veza/docker-compose.env.example

# =============================================================================
# Docker Compose - Production Environment Variables Example
# =============================================================================
#
# This file contains production-ready environment variables for docker-compose.
# Copy this file to .env and update with your production values.
#
# IMPORTANT: This file uses variable substitution in docker-compose.production.yml
#
# =============================================================================

# =============================================================================
# DATABASE CONFIGURATION (PRODUCTION)
# =============================================================================

# PostgreSQL Database
POSTGRES_DB=veza_production
POSTGRES_USER=veza_prod_user
POSTGRES_PASSWORD=CHANGE_THIS_STRONG_PASSWORD

# Full database connection URL
# Format: postgres://user:password@host:port/database?sslmode=require
DATABASE_URL=postgres://veza_prod_user:CHANGE_THIS_STRONG_PASSWORD@postgres:5432/veza_production?sslmode=require

# =============================================================================
# REDIS CONFIGURATION (PRODUCTION)
# =============================================================================

# Redis password (REQUIRED for production)
# Generate a strong password: openssl rand -base64 32
REDIS_PASSWORD=CHANGE_THIS_STRONG_REDIS_PASSWORD

# Full Redis connection URL with password
# Format: redis://:password@host:port
REDIS_URL=redis://:CHANGE_THIS_STRONG_REDIS_PASSWORD@redis:6379

# =============================================================================
# JWT AUTHENTICATION (PRODUCTION)
# =============================================================================

# JWT secret key (REQUIRED - MUST BE STRONG!)
# Generate: openssl rand -base64 64
JWT_SECRET=CHANGE_THIS_VERY_STRONG_JWT_SECRET_USE_OPENSSL_RAND_BASE64_64

# JWT token expiration time
JWT_EXPIRY=24h

# =============================================================================
# API CONFIGURATION (PRODUCTION)
# =============================================================================

# API environment
API_ENV=production

# Log level (info, warn, error for production)
LOG_LEVEL=info

# ClamAV (REQUIRED in production - startup will fail if CLAMAV_REQUIRED=false)
# Virus scanning is mandatory for all file uploads in production
ENABLE_CLAMAV=true
CLAMAV_REQUIRED=true

# =============================================================================
# FRONTEND CONFIGURATION (PRODUCTION)
# =============================================================================

# Backend API URL (must use HTTPS in production)
VITE_API_URL=https://api.yourdomain.com/api

# WebSocket URL for Chat Server (must use WSS in production)
VITE_WS_URL=wss://api.yourdomain.com/ws

# WebSocket URL for Stream Server (must use WSS in production)
VITE_STREAM_URL=wss://stream.yourdomain.com/stream

# =============================================================================
# SECURITY CHECKLIST
# =============================================================================
#
# Before deploying to production:
#
# [ ] Changed all default passwords
# [ ] Generated strong JWT_SECRET (64+ characters)
# [ ] Set strong REDIS_PASSWORD
# [ ] Set strong POSTGRES_PASSWORD
# [ ] Updated all URLs to use HTTPS/WSS
# [ ] Set API_ENV=production
# [ ] Set LOG_LEVEL=info (or higher)
# [ ] Verified DATABASE_URL uses sslmode=require
# [ ] Stored .env file securely (not in git)
# [ ] Configured backups for database
# [ ] Set up monitoring and alerts
#
# =============================================================================