ElaheMessenger/production.env.example at main · ehsanking/ElaheMessenger · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
APP_ENV=production
NODE_ENV=production
APP_URL=https://chat.example.com
ALLOWED_ORIGINS=https://chat.example.com
# Optional CSP connect-src extensions (comma-separated), e.g. push provider endpoints.
CSP_CONNECT_SRC_EXTRA=
POSTGRES_USER=__SET_ME_POSTGRES_USER__
POSTGRES_PASSWORD=__SET_ME_POSTGRES_PASSWORD_MIN_16_CHARS__
POSTGRES_DB=elahe
APP_DB_USER=__SET_ME_APP_DB_USER__
APP_DB_PASSWORD=__SET_ME_APP_DB_PASSWORD_MIN_16_CHARS__
APP_DB_SSLMODE=disable
DATABASE_URL=postgresql://__SET_ME_APP_DB_USER__:__SET_ME_APP_DB_PASSWORD__@db:5432/elahe?schema=public&sslmode=disable
MIGRATION_DATABASE_URL=postgresql://__SET_ME_POSTGRES_USER__:__SET_ME_POSTGRES_PASSWORD__@db:5432/elahe?schema=public&sslmode=disable
# Storage options: For local filesystem leave these unset.  If you wish to
# enable an external object store (e.g. MinIO/S3) provide the endpoint and
# credentials below and implement a storage adapter in the app.  These
# variables are optional.
#MINIO_ENDPOINT=
#MINIO_ACCESS_KEY=
#MINIO_SECRET_KEY=
JWT_SECRET=replace-with-32-plus-char-secret
SESSION_SECRET=replace-with-32-plus-char-secret
ENCRYPTION_KEY=replace-with-32-plus-char-secret
DOWNLOAD_TOKEN_SECRET=replace-with-32-plus-char-secret
LOCAL_CAPTCHA_SECRET=replace-with-32-plus-char-secret
CAPTCHA_PROVIDER=recaptcha
ADMIN_USERNAME=__SET_ME_ADMIN_USERNAME__
ADMIN_PASSWORD=replace-with-strong-admin-password
ADMIN_BOOTSTRAP_PASSWORD_FILE=
ADMIN_BOOTSTRAP_STRICT=false
ADMIN_BOOTSTRAP_FORCE_PASSWORD_CHANGE=true
ADMIN_BOOTSTRAP_RESET_EXISTING=false
OBJECT_STORAGE_DRIVER=local
OBJECT_STORAGE_ROOT=/app/object_storage
ADMIN_BOOTSTRAP_STATE_DIR=/app/runtime_state
OBJECT_STORAGE_ENSURE_OWNERSHIP_RECURSIVE=false
RATE_LIMIT_WINDOW_MS=900000
RATE_LIMIT_MAX_REQUESTS=100
# Optional fail-closed prefixes when Redis-backed rate limiting errors occur.
# Example: login:,2fa:,recover-password:,recovery-question:
RATE_LIMIT_FAIL_CLOSED_PREFIXES=
SOCKET_RATE_LIMIT_WINDOW_MS=10000
SOCKET_RATE_LIMIT_MAX=30
RECAPTCHA_SITE_KEY=
RECAPTCHA_SECRET_KEY=
# ── Email / SMTP ──────────────────────────────────────────────────────────────
# Required for email verification and email-based password recovery.
# Leave blank to disable email features entirely.
SMTP_HOST=
SMTP_PORT=587
# Set SMTP_SECURE=true for port 465 (implicit TLS), false for STARTTLS (587)
SMTP_SECURE=false
SMTP_USER=
SMTP_PASS=
# Sender address shown in outgoing emails (defaults to SMTP_USER if unset)
SMTP_FROM=
# Optional admin email (pre-verified, used for password recovery)
ADMIN_EMAIL=
OAUTH_GOOGLE_CLIENT_ID=
OAUTH_GOOGLE_CLIENT_SECRET=
OAUTH_GITHUB_CLIENT_ID=
OAUTH_GITHUB_CLIENT_SECRET=
OAUTH_OIDC_ISSUER=
OAUTH_OIDC_CLIENT_ID=
OAUTH_OIDC_CLIENT_SECRET=