.env hinzugefügt
This commit is contained in:
197
.env
Normal file
197
.env
Normal file
@@ -0,0 +1,197 @@
|
||||
# =============================================================================
|
||||
# PatchMon Environment Configuration For Docker
|
||||
# =============================================================================
|
||||
# Copy this file to .env and fill in the required values.
|
||||
#
|
||||
# cp env.example .env
|
||||
#
|
||||
# Generate strong secrets with:
|
||||
# openssl rand -hex 32 (for passwords)
|
||||
# openssl rand -hex 64 (for JWT secret)
|
||||
#
|
||||
# For full documentation, see: https://docs.patchmon.net
|
||||
# =============================================================================
|
||||
|
||||
|
||||
# =============================================================================
|
||||
# REQUIRED - These MUST be set before starting PatchMon
|
||||
# =============================================================================
|
||||
|
||||
POSTGRES_PASSWORD=WLYkMdTJpvaDcEwTmw4y
|
||||
REDIS_PASSWORD=zabUw7KgwaTgyHMV4Csn
|
||||
JWT_SECRET=Sq35fXQM93L2BlHcjJ8FAhVlEZtJEPs9OWjrmVONK04=
|
||||
|
||||
# Server access - how agents and browsers reach PatchMon.
|
||||
# CORS_ORIGIN should match the full URL you access PatchMon from in your browser.
|
||||
|
||||
SERVER_PROTOCOL=http
|
||||
SERVER_HOST=localhost
|
||||
SERVER_PORT=3000
|
||||
CORS_ORIGIN=http://192.168.2.132:3000
|
||||
|
||||
|
||||
# =============================================================================
|
||||
# OPTIONAL - Uncomment and change any values below to override defaults
|
||||
# =============================================================================
|
||||
|
||||
# --- Environment ---
|
||||
# Set to 'development' for development mode, 'production' for production
|
||||
# Development mode enables hot reload, more verbose logging, and dev tools
|
||||
# NODE_ENV=production
|
||||
|
||||
# --- Logging ---
|
||||
|
||||
# LOG_LEVEL=info
|
||||
# ENABLE_LOGGING=true
|
||||
# PM_LOG_TO_CONSOLE=false
|
||||
# PM_LOG_REQUESTS_IN_DEV=false
|
||||
# PRISMA_LOG_QUERIES=false
|
||||
|
||||
|
||||
# --- Authentication ---
|
||||
|
||||
# JWT_EXPIRES_IN=1h
|
||||
# JWT_REFRESH_EXPIRES_IN=7d
|
||||
# SESSION_INACTIVITY_TIMEOUT_MINUTES=30
|
||||
# DEFAULT_USER_ROLE=user
|
||||
|
||||
# --- Network ---
|
||||
|
||||
# ENABLE_HSTS=true
|
||||
|
||||
# TRUST_PROXY: Trust proxy headers when behind a reverse proxy (nginx, Apache, etc.)
|
||||
# SECURITY: Setting this to 'true' allows IP spoofing. Use specific values instead:
|
||||
# - '1' or 'loopback' for single trusted proxy (recommended for Docker)
|
||||
# - 'false' if not behind a reverse proxy
|
||||
# - See https://expressjs.com/en/guide/behind-proxies.html for advanced options
|
||||
# TRUST_PROXY=1
|
||||
|
||||
# Multiple CORS origins (comma-separated). Only needed if PatchMon is accessed
|
||||
# from more than one domain. Overrides CORS_ORIGIN above when set.
|
||||
# CORS_ORIGINS=https://patchmon.example.com,https://patchmon-alt.example.com
|
||||
|
||||
|
||||
# --- Body size limits ---
|
||||
|
||||
# JSON_BODY_LIMIT=5mb
|
||||
# AGENT_UPDATE_BODY_LIMIT=2mb
|
||||
|
||||
|
||||
# --- Timezone ---
|
||||
# Controls timestamps in logs and the UI (e.g. UTC, Europe/London, America/New_York).
|
||||
|
||||
# TZ=UTC
|
||||
|
||||
|
||||
# --- Database connection pool (Prisma) ---
|
||||
# Adjust based on deployment size. See documentation for guidance.
|
||||
|
||||
# DB_CONNECTION_LIMIT=30
|
||||
# DB_POOL_TIMEOUT=20
|
||||
# DB_CONNECT_TIMEOUT=10
|
||||
# DB_IDLE_TIMEOUT=300
|
||||
# DB_MAX_LIFETIME=1800
|
||||
|
||||
|
||||
# --- Database transaction timeouts (milliseconds) ---
|
||||
|
