-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
187 lines (145 loc) · 7.37 KB
/
.env.example
File metadata and controls
187 lines (145 loc) · 7.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
# QuietPage Environment Variables Template
# Copy this file to .env and fill in your actual values
# ============================================================================
# DJANGO CORE SETTINGS
# ============================================================================
# Django Secret Key - Generate a new one using: python config/utils.py
SECRET_KEY=your-secret-key-here
# Debug mode (True for development, False for production)
DEBUG=True
# SSL redirect (False for development, True for production)
SECURE_SSL_REDIRECT=False
# Django settings module to use
DJANGO_SETTINGS_MODULE=config.settings.development
# ============================================================================
# ENCRYPTION SETTINGS
# ============================================================================
# Fernet encryption key for journal entries
# Generate with: python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
FERNET_KEY_PRIMARY=your-fernet-key-here
# ============================================================================
# DATABASE SETTINGS (Production only - PostgreSQL)
# ============================================================================
# For development, SQLite is used by default (no configuration needed)
# DB_ENGINE=django.db.backends.postgresql
# DB_NAME=quietpage_db
# DB_USER=quietpage_user
# DB_PASSWORD=your-database-password # Required for pg_dump backups
# DB_HOST=localhost
# DB_PORT=5432
# ============================================================================
# PRODUCTION SETTINGS
# ============================================================================
# Allowed hosts (comma-separated, no spaces)
# ALLOWED_HOSTS=yourdomain.com,www.yourdomain.com
# Canonical domain for redirects (ensures OAuth uses consistent domain)
# If set, all requests to non-canonical domains will be redirected
# Example: CANONICAL_DOMAIN=www.quietpage.app redirects quietpage.app to www.quietpage.app
# CANONICAL_DOMAIN=www.yourdomain.com
# Domain name for SSL certificates and nginx configuration
# DOMAIN=yourdomain.com
# Email address for Let's Encrypt certificate registration and notifications
# EMAIL=admin@yourdomain.com
# HSTS (HTTP Strict Transport Security) header for nginx
# WARNING: Only enable this when using a real domain with valid SSL certificates
# HSTS with placeholder/self-signed certs will break browser access
# For production with valid certs, use:
# HSTS_HEADER=add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# For testing/development, leave empty or comment out:
# HSTS_HEADER=
# ============================================================================
# SSL CERTIFICATE PATHS (for Nginx container)
# ============================================================================
# SSL certificate paths - these should point to your Let's Encrypt certificate locations
# These environment variables are substituted into the nginx config at container startup
SSL_CERT_PATH=/etc/letsencrypt/live/your-domain.com/fullchain.pem
SSL_KEY_PATH=/etc/letsencrypt/live/your-domain.com/privkey.pem
# ============================================================================
# EMAIL SETTINGS (Production)
# ============================================================================
# Email Configuration
RESEND_API_KEY=your_resend_api_key_here
DEFAULT_FROM_EMAIL=info@quietpage.app
# ============================================================================
# REDIS SETTINGS
# ============================================================================
# Redis URL for caching and Celery
REDIS_URL=redis://localhost:6379/1
# ============================================================================
# CELERY SETTINGS
# ============================================================================
# Celery broker URL (Redis)
CELERY_BROKER_URL=redis://localhost:6379/0
# Celery result backend (Redis)
CELERY_RESULT_BACKEND=redis://localhost:6379/0
# Site URL for email links (frontend URL)
SITE_URL=http://localhost:5173
# ============================================================================
# GOOGLE OAUTH SETTINGS
# ============================================================================
# Frontend URL for OAuth redirects (same as SITE_URL for development)
FRONTEND_URL=http://localhost:5173
# Google OAuth credentials (from Google Cloud Console)
# 1. Go to https://console.cloud.google.com/
# 2. Create or select project
# 3. Enable Google+ API
# 4. Go to Credentials → Create OAuth 2.0 Client ID
# 5. Application type: Web application
# 6. Authorized redirect URIs:
# - Dev: http://localhost:8000/api/v1/auth/social/google/login/callback/
# - Prod: https://yourdomain.com/api/v1/auth/social/google/login/callback/
GOOGLE_CLIENT_ID=your-google-client-id
GOOGLE_CLIENT_SECRET=your-google-client-secret
# ============================================================================
# GUNICORN SETTINGS (Production)
# ============================================================================
# Number of Gunicorn worker processes (overrides auto-calculated value)
# Auto-calculated: (2 x CPU cores) + 1
# WEB_CONCURRENCY=4
# Gunicorn access log file path (use '-' for stdout)
# GUNICORN_ACCESS_LOG=-
# Gunicorn error log file path (use '-' for stderr)
# GUNICORN_ERROR_LOG=-
# Gunicorn log level (debug, info, warning, error, critical)
# GUNICORN_LOG_LEVEL=info
# Gunicorn PID file path (optional)
# GUNICORN_PID_FILE=/var/run/gunicorn.pid
# ============================================================================
# BACKUP SETTINGS
# ============================================================================
# Directory path for database backups (production - should be persistent volume)
# Development: defaults to {BASE_DIR}/backups if not set
# Production (Docker): set to /app/backups (mounted as persistent volume)
# BACKUPS_PATH=/app/backups
# ============================================================================
# RAILWAY DEPLOYMENT SETTINGS
# ============================================================================
# Railway automatically provides these environment variables:
# - DATABASE_URL: PostgreSQL connection string (auto-configured)
# - PORT: Dynamic port for web service (auto-configured)
# - RAILWAY_ENVIRONMENT: production, staging, etc. (auto-configured)
# - RAILWAY_PUBLIC_DOMAIN: Your Railway domain (auto-configured)
# Required Railway-specific settings:
# 1. Set DJANGO_SETTINGS_MODULE to production in Railway dashboard
# DJANGO_SETTINGS_MODULE=config.settings.production
#
# 2. Set ALLOWED_HOSTS to your Railway domain
# ALLOWED_HOSTS=your-app.up.railway.app
#
# 3. Set CSRF_TRUSTED_ORIGINS (same as ALLOWED_HOSTS but with https://)
# CSRF_TRUSTED_ORIGINS=https://your-app.up.railway.app
#
# 4. Generate and set encryption keys (see DJANGO CORE SETTINGS above)
# SECRET_KEY=your-secret-key-here
# FERNET_KEY_PRIMARY=your-fernet-key-here
#
# 5. Optional: Configure email settings (see EMAIL SETTINGS above)
# 6. Optional: Set worker concurrency (Railway auto-configures based on memory)
# WEB_CONCURRENCY=4
# Railway deployment (alternative to individual DB_* vars)
# Note: Railway sets DATABASE_URL automatically when you provision PostgreSQL
# DATABASE_URL=postgresql://user:password@host:port/dbname
# Dynamic port (Railway sets this automatically, no need to configure)
# PORT=8000
# Worker concurrency (Railway sets based on available memory)
# WEB_CONCURRENCY=4