# Veza Environment - Copy to .env and customize # ============================================= # PORT ISOLATION: Veza uses 15xxx/16xxx ports by default to avoid conflicts # with other projects (postgres 5432, redis 6379, rabbitmq 5672, backend 8080). # # Backend on HOST connects to Docker via these mapped ports. # Backend in DOCKER uses internal names (postgres:5432, redis:6379, rabbitmq:5672). # Domain (must match /etc/hosts: 127.0.0.1 veza.fr) APP_DOMAIN=veza.fr # Docker Compose - host port mappings (override if needed) PORT_POSTGRES=15432 PORT_REDIS=16379 PORT_RABBITMQ_AMQP=15672 PORT_RABBITMQ_MGMT=25672 PORT_BACKEND=18080 # Database (used when backend runs on host; matches docker-compose) DB_USER=veza DB_PASSWORD=password DB_NAME=veza # Frontend URL (OAuth redirect, password reset links, email links) # Backend reads FRONTEND_URL or VITE_FRONTEND_URL; fallback: http://localhost:5173 FRONTEND_URL=http://veza.fr:5173 # --- JWT (v0.9.1 RS256) --- # REQUIRED for production: RSA key paths (generate with scripts/generate-jwt-keys.sh) # JWT_PRIVATE_KEY_PATH=/path/to/jwt-private.pem # JWT_PUBLIC_KEY_PATH=/path/to/jwt-public.pem # REQUIRED: JWT_SECRET must be set (no default fallback in docker-compose) JWT_SECRET=min-32-characters-secret-for-development # JWT_ISSUER=veza-api # JWT_AUDIENCE=veza-platform # OAuth Security (v0.902 Sentinel) # OAUTH_ENCRYPTION_KEY: 32+ bytes for AES-256-GCM (hex or base64). REQUIRED in production. # OAUTH_ALLOWED_REDIRECT_DOMAINS: comma-separated whitelist (e.g. https://app.veza.com,https://veza.fr:5173) # OAUTH_ENCRYPTION_KEY=<32-byte-hex-or-base64-key> # OAUTH_ALLOWED_REDIRECT_DOMAINS=https://veza.fr:5173,https://app.veza.com # CHAT_JWT_SECRET: Must differ from JWT_SECRET in production. Use a separate secret for the Chat Server. # CHAT_JWT_SECRET=<32+ character secret different from JWT_SECRET> # For veza-backend-api/.env (backend on host): # DATABASE_URL=postgres://veza:password@veza.fr:15432/veza?sslmode=disable # REDIS_URL=redis://:password@veza.fr:16379 # REDIS_PASSWORD=devpassword # RABBITMQ_URL=amqp://veza:password@veza.fr:15672/ # # Stripe Connect (seller payout, optional): # STRIPE_CONNECT_ENABLED=true # STRIPE_SECRET_KEY=sk_xxx # STRIPE_CONNECT_WEBHOOK_SECRET=whsec_xxx # # Platform fee rate on marketplace sales (0.10 = 10%) # PLATFORM_FEE_RATE=0.10 # # Transfer Retry Worker (v0.701, default: enabled, 3 max retries, 5m interval) # TRANSFER_RETRY_ENABLED=true # TRANSFER_RETRY_MAX=3 # TRANSFER_RETRY_INTERVAL=5m # # Live Streaming (v0.10.6 F471) — Nginx-RTMP callbacks & HLS URL # RTMP_CALLBACK_SECRET: shared secret for Nginx-RTMP on_publish/publish_done callbacks # STREAM_HLS_BASE_URL: base URL for HLS playlists (e.g. http://localhost:18083/live) # NGINX_RTMP_HOST: host for rtmp_url shown to streamers (e.g. stream.veza.app) # RTMP_CALLBACK_SECRET= # STREAM_HLS_BASE_URL=http://localhost:18083/live # NGINX_RTMP_HOST=localhost