-
Notifications
You must be signed in to change notification settings - Fork 16
Expand file tree
/
Copy path.env.example
More file actions
149 lines (123 loc) · 8.61 KB
/
.env.example
File metadata and controls
149 lines (123 loc) · 8.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
# ─────────────────────────────────────────────────────────────────────────────
# Reqcore — Environment Variable Reference
# ─────────────────────────────────────────────────────────────────────────────
# Local development: run ./setup.sh — it generates .env automatically.
# Production / manual setup: copy this file to .env and fill in the values.
# Railway: auto-detects this file and suggests variables during setup.
# ─── Database ────────────────────────────────────────────────────────────────
# Used by docker-compose.yml to configure the Postgres container
DB_USER=reqcore
DB_PASSWORD=change-me
DB_NAME=reqcore
# PostgreSQL connection string (used by host tools: drizzle-kit, drizzle studio)
# docker-compose overrides this with the internal Docker hostname for the app.
# Railway: ${{Postgres.DATABASE_URL}}
DATABASE_URL=postgresql://reqcore:change-me@localhost:5432/reqcore
# ─── Authentication ──────────────────────────────────────────────────────────
# Min 32-character random string. Generate with: openssl rand -base64 32
BETTER_AUTH_SECRET=replace-with-openssl-rand-base64-32-output
# Public URL of the app (used for session cookies and OAuth callbacks)
# Local: http://localhost:3000 | Production: https://yourdomain.com
# Railway: auto-resolved from RAILWAY_PUBLIC_DOMAIN — only set for custom domains
BETTER_AUTH_URL=http://localhost:3000
# Comma-separated allowed origins (optional, for multi-domain setups)
# BETTER_AUTH_TRUSTED_ORIGINS=https://yourdomain.com
# ─── Object Storage (S3-compatible) ──────────────────────────────────────────
# Used by docker-compose.yml to configure the MinIO container
STORAGE_USER=reqcore
STORAