3000
|
|
# NODE_ENV=development
|
|
# JWT_SECRET=dev_secret_do_not_use_in_production
|
|
# CORS_ORIGIN=http://localhost:5173
|
|
# FRONTEND_PORT=80
|
|
# VITE_API_URL=http://localhost:3000
|
|
# AUTHENTIK_CLIENT_ID=dev_client_id
|
|
# AUTHENTIK_CLIENT_SECRET=dev_client_secret
|
|
# AUTHENTIK_URL=http://localhost:9000
|
|
# AUTHENTIK_ISSUER=http://localhost:9000/application/o/feuerwehr-dashboard/
|
|
# AUTHENTIK_REDIRECT_URI=http://localhost:5173/auth/callback
|
|
# NEXTCLOUD_URL=https://cloud.feuerwehr-rems.at
|
|
# LOG_LEVEL=debug
|
|
#
|
|
# ============================================================================
|
|
|
|
# ============================================================================
|
|
# EXAMPLE: COMPLETE PRODUCTION CONFIGURATION
|
|
# ============================================================================
|
|
#
|
|
# POSTGRES_DB=feuerwehr_prod
|
|
# POSTGRES_USER=prod_user
|
|
# POSTGRES_PASSWORD=<generated-with-openssl-rand-base64-24>
|
|
# POSTGRES_PORT=5432
|
|
# BACKEND_PORT=3000
|
|
# NODE_ENV=production
|
|
# JWT_SECRET=<generated-with-openssl-rand-base64-32>
|
|
# CORS_ORIGIN=https://portal.feuerwehr-rems.at
|
|
# FRONTEND_PORT=80
|
|
# VITE_API_URL=https://portal.feuerwehr-rems.at
|
|
# AUTHENTIK_CLIENT_ID=<from-authentik>
|
|
# AUTHENTIK_CLIENT_SECRET=<from-authentik>
|
|
# AUTHENTIK_URL=https://auth.firesuite.feuerwehr-rems.at
|
|
# AUTHENTIK_ISSUER=https://auth.firesuite.feuerwehr-rems.at/application/o/feuerwehr-dashboard/
|
|
# AUTHENTIK_REDIRECT_URI=https://portal.feuerwehr-rems.at/auth/callback
|
|
# NEXTCLOUD_URL=https://cloud.feuerwehr-rems.at
|
|
# LOG_LEVEL=info
|
|
#
|
|
# ============================================================================
|
|
|
|
# ============================================================================
|
|
# QUICK SETUP GUIDE
|
|
# ============================================================================
|
|
#
|
|
# 1. Copy this file:
|
|
# cp .env.example .env
|
|
#
|
|
# 2. Generate secure secrets:
|
|
# JWT_SECRET=$(openssl rand -base64 32)
|
|
# POSTGRES_PASSWORD=$(openssl rand -base64 24)
|
|
#
|
|
# 3. Configure Authentik:
|
|
# - Follow AUTHENTIK_SETUP.md
|
|
# - Copy Client ID and Client Secret
|
|
# - Set correct redirect URIs
|
|
#
|
|
# 4. Update URLs:
|
|
# - Replace yourdomain.com with your actual domain
|
|
# - Ensure CORS_ORIGIN matches frontend URL
|
|
# - Ensure VITE_API_URL is accessible from browser
|
|
#
|
|
# 5. Secure the file:
|
|
# chmod 600 .env
|
|
#
|
|
# 6. Deploy:
|
|
# make prod
|
|
#
|
|
# ============================================================================
|
|
|
|
# ============================================================================
|
|
# TROUBLESHOOTING
|
|
# ============================================================================
|
|
#
|
|
# - CORS errors: Ensure CORS_ORIGIN exactly matches frontend URL
|
|
# - Auth errors: Verify all AUTHENTIK_* variables are correct
|
|
# - Database errors: Check POSTGRES_* credentials match docker-compose.yml
|
|
# - Token errors: Ensure JWT_SECRET is set and not changed
|
|
# - Redirect errors: AUTHENTIK_REDIRECT_URI must match Authentik exactly
|
|
#
|
|
# For more help, see:
|
|
# - README.md - General troubleshooting
|
|
# - DEPLOYMENT.md - Production deployment
|
|
# - AUTHENTIK_SETUP.md - Authentik configuration
|
|
# - DEVELOPMENT.md - Development setup
|
|
#
|
|
# ============================================================================
|