-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.production.example
More file actions
55 lines (45 loc) · 3.35 KB
/
.env.production.example
File metadata and controls
55 lines (45 loc) · 3.35 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
# Voxium Production Environment
# Copy to .env.production and fill in all values.
# Used by docker-compose.production.yml
# ── Database (managed by Docker Compose — only set POSTGRES_PASSWORD) ────────
POSTGRES_PASSWORD=CHANGE_ME_TO_A_STRONG_PASSWORD
# DATABASE_URL and REDIS_URL are set automatically in docker-compose.production.yml
# ── Auth ─────────────────────────────────────────────────────────────────────
JWT_SECRET=CHANGE_ME_RANDOM_64_CHARS
JWT_REFRESH_SECRET=CHANGE_ME_RANDOM_64_CHARS
# ── TOTP (Two-Factor Authentication) ────────────────────────────────────────
# 32-byte hex key for encrypting TOTP secrets at rest. Generate with: openssl rand -hex 32
TOTP_ENCRYPTION_KEY=
# ── S3 / Object Storage ─────────────────────────────────────────────────────
S3_ASSETS_ENDPOINT=https://s3.yourregion.amazonaws.com
S3_ASSETS_REGION=us-east-1
S3_ACCESS_KEY=
S3_SECRET_KEY=
S3_ASSETS_BUCKET=voxium-assets
# ── SMTP (password reset emails) ────────────────────────────────────────────
SMTP_HOST=smtp.example.com
SMTP_PORT=587
SMTP_USER=
SMTP_PASS=
SMTP_FROM=noreply@yourdomain.com
# ── App ──────────────────────────────────────────────────────────────────────
PORT=3001
## Web origin + Tauri desktop origins (one per platform):
## Windows: https://tauri.localhost | macOS: tauri://localhost | Linux: http://tauri.localhost
CORS_ORIGIN=https://yourdomain.com,https://tauri.localhost,tauri://localhost,http://tauri.localhost
CLIENT_URL=https://yourdomain.com
# ── Reverse Proxy ────────────────────────────────────────────────────────────
# Set to 'true' if running behind a reverse proxy (nginx, Cloudflare) to trust X-Forwarded-* headers
TRUST_PROXY=true
# ── mediasoup (Voice) ─────────────────────────────────────────────────────────
# MEDIASOUP_LISTEN_IP: IP the workers bind to (0.0.0.0 inside Docker)
# MEDIASOUP_ANNOUNCED_IP: Public/LAN IP clients connect to (REQUIRED for voice)
# Port range: each WebRTC transport uses 1 port, 2 per user (send + recv)
MEDIASOUP_LISTEN_IP=0.0.0.0
MEDIASOUP_ANNOUNCED_IP=YOUR_PUBLIC_OR_LAN_IP
MEDIASOUP_MIN_PORT=10000
MEDIASOUP_MAX_PORT=10500
# ── Attachment Cleanup (optional) ────────────────────────────────────────────
# CLEANUP_REPORT_EMAIL=admin@yourdomain.com
# ── Logging (optional) ──────────────────────────────────────────────────────
# LOG_FORMAT=json (default: "dev" for development, "json" for NODE_ENV=production)