veza/.env.example

# Veza Environment - Copy to .env and customize
# =============================================
# PORT ISOLATION: Veza uses 15xxx/16xxx ports by default to avoid conflicts
# with other projects (postgres 5432, redis 6379, rabbitmq 5672, backend 8080).
#
# Backend on HOST connects to Docker via these mapped ports.
# Backend in DOCKER uses internal names (postgres:5432, redis:6379, rabbitmq:5672).

# Domain (must match /etc/hosts: 127.0.0.1 veza.fr)
APP_DOMAIN=veza.fr

# Docker Compose - host port mappings (override if needed)
PORT_POSTGRES=15432
PORT_REDIS=16379
PORT_RABBITMQ_AMQP=15672
PORT_RABBITMQ_MGMT=25672
PORT_BACKEND=18080

# Database (used when backend runs on host; matches docker-compose)
DB_USER=veza
DB_PASSWORD=password
DB_NAME=veza

# Frontend URL (OAuth redirect, password reset links, email links)
# Backend reads FRONTEND_URL or VITE_FRONTEND_URL; fallback: http://localhost:5173
FRONTEND_URL=http://veza.fr:5173

# --- JWT (v0.9.1 RS256) ---
# REQUIRED for production: RSA key paths (generate with scripts/generate-jwt-keys.sh)
# JWT_PRIVATE_KEY_PATH=/path/to/jwt-private.pem
# JWT_PUBLIC_KEY_PATH=/path/to/jwt-public.pem
# Legacy fallback (dev only): JWT_SECRET=min-32-characters-secret-for-development
# JWT_ISSUER=veza-api
# JWT_AUDIENCE=veza-platform

# OAuth Security (v0.902 Sentinel)
# OAUTH_ENCRYPTION_KEY: 32+ bytes for AES-256-GCM (hex or base64). REQUIRED in production.
# OAUTH_ALLOWED_REDIRECT_DOMAINS: comma-separated whitelist (e.g. https://app.veza.com,https://veza.fr:5173)
# OAUTH_ENCRYPTION_KEY=<32-byte-hex-or-base64-key>
# OAUTH_ALLOWED_REDIRECT_DOMAINS=https://veza.fr:5173,https://app.veza.com

# CHAT_JWT_SECRET: Must differ from JWT_SECRET in production. Use a separate secret for the Chat Server.
# CHAT_JWT_SECRET=<32+ character secret different from JWT_SECRET>

# For veza-backend-api/.env (backend on host):
# DATABASE_URL=postgres://veza:password@veza.fr:15432/veza?sslmode=disable
# REDIS_URL=redis://veza.fr:16379
# RABBITMQ_URL=amqp://veza:password@veza.fr:15672/
#
# Stripe Connect (seller payout, optional):
# STRIPE_CONNECT_ENABLED=true
# STRIPE_SECRET_KEY=sk_xxx
# STRIPE_CONNECT_WEBHOOK_SECRET=whsec_xxx
#
# Platform fee rate on marketplace sales (0.10 = 10%)
# PLATFORM_FEE_RATE=0.10
#
# Transfer Retry Worker (v0.701, default: enabled, 3 max retries, 5m interval)
# TRANSFER_RETRY_ENABLED=true
# TRANSFER_RETRY_MAX=3
# TRANSFER_RETRY_INTERVAL=5m