120 lines
4.6 KiB
Plaintext
120 lines
4.6 KiB
Plaintext
# =============================================================================
|
|
# GoodGo Platform - Shared Environment Variables (EXAMPLE)
|
|
# =============================================================================
|
|
# This file contains SHARED configuration for all services in the platform.
|
|
# Service-specific configs (DATABASE_URL, PORT, SERVICE_NAME) are defined in
|
|
# docker-compose.yml for each service.
|
|
#
|
|
# SETUP: Copy this file to .env.local and fill in your actual values
|
|
# Command: cp env.local.example .env.local
|
|
#
|
|
# =============================================================================
|
|
|
|
# =============================================================================
|
|
# AUTHENTICATION - Shared across all services
|
|
# =============================================================================
|
|
# CRITICAL: These secrets MUST be identical across all services for JWT validation
|
|
# Generate secure secrets: openssl rand -base64 32
|
|
|
|
JWT_SECRET=your-super-secret-jwt-key-min-32-characters-change-me
|
|
JWT_REFRESH_SECRET=your-super-secret-refresh-key-min-32-characters-change-me
|
|
JWT_EXPIRES_IN=15m
|
|
JWT_REFRESH_EXPIRES_IN=7d
|
|
|
|
# ID Token (OIDC)
|
|
JWT_ID_SECRET=your-super-secret-id-key-min-32-characters-change-me
|
|
JWT_ID_EXPIRES_IN=1h
|
|
|
|
# Data Encryption (AES-256-GCM)
|
|
# Required for encrypting sensitive data at rest (MFA secrets, etc.)
|
|
# Generate: openssl rand -hex 32
|
|
ENCRYPTION_KEY=your-32-byte-hex-encryption-key-must-be-64-chars
|
|
|
|
# =============================================================================
|
|
# SHARED INFRASTRUCTURE
|
|
# =============================================================================
|
|
|
|
# Redis Configuration (shared cache/session store)
|
|
REDIS_HOST=redis
|
|
REDIS_PORT=6379
|
|
REDIS_PASSWORD=
|
|
|
|
# Neon PostgreSQL (get from https://console.neon.tech)
|
|
# Each service can have its own database, or share with schema isolation
|
|
# Format: postgresql://user:password@host/database?sslmode=require
|
|
DATABASE_URL=postgresql://username:password@host.neon.tech/database?sslmode=require
|
|
|
|
# =============================================================================
|
|
# PLATFORM CONFIGURATION
|
|
# =============================================================================
|
|
|
|
NODE_ENV=development
|
|
LOG_LEVEL=debug
|
|
API_VERSION=v1
|
|
|
|
# CORS - Allowed origins for all services
|
|
CORS_ORIGIN=http://localhost:3000,http://localhost:3001,http://localhost,http://admin.localhost
|
|
|
|
# =============================================================================
|
|
# OBSERVABILITY
|
|
# =============================================================================
|
|
|
|
# Distributed Tracing
|
|
TRACING_ENABLED=false
|
|
JAEGER_ENDPOINT=http://jaeger:14268/api/traces
|
|
|
|
# Prometheus Metrics (exposed by each service at /metrics)
|
|
METRICS_ENABLED=true
|
|
|
|
# =============================================================================
|
|
# EXTERNAL SERVICES (Optional)
|
|
# =============================================================================
|
|
|
|
# Email Configuration
|
|
EMAIL_FROM=noreply@goodgo.vn
|
|
# EMAIL_HOST=smtp.gmail.com
|
|
# EMAIL_PORT=587
|
|
# EMAIL_USER=your-email@gmail.com
|
|
# EMAIL_PASSWORD=your-app-password
|
|
|
|
# =============================================================================
|
|
# NOTES
|
|
# =============================================================================
|
|
#
|
|
# Service-Specific Configurations:
|
|
# ---------------------------------
|
|
# The following are defined PER SERVICE in docker-compose.yml:
|
|
# - PORT: Unique port for each service (5001, 5002, 5003, etc.)
|
|
# - SERVICE_NAME: Service identifier (iam-service, user-service, etc.)
|
|
# - DATABASE_URL: Can override for service-specific database
|
|
#
|
|
# Traefik API Gateway:
|
|
# --------------------
|
|
# - Configuration: infra/traefik/
|
|
# - Services auto-discovered via Docker labels
|
|
# - Access services: http://localhost/api/v1/{service-name}
|
|
# - Dashboard: http://localhost:8080
|
|
#
|
|
# Database Strategy:
|
|
# ------------------
|
|
# - Each service can have its own Neon database (microservices pattern)
|
|
# - Or share database with schema isolation
|
|
# - Get database URLs from: https://console.neon.tech
|
|
# - Use connection pooling for better performance
|
|
#
|
|
# Security:
|
|
# ---------
|
|
# - NEVER commit .env.local to git (it's in .gitignore)
|
|
# - Rotate JWT secrets regularly in production
|
|
# - Use strong, unique secrets (min 32 characters)
|
|
# - Enable SSL/TLS in production (Traefik handles this)
|
|
#
|
|
# Quick Start:
|
|
# ------------
|
|
# 1. Copy this file: cp env.local.example .env.local
|
|
# 2. Update JWT_SECRET and JWT_REFRESH_SECRET with secure values
|
|
# 3. Update DATABASE_URL with your Neon PostgreSQL connection string
|
|
# 4. Start platform: docker-compose up -d
|
|
#
|
|
# =============================================================================
|