116 lines
4.5 KiB
Text
116 lines
4.5 KiB
Text
# =============================================================================
|
|
# Docker Compose - Production Environment Variables Example
|
|
# =============================================================================
|
|
#
|
|
# This file contains production-ready environment variables for docker-compose.
|
|
# Copy this file to .env and update with your production values.
|
|
#
|
|
# IMPORTANT: This file uses variable substitution in docker-compose.production.yml
|
|
#
|
|
# =============================================================================
|
|
|
|
# =============================================================================
|
|
# DATABASE CONFIGURATION (PRODUCTION)
|
|
# =============================================================================
|
|
|
|
# PostgreSQL Database
|
|
POSTGRES_DB=veza_production
|
|
POSTGRES_USER=veza_prod_user
|
|
POSTGRES_PASSWORD=CHANGE_THIS_STRONG_PASSWORD
|
|
|
|
# Full database connection URL
|
|
# Format: postgres://user:password@host:port/database?sslmode=require
|
|
DATABASE_URL=postgres://veza_prod_user:CHANGE_THIS_STRONG_PASSWORD@postgres:5432/veza_production?sslmode=require
|
|
|
|
# =============================================================================
|
|
# REDIS CONFIGURATION (PRODUCTION)
|
|
# =============================================================================
|
|
|
|
# Redis password (REQUIRED for production)
|
|
# Generate a strong password: openssl rand -base64 32
|
|
REDIS_PASSWORD=CHANGE_THIS_STRONG_REDIS_PASSWORD
|
|
|
|
# Full Redis connection URL with password
|
|
# Format: redis://:password@host:port
|
|
REDIS_URL=redis://:CHANGE_THIS_STRONG_REDIS_PASSWORD@redis:6379
|
|
|
|
# =============================================================================
|
|
# JWT AUTHENTICATION (PRODUCTION)
|
|
# =============================================================================
|
|
|
|
# JWT secret key (REQUIRED - MUST BE STRONG!)
|
|
# Generate: openssl rand -base64 64
|
|
JWT_SECRET=CHANGE_THIS_VERY_STRONG_JWT_SECRET_USE_OPENSSL_RAND_BASE64_64
|
|
|
|
# JWT token expiration time
|
|
JWT_EXPIRY=24h
|
|
|
|
# =============================================================================
|
|
# API CONFIGURATION (PRODUCTION)
|
|
# =============================================================================
|
|
|
|
# API environment
|
|
API_ENV=production
|
|
|
|
# Log level (info, warn, error for production)
|
|
LOG_LEVEL=info
|
|
|
|
# ClamAV (REQUIRED in production - startup will fail if CLAMAV_REQUIRED=false)
|
|
# Virus scanning is mandatory for all file uploads in production
|
|
ENABLE_CLAMAV=true
|
|
CLAMAV_REQUIRED=true
|
|
|
|
# =============================================================================
|
|
# PAYMENTS (HYPERSWITCH) - PRODUCTION
|
|
# =============================================================================
|
|
#
|
|
# For real checkout in production, Hyperswitch MUST be enabled.
|
|
# When HYPERSWITCH_ENABLED=false, orders complete without real payment (dev only).
|
|
#
|
|
# HYPERSWITCH_ENABLED=true
|
|
# HYPERSWITCH_URL=http://hyperswitch:8080
|
|
# HYPERSWITCH_API_KEY=your_api_key_from_control_center
|
|
# HYPERSWITCH_WEBHOOK_SECRET=whsec_xxx
|
|
# HYPERSWITCH_DB_USER=hyperswitch
|
|
# HYPERSWITCH_DB_PASS=CHANGE_THIS_HYPERSWITCH_DB_PASSWORD
|
|
# HYPERSWITCH_DB_NAME=hyperswitch
|
|
# CHECKOUT_SUCCESS_URL=https://yourdomain.com/purchases
|
|
#
|
|
# Frontend (build-time): VITE_HYPERSWITCH_PUBLISHABLE_KEY=pk_xxx
|
|
#
|
|
# See docs/PAYMENTS_SETUP.md for full setup.
|
|
# =============================================================================
|
|
|
|
# =============================================================================
|
|
# FRONTEND CONFIGURATION (PRODUCTION)
|
|
# =============================================================================
|
|
|
|
# Backend API URL (must use HTTPS in production)
|
|
VITE_API_URL=https://api.yourdomain.com/api
|
|
|
|
# WebSocket URL for Chat Server (must use WSS in production)
|
|
VITE_WS_URL=wss://api.yourdomain.com/ws
|
|
|
|
# WebSocket URL for Stream Server (must use WSS in production)
|
|
VITE_STREAM_URL=wss://stream.yourdomain.com/stream
|
|
|
|
# =============================================================================
|
|
# SECURITY CHECKLIST
|
|
# =============================================================================
|
|
#
|
|
# Before deploying to production:
|
|
#
|
|
# [ ] Changed all default passwords
|
|
# [ ] Generated strong JWT_SECRET (64+ characters)
|
|
# [ ] Set strong REDIS_PASSWORD
|
|
# [ ] Set strong POSTGRES_PASSWORD
|
|
# [ ] Updated all URLs to use HTTPS/WSS
|
|
# [ ] Set API_ENV=production
|
|
# [ ] Set LOG_LEVEL=info (or higher)
|
|
# [ ] Verified DATABASE_URL uses sslmode=require
|
|
# [ ] Stored .env file securely (not in git)
|
|
# [ ] Configured backups for database
|
|
# [ ] Set up monitoring and alerts
|
|
#
|
|
# =============================================================================
|
|
|