-
-
Notifications
You must be signed in to change notification settings - Fork 54
Expand file tree
/
Copy path.env.example
More file actions
146 lines (122 loc) · 6.27 KB
/
.env.example
File metadata and controls
146 lines (122 loc) · 6.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
# Meshtastic Node Configuration
# IP address of your Meshtastic node
MESHTASTIC_NODE_IP=192.168.1.100
# TCP port for Meshtastic node connection (default: 4403)
MESHTASTIC_TCP_PORT=4403
# TCP Connection Timing (OPTIONAL - for advanced troubleshooting)
# Initial TCP connection timeout in milliseconds (default: 10000 = 10 seconds)
# MESHTASTIC_CONNECT_TIMEOUT_MS=10000
# Reconnect backoff: initial delay and maximum delay in milliseconds
# Reconnects use exponential backoff: initial * 2^(attempt-1), capped at max
# Set initial = max for a fixed delay between reconnects
# MESHTASTIC_RECONNECT_INITIAL_DELAY_MS=1000
# MESHTASTIC_RECONNECT_MAX_DELAY_MS=60000
# Delay between consecutive module config requests in milliseconds (default: 100)
# Increase if your node shows queue overflow during config loading
# MESHTASTIC_MODULE_CONFIG_DELAY_MS=100
# MeshCore Configuration (OPTIONAL)
# Enable MeshCore protocol support for monitoring MeshCore mesh networks
# When enabled, adds /api/meshcore endpoints and MeshCore tab in the UI
# MESHCORE_ENABLED=false
# MeshCore device serial port (required if MESHCORE_ENABLED=true)
# MESHCORE_SERIAL_PORT=/dev/ttyACM0
# MeshCore device baud rate (default: 115200)
# MESHCORE_BAUD_RATE=115200
# MeshCore firmware type: "companion" (default) or "repeater"
# Companion uses Python bridge with binary protocol; Repeater uses direct serial CLI.
# Only set to "repeater" if your device runs Repeater firmware.
# MESHCORE_FIRMWARE_TYPE=companion
# Virtual Node Server Configuration (OPTIONAL)
# Enable virtual node server that acts as a proxy for mobile apps
# When enabled, multiple Meshtastic mobile apps can connect to this server
# instead of directly to the physical node, reducing load on the physical node
# ENABLE_VIRTUAL_NODE=false
# Virtual Node TCP port (default: 4404)
# The port where mobile apps can connect using Meshtastic TCP protocol
# VIRTUAL_NODE_PORT=4404
# Allow admin commands through virtual node (default: false)
# WARNING: Enabling this reduces security by allowing clients to send admin commands
# Only enable if you need multiple services (e.g., MeshMonitor + Home Assistant) accessing the same node
# When disabled (default), only self-addressed admin commands are allowed for device info queries
# VIRTUAL_NODE_ALLOW_ADMIN_COMMANDS=false
# Security Notes:
# - Admin commands (ADMIN_APP, NODEINFO_APP) are blocked by default for security
# - Set VIRTUAL_NODE_ALLOW_ADMIN_COMMANDS=true to allow admin commands (use with caution)
# - Messages are queued and serialized to prevent overwhelming the physical node
# - All connected clients receive broadcasts from the physical node
# - Text messages, positions, telemetry, and traceroutes are proxied bidirectionally
# Base URL for serving the application (optional)
# Set this if you're serving MeshMonitor from a subfolder (e.g., /meshmonitor)
# Leave empty or comment out to serve from root (/)
# BASE_URL=/meshmonitor
# Authentication & Session Configuration
# Session secret for cookie encryption (REQUIRED for production)
# Generate a secure random string: openssl rand -base64 32
# SESSION_SECRET=your-secure-random-string-here
# Session cookie lifetime in milliseconds (default: 86400000 = 24 hours)
# SESSION_MAX_AGE=86400000
# Reset session expiry on each request (default: true)
# When true, active users stay logged in indefinitely. When false, sessions expire at original login time + SESSION_MAX_AGE
# SESSION_ROLLING=true
# Cookie security settings
# COOKIE_SECURE: Require HTTPS for cookies (default: true in production, false in development)
# Set to false if accessing over HTTP in production (not recommended)
# COOKIE_SECURE=false
# COOKIE_SAMESITE: SameSite cookie policy (strict, lax, or none)
# Default: lax (recommended for production with reverse proxies)
# Use 'lax' for most cases - it's secure and works with reverse proxies
# Use 'strict' only if you need extra security and don't use reverse proxies
# COOKIE_SAMESITE=lax
# Reverse Proxy Configuration
# TRUST_PROXY: Trust reverse proxy headers (X-Forwarded-Proto, X-Forwarded-For, etc.)
# Required when using HTTPS reverse proxy (nginx, Traefik, Caddy, etc.)
# Values: true, false, 1 (number of hops), IP address, or CIDR range
# Default: 1 in production, unset in development
# TRUST_PROXY=true
# CORS Configuration
# ALLOWED_ORIGINS: Comma-separated list of allowed origins for CORS
# Default: http://localhost:8080,http://localhost:3001 (if not specified)
#
# For localhost access (most common for Docker deployments):
# ALLOWED_ORIGINS=http://localhost:8080
#
# For access via server IP address:
# ALLOWED_ORIGINS=http://192.168.1.50:8080
#
# For multiple access methods (localhost AND server IP):
# ALLOWED_ORIGINS=http://localhost:8080,http://192.168.1.50:8080
#
# For production with HTTPS:
# ALLOWED_ORIGINS=https://meshmonitor.example.com
#
# Multiple HTTPS domains:
# ALLOWED_ORIGINS=https://meshmonitor.example.com,https://mesh.example.com
#
# Wildcard (NOT recommended for production, testing only):
# ALLOWED_ORIGINS=*
#
# For production deployments, it's best practice to explicitly set this value
ALLOWED_ORIGINS=http://localhost:8080
# Web Push Notification Configuration (VAPID keys)
# Generate keys by running: node generate-vapid-keys.js
# VAPID_PUBLIC_KEY=your-public-key-here
# VAPID_PRIVATE_KEY=your-private-key-here
# VAPID_SUBJECT=mailto:your-email@example.com
# Push Notification Expiration (TTL - Time To Live)
# How long (in seconds) push services should attempt to deliver notifications before giving up
# Default: 3600 (1 hour) - prevents notification flooding when device comes back online
# Recommended range: 300-86400 seconds (5 minutes to 24 hours)
# Common values: 300 (5min), 3600 (1hr), 7200 (2hr), 86400 (24hr)
# ⚠️ Values below 300 seconds may cause notifications to expire too quickly
# PUSH_NOTIFICATION_TTL=3600
# Authentication Configuration
# DISABLE_ANONYMOUS: When set to 'true', disables anonymous access entirely
# Users will be presented with a login page and must authenticate before accessing any features
# Default: false (anonymous access allowed)
# DISABLE_ANONYMOUS=true
# Logging Configuration
# LOG_LEVEL: Controls the verbosity of log output
# Valid values: debug, info, warn, error
# Default: "debug" when NODE_ENV=development, "info" otherwise
# Use this to enable debug logging in production without changing NODE_ENV
# LOG_LEVEL=info