.env.example

###### APP SETTINGS ######
# APPLICATION NAME
# Not critical in Liman, you can leave it untouched.
APP_NAME=Liman

# APPLICATON ENVIRONMENT
# Changes Laravel application environment. Used for development purposes.
# Values: production, local
APP_ENV=production

# APPLICATION KEY
# Used for bcrypt2 hashing, it's generated automatically. You can leave it untouched.
APP_KEY=

# APPLICATION DEBUG MODE
# Raises Ignite error pages for Laravel
APP_DEBUG=false

# APPLICATION URL
# You can leave it untouched.
APP_URL=https://liman.dev

# APPLICATON NOTIFICATION EMAIL
# Changes the e-mail sender that's generated by Liman.
APP_NOTIFICATION_EMAIL=destek@liman.dev

# APPLICATION LANGUAGE
# Sets systemwide language of Liman application.
# Values: tr, en
APP_LANG=en

##### SYSTEM SETTINGS #####
# LARAVEL LOG LEVEL
LOG_LEVEL=debug

# LOG LEVEL
# Changes log level of Liman render engine.
# Values: 0 (Extended), 1 (Minimal), 2 (Extension Log), 3 (Extension Log with Details) 
NEW_LOG_LEVEL=2

# EXTENSION DEVELOPER MODE
# Activates some extension development features like download, debug messages etc.
EXTENSION_DEVELOPER_MODE=false

# QUEUE DRIVER
# Liman queue driver mode, you can leave it untouched. Documentation exists on Laravel documentation.
QUEUE_DRIVER=redis

# BRAND NAME
# Changes login screen brand name
BRAND_NAME="HAVELSAN © 2023"

# AUTH DEFAULT GATE
# Default gate for Liman authentication
DEFAULT_AUTH_GATE=liman

# EXTENSION TIMEOUT
# Extension request timeout parameter, Liman render engine using it
EXTENSION_TIMEOUT=30

# BRANDING ON LOGIN SCREEN
# You can set it from Liman system settings.
# Values: <image url>
BRANDING=

# RENDER ENGINE ADDRESS
# Render engine path of Liman server. You can leave it untouched.
RENDER_ENGINE_ADDRESS=https://127.0.0.1:2806

# HIGH AVAILABILITY MODE
# High availability syncer for Liman. When you enable it, starts syncing between Liman servers on extensions etc.
# Activate it and run on other Liman: php /liman/server/artisan register_liman
HIGH_AVAILABILITY_MODE=false

# IGNORE LDAP CONNECTION CERTIFICATE CHECK
# Disables 636 port certificate checking on Liman but it does not enough for checking.
# You also need to disable it on ldap.conf file as TLS_REQCERT never
LDAP_IGNORE_CERT=false

# CORS TRUSTED_ORIGINS
# You can set trusted origins for CORS requests. Separate multiple origins with commas.
# Example: http://localhost:8080,http://example.com
CORS_TRUSTED_ORIGINS=

# LOGOUT REDIRECT URL
# You can set a custom URL to redirect users after logout.
# Example: https://example.com
LOGOUT_REDIRECT_URL=

