Patrick Plate
b38902a7ee
- docker-compose.prod.yml: production Docker Compose with health checks, logging, restart policies, resource limits - deploy/nginx/cannamanage.conf: Nginx reverse proxy with TLS, CSP, security headers, rate limiting - deploy/.env.production.example: environment template for secrets - deploy/backup.sh: GPG-encrypted daily/weekly PostgreSQL backup with retention - deploy/deploy.sh: manual deploy script with health check verification - .gitea/workflows/deploy.yml: Gitea Actions CI/CD pipeline (test + deploy) - application-production.properties: Spring Boot production profile (no stacktraces, Swagger disabled, Stripe) - .gitignore: added .env to prevent accidental secret commits
42 lines
1.3 KiB
Bash
42 lines
1.3 KiB
Bash
# =============================================================================
|
|
# Cannamanage Production Environment Variables
|
|
# =============================================================================
|
|
# Copy this file to .env in the project root on the production server:
|
|
# cp deploy/.env.production.example .env
|
|
# Then fill in all CHANGE_ME values with real secrets.
|
|
# =============================================================================
|
|
|
|
# --- Database ---
|
|
DB_NAME=cannamanage
|
|
DB_USER=cannamanage
|
|
DB_PASSWORD=CHANGE_ME_STRONG_PASSWORD
|
|
|
|
# --- JWT ---
|
|
# Minimum 32 characters, random. Generate with: openssl rand -base64 48
|
|
CANNAMANAGE_SECURITY_JWT_SECRET=CHANGE_ME_MINIMUM_32_CHARACTERS_RANDOM
|
|
JWT_SECRET=CHANGE_ME_MINIMUM_32_CHARACTERS_RANDOM
|
|
|
|
# --- NextAuth ---
|
|
# Generate with: openssl rand -base64 32
|
|
NEXTAUTH_SECRET=CHANGE_ME_RANDOM_32_CHARS
|
|
NEXTAUTH_URL=https://cannamanage.plate-software.de
|
|
|
|
# --- Stripe ---
|
|
STRIPE_SECRET_KEY=sk_live_CHANGE_ME
|
|
STRIPE_WEBHOOK_SECRET=whsec_CHANGE_ME
|
|
STRIPE_PUBLISHABLE_KEY=pk_live_CHANGE_ME
|
|
|
|
# --- Email (SMTP) ---
|
|
SMTP_HOST=smtp.example.com
|
|
SMTP_PORT=587
|
|
SMTP_USERNAME=CHANGE_ME
|
|
SMTP_PASSWORD=CHANGE_ME
|
|
SMTP_AUTH=true
|
|
SMTP_STARTTLS=true
|
|
MAIL_FROM=noreply@cannamanage.de
|
|
|
|
# --- Backup ---
|
|
BACKUP_GPG_RECIPIENT=cannamanage-backup
|
|
BACKUP_RETENTION_DAYS=7
|
|
BACKUP_RETENTION_WEEKS=4
|