# ============================================================================= # Docker Compose - Production Environment Variables Example # ============================================================================= # # This file contains production-ready environment variables for docker-compose. # Copy this file to .env and update with your production values. # # IMPORTANT: This file uses variable substitution in docker-compose.production.yml # # ============================================================================= # ============================================================================= # DATABASE CONFIGURATION (PRODUCTION) # ============================================================================= # PostgreSQL Database POSTGRES_DB=veza_production POSTGRES_USER=veza_prod_user POSTGRES_PASSWORD=CHANGE_THIS_STRONG_PASSWORD # Full database connection URL # Format: postgres://user:password@host:port/database?sslmode=require DATABASE_URL=postgres://veza_prod_user:CHANGE_THIS_STRONG_PASSWORD@postgres:5432/veza_production?sslmode=require # ============================================================================= # REDIS CONFIGURATION (PRODUCTION) # ============================================================================= # Redis password (REQUIRED for production) # Generate a strong password: openssl rand -base64 32 REDIS_PASSWORD=CHANGE_THIS_STRONG_REDIS_PASSWORD # Full Redis connection URL with password # Format: redis://:password@host:port REDIS_URL=redis://:CHANGE_THIS_STRONG_REDIS_PASSWORD@redis:6379 # ============================================================================= # JWT AUTHENTICATION (PRODUCTION) # ============================================================================= # JWT secret key (REQUIRED - MUST BE STRONG!) # Generate: openssl rand -base64 64 JWT_SECRET=CHANGE_THIS_VERY_STRONG_JWT_SECRET_USE_OPENSSL_RAND_BASE64_64 # JWT token expiration time JWT_EXPIRY=24h # ============================================================================= # API CONFIGURATION (PRODUCTION) # ============================================================================= # API environment API_ENV=production # Log level (info, warn, error for production) LOG_LEVEL=info # ClamAV (REQUIRED in production - startup will fail if CLAMAV_REQUIRED=false) # Virus scanning is mandatory for all file uploads in production ENABLE_CLAMAV=true CLAMAV_REQUIRED=true # ============================================================================= # FRONTEND CONFIGURATION (PRODUCTION) # ============================================================================= # Backend API URL (must use HTTPS in production) VITE_API_URL=https://api.yourdomain.com/api # WebSocket URL for Chat Server (must use WSS in production) VITE_WS_URL=wss://api.yourdomain.com/ws # WebSocket URL for Stream Server (must use WSS in production) VITE_STREAM_URL=wss://stream.yourdomain.com/stream # ============================================================================= # SECURITY CHECKLIST # ============================================================================= # # Before deploying to production: # # [ ] Changed all default passwords # [ ] Generated strong JWT_SECRET (64+ characters) # [ ] Set strong REDIS_PASSWORD # [ ] Set strong POSTGRES_PASSWORD # [ ] Updated all URLs to use HTTPS/WSS # [ ] Set API_ENV=production # [ ] Set LOG_LEVEL=info (or higher) # [ ] Verified DATABASE_URL uses sslmode=require # [ ] Stored .env file securely (not in git) # [ ] Configured backups for database # [ ] Set up monitoring and alerts # # =============================================================================