forked from Loqicx/join
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
110 lines (94 loc) · 4.31 KB
/
.env.example
File metadata and controls
110 lines (94 loc) · 4.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
# =================================================================
# Docker Production Deployment - Environment Variables
# =================================================================
# Copy this file to .env and customize the values for your deployment
# =================================================================
# -----------------------------
# DOMAIN & URL CONFIGURATION
# -----------------------------
# Main domain for the application (both frontend and backend use this domain)
DOMAIN=localhost
# Full API URL that frontend will use to communicate with backend
# Format: https://your-domain/ or http://your-domain/ (for non-SSL)
# Backend is accessible at /api and /admin paths on the main domain
API_URL=https://localhost/
# -----------------------------
# TRAEFIK CONFIGURATION
# -----------------------------
# Ports for Traefik
TRAEFIK_HTTP_PORT=80
TRAEFIK_HTTPS_PORT=443
TRAEFIK_DASHBOARD_PORT=8080
# Traefik log level (DEBUG, INFO, WARN, ERROR)
TRAEFIK_LOG_LEVEL=INFO
# Enable insecure dashboard (set to false in production)
TRAEFIK_DASHBOARD_INSECURE=false
# -----------------------------
# SSL/TLS CONFIGURATION
# -----------------------------
# By default, Traefik provides a self-signed certificate for HTTPS
# For production with a real domain, configure Let's Encrypt:
# 1. Set your domain in DOMAIN variable
# 2. Uncomment ACME_EMAIL below and set your email
# 3. Uncomment certresolver lines in docker-compose.yml
# ACME_EMAIL=admin@yourdomain.com
# -----------------------------
# DJANGO BACKEND CONFIGURATION
# -----------------------------
# Django secret key (MUST change in production!)
# Generate a new one: python -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())'
DJANGO_SECRET_KEY=django-insecure-change-this-in-production-use-a-strong-random-key
# Django debug mode (set to False in production)
DJANGO_DEBUG=False
# Allowed hosts (comma-separated, no spaces)
# Example: backend,localhost,127.0.0.1,yourdomain.com,www.yourdomain.com
DJANGO_ALLOWED_HOSTS=backend,localhost,127.0.0.1
# CSRF trusted origins (comma-separated, include protocol)
# Use https:// for SSL/TLS, http:// for non-SSL
# Example: https://localhost,https://yourdomain.com
DJANGO_CSRF_TRUSTED_ORIGINS=https://localhost,https://127.0.0.1
# CORS allowed origins (comma-separated, include protocol)
# Use https:// for SSL/TLS, http:// for non-SSL
# Example: https://localhost,https://yourdomain.com
DJANGO_CORS_ALLOWED_ORIGINS=https://localhost,https://127.0.0.1
# -----------------------------
# DATABASE CONFIGURATION
# -----------------------------
# Database engine (default: sqlite3)
# For PostgreSQL: django.db.backends.postgresql
# For MySQL: django.db.backends.mysql
DB_ENGINE=django.db.backends.sqlite3
# Database name (for sqlite3: db.sqlite3, for others: database name)
DB_NAME=db.sqlite3
# Database credentials (not needed for sqlite3)
DB_USER=
DB_PASSWORD=
DB_HOST=
DB_PORT=
# -----------------------------
# DJANGO SUPERUSER CONFIGURATION
# -----------------------------
# Automatically create a superuser on first run (optional)
# If these are not set, you can create a superuser manually using:
# docker exec -it join-backend python manage.py createsuperuser
# OR use the deploy.sh script option 5
DJANGO_SUPERUSER_USERNAME=admin
DJANGO_SUPERUSER_EMAIL=admin@example.com
DJANGO_SUPERUSER_PASSWORD=CHANGE_THIS_TO_YOUR_SECURE_PASSWORD
# -----------------------------
# PRODUCTION NOTES
# -----------------------------
# 1. Always change DJANGO_SECRET_KEY in production
# 2. Set DJANGO_DEBUG=False in production
# 3. Configure proper DOMAIN (one domain for both frontend and backend)
# 4. Backend is accessible at /api and /admin paths on the main domain
# 5. Update DJANGO_ALLOWED_HOSTS with your domain
# 6. Update CORS and CSRF origins with your domain (use https://)
# 7. For Let's Encrypt SSL: Configure ACME_EMAIL and uncomment certresolver in docker-compose.yml
# 8. For production database: Use PostgreSQL or MySQL instead of SQLite
# 9. Secure or disable Traefik dashboard in production
# 10. Use strong passwords and keep credentials secure
# 11. Change DJANGO_SUPERUSER_PASSWORD to a strong password
# 12. Regularly update Docker images for security patches
# 13. Database files are persisted in a Docker volume named 'backend-data'
# 14. Traefik provides a default self-signed certificate for HTTPS in development