||||
# DB_TRANSACTION_MAX_WAIT=10000
|
||||
# DB_TRANSACTION_TIMEOUT=30000
|
||||
# DB_TRANSACTION_LONG_TIMEOUT=60000
|
||||
|
||||
|
||||
# --- Database connection retry ---
|
||||
|
||||
# PM_DB_CONN_MAX_ATTEMPTS=30
|
||||
# PM_DB_CONN_WAIT_INTERVAL=2
|
||||
|
||||
|
||||
# --- Redis Configuration ---
|
||||
# These settings control Redis connection and BullMQ job queue behavior.
|
||||
|
||||
# REDIS_HOST=redis
|
||||
# REDIS_PORT=6379
|
||||
# REDIS_USER=
|
||||
# REDIS_DB=0
|
||||
|
||||
# Redis Connection Timeouts (milliseconds)
|
||||
# Increase these if you see "Command timed out" errors
|
||||
# Common causes: Redis memory pressure, slow disk I/O, connection pool exhaustion
|
||||
# REDIS_CONNECT_TIMEOUT_MS=60000 # Time to wait for initial connection (default: 60s)
|
||||
# REDIS_COMMAND_TIMEOUT_MS=60000 # Time to wait for Redis commands to complete (default: 60s)
|
||||
#
|
||||
# Note: enableReadyCheck is set to true by default to prevent commands from queueing
|
||||
# before Redis is ready. This prevents timeout errors caused by command queueing.
|
||||
|
||||
# BullMQ Lock Configuration (milliseconds)
|
||||
# These settings prevent "Missing lock" or "could not renew lock" errors when Redis is slow.
|
||||
# lockDuration: How long a job can run before its lock expires (default: 120000 = 120s)
|
||||
# lockRenewTime: How often to renew the lock to prevent expiration (default: 20000 = 20s)
|
||||
# Increase lockDuration if you see lock expiration errors with long-running jobs
|
||||
# Decrease lockRenewTime if lock renewals are timing out (must be < lockDuration and < REDIS_COMMAND_TIMEOUT_MS)
|
||||
# BULLMQ_LOCK_DURATION_MS=120000
|
||||
# BULLMQ_LOCK_RENEW_TIME_MS=20000
|
||||
|
||||
|
||||
# --- Rate limiting (values in milliseconds) ---
|
||||
|
||||
# RATE_LIMIT_WINDOW_MS=900000
|
||||
# RATE_LIMIT_MAX=5000
|
||||
# AUTH_RATE_LIMIT_WINDOW_MS=600000
|
||||
# AUTH_RATE_LIMIT_MAX=500
|
||||
# AGENT_RATE_LIMIT_WINDOW_MS=60000
|
||||
# AGENT_RATE_LIMIT_MAX=1000
|
||||
|
||||
|
||||
# --- Password policy ---
|
||||
|
||||
# PASSWORD_MIN_LENGTH=8
|
||||
# PASSWORD_REQUIRE_UPPERCASE=true
|
||||
# PASSWORD_REQUIRE_LOWERCASE=true
|
||||
# PASSWORD_REQUIRE_NUMBER=true
|
||||
# PASSWORD_REQUIRE_SPECIAL=true
|
||||
# PASSWORD_RATE_LIMIT_WINDOW_MS=900000
|
||||
# PASSWORD_RATE_LIMIT_MAX=5
|
||||
|
||||
# --- Account lockout ---
|
||||
|
||||
# MAX_LOGIN_ATTEMPTS=5
|
||||
# LOCKOUT_DURATION_MINUTES=15
|
||||
|
||||
# --- Two-Factor Authentication (TFA) ---
|
||||
|
||||
# MAX_TFA_ATTEMPTS=5
|
||||
# TFA_LOCKOUT_DURATION_MINUTES=30
|
||||
# TFA_REMEMBER_ME_EXPIRES_IN=30d
|
||||
# TFA_MAX_REMEMBER_SESSIONS=5
|
||||
# TFA_SUSPICIOUS_ACTIVITY_THRESHOLD=3
|
||||
|
||||
|
||||
# --- OIDC / SSO ---
|
||||
# Set OIDC_ENABLED=true and fill in the provider details to enable SSO.
|
||||
|
||||
# OIDC_ENABLED=false
|
||||
# OIDC_ISSUER_URL=
|
||||
# OIDC_CLIENT_ID=
|
||||
# OIDC_CLIENT_SECRET=
|
||||
# OIDC_REDIRECT_URI=https://patchmon.example.com/api/v1/auth/oidc/callback
|
||||
# OIDC_SCOPES=openid email profile groups
|
||||
# OIDC_AUTO_CREATE_USERS=true
|
||||
# OIDC_DEFAULT_ROLE=user
|
||||
# OIDC_DISABLE_LOCAL_AUTH=false
|
||||
# OIDC_BUTTON_TEXT=Login with SSO
|
||||
|
||||
# OIDC group-to-role mapping
|
||||
# OIDC_ADMIN_GROUP=PatchMon Admins
|
||||
# OIDC_USER_GROUP=PatchMon Users
|
||||
# OIDC_SYNC_ROLES=true
|
||||
|
||||
# --- Encryption ---
|
||||
# Used to encrypt sensitive data (e.g. AI provider keys) at rest.
|
||||
# If not set, a key is derived automatically. Set this for consistent
|
||||
# encryption across container restarts and replicas
|
||||
|
||||
# AI_ENCRYPTION_KEY=
|
||||
# SESSION_SECRET=
|
||||
|
||||
|
||||
Reference in New Issue
Block a user