# DEPRECATED
LOG_PATH=/liman/logs/liman.log
# DEPRECATED
LOG_EXTENSION_PATH=/liman/logs/extension.log


##### MAIL SETTINGS #####
# MAIL ENABLED
# Enables mail sending
MAIL_ENABLED=false

# MAILER
# Change mail protocol from here, we recommend it leaving it as smtp.
MAIL_MAILER=smtp

# MAIL HOST
# Mail server
MAIL_HOST=0.0.0.0

# MAIL PORT
# Mail server port
MAIL_PORT=1025

# MAIL USERNAME
# The user that exists on mail server
MAIL_USERNAME=

# MAIL PASSWORD
# Password of the user that you set in username field
MAIL_PASSWORD=

# MAIL ENCRYPTION
# Values: tls, ssl
MAIL_ENCRYPTION=tls


##### MARKET SETTINGS #####
# MARKET URL
# The extension market API url
MARKET_URL=https://market.liman.dev

# MARKET CLIENT ID 
# Client ID for authenticated API's for market.
MARKET_CLIENT_ID=

# MARKET CLIENT SECRET 
# Client secret for authenticated API's for market.
MARKET_CLIENT_SECRET=


##### AUTH SETTINGS #####
# ACTIVATE KEYCLOAK LOGIN
KEYCLOAK_ACTIVE=false

# KEYCLOAK CLIENT ID
# Values retrieved from Keycloak Panel > Clients > <client> > Account > Credentials 
KEYCLOAK_CLIENT_ID=

# KEYCLOAK CLIENT SECRET
# Values retrieved from Keycloak Panel > Clients > <client> > Account > Credentials 
KEYCLOAK_CLIENT_SECRET=

# KEYCLOAK REDIRECT URI
# Value is https://<REPLACE_IT_WITH_LIMAN_URL>/keycloak/callback
KEYCLOAK_REDIRECT_URI=https://<REPLACE_IT_WITH_LIMAN_URL>/keycloak/callback

# KEYCLOAK BASE URL
# You can set it from Keycloak panel
# Example value: http://<KEYCLOAK_URL>/auth
KEYCLOAK_BASE_URL=

# KEYCLOAK REALM
# Replace it with your realm name
KEYCLOAK_REALM=

# OTP ENABLED
# Activate Google Authenticator service for 2FA logins
OTP_ENABLED=false

# SESSION EXPIRES ON CLOSE
# Changes session expiration behavior
AUTH_SESSION_EXPIRES_ON_CLOSE=false

# OIDC SETTINGS
# Activate OIDC authentication
# You can use it with any OIDC provider like Keycloak, Auth0 etc.
# Make sure to set the OIDC provider's client ID, secret, and redirect URI.
# You can leave it untouched if you don't use OIDC.
# Values: true, false
OIDC_ACTIVE=false

# OIDC ISSUER URL
# The URL of your OIDC provider's issuer endpoint.
# Example: https://your-oidc-provider.com/realms/your-realm
# Make sure to replace it with your OIDC provider's URL.
# Example value: https://your-oidc-provider.com/realms/your-realm
OIDC_ISSUER_URL=

# OIDC CLIENT ID
# The client ID registered with your OIDC provider.
# Example value: your_client_id
# Make sure to replace it with your OIDC provider's client ID.
OIDC_CLIENT_ID=

# OIDC CLIENT SECRET
# The client secret registered with your OIDC provider.
# Example value: your_client_secret
# Make sure to replace it with your OIDC provider's client secret.
# Note: Keep this secret secure and do not expose it publicly.
OIDC_CLIENT_SECRET=

# OIDC REDIRECT URI
# The redirect URI configured in your OIDC provider.
# This should match the callback URL set in your OIDC provider's client configuration.
# Example value: https://liman.company.com/api/auth/oidc/callback
# Make sure to replace it with your actual redirect URI.
# This is the URL where your application will receive the authentication response from the OIDC provider.
OIDC_REDIRECT_URI=https://<LIMAN_URL_HERE>/api/auth/oidc/callback

# OIDC AUTHORIZATION ENDPOINT
# The endpoint used for user authentication.
# This is typically the authorization endpoint of your OIDC provider.
# Example value: /authorize
# Make sure to replace it with your OIDC provider's authorization endpoint.
# This endpoint is used to initiate the OIDC authentication flow.
OIDC_AUTH_ENDPOINT=/authorize

# OIDC USERINFO ENDPOINT
# The endpoint used to retrieve user information after authentication.
# This is typically the userinfo endpoint of your OIDC provider.
# Example value: /userinfo
# Make sure to replace it with your OIDC provider's userinfo endpoint.
OIDC_USERINFO_ENDPOINT=/userinfo

# OIDC TOKEN ENDPOINT
# The endpoint used to exchange authorization codes for access tokens.
# This is typically the token endpoint of your OIDC provider.
# Example value: /oauth/token
# Make sure to replace it with your OIDC provider's token endpoint.
# This endpoint is used to obtain access tokens after successful authentication.
OIDC_TOKEN_ENDPOINT=/oauth/token


# WEBSOCKET SETTINGS
# Configures Laravel Reverb
REVERB_APP_ID=app
REVERB_APP_KEY=liman-key
REVERB_APP_SECRET=liman-secret
REVERB_HOST=127.0.0.1
REVERB_PORT=6001
REVERB_SCHEME=http

##### DATABASE SETTINGS #####
DB_CONNECTION=pgsql
DB_HOST=127.0.0.1
DB_PORT=5432
DB_DATABASE=liman
DB_USERNAME=liman
DB_PASSWORD=

# POSTGRESQL SSL MODE
# Controls the SSL/TLS connection mode to PostgreSQL
# Values: disable (no SSL), allow (try SSL, fallback to non-SSL), prefer (try SSL first, default),
#         require (require SSL), verify-ca (require SSL and verify CA), verify-full (require SSL and verify CA and hostname)
DB_SSLMODE=prefer

# POSTGRESQL SSL ENABLED
# Enable SSL/TLS encryption for PostgreSQL connections with client certificates (mTLS)
# When true, you must provide SSL certificates below
# Values: true, false
DB_SSL_ENABLED=false

# POSTGRESQL SSL CA CERTIFICATE
# Path to the Certificate Authority (CA) certificate file
# Used to verify the PostgreSQL server's certificate
# Example: /liman/certs/postgres-ca.crt
DB_SSL_CA=

# POSTGRESQL SSL CLIENT CERTIFICATE
# Path to the client certificate file for mTLS authentication
# Required when DB_SSL_ENABLED=true and server requires client certificates
# Example: /liman/certs/postgres-client.crt
DB_SSL_CERT=

# POSTGRESQL SSL CLIENT KEY
# Path to the client private key file for mTLS authentication
# Required when DB_SSL_ENABLED=true and server requires client certificates
# Example: /liman/certs/postgres-client.key
DB_SSL_KEY=

##### REDIS SETTINGS #####
# REDIS HOST
# Redis server host address
REDIS_HOST=127.0.0.1

# REDIS PORT
# Redis server port
REDIS_PORT=6379

# REDIS PASSWORD
# Redis server password (leave empty if no password)
REDIS_PASSWORD=

# REDIS DATABASE
# Default Redis database index
REDIS_DB=0

# REDIS CACHE DATABASE
# Redis database index for cache
REDIS_CACHE_DB=1

# REDIS SCHEME
# Redis connection scheme
# Values: tcp (no SSL), tls (with SSL)
REDIS_SCHEME=tcp

# REDIS SSL ENABLED
# Enable SSL/TLS encryption for Redis connections
# Values: true, false
REDIS_SSL_ENABLED=false

# REDIS SSL CA CERTIFICATE
# Path to the Certificate Authority (CA) certificate file
# Required when REDIS_SSL_ENABLED=true
# Example: /liman/certs/tls-ca-cert-file.crt
REDIS_SSL_CA=

# REDIS SSL CERTIFICATE
# Path to the client certificate file
# Required when REDIS_SSL_ENABLED=true
# Example: /liman/certs/tls-cert-file.crt
REDIS_SSL_CERT=

# REDIS SSL KEY
# Path to the client private key file
# Required when REDIS_SSL_ENABLED=true
# Example: /liman/certs/tls-key-file.key
REDIS_SSL_KEY=

# REDIS SSL VERIFY PEER
# Verify the peer's SSL certificate
# Values: true, false
REDIS_SSL_VERIFY_PEER=true

# REDIS SSL VERIFY PEER NAME
# Verify the peer's certificate name
# Values: true, false
REDIS_SSL_VERIFY_PEER_NAME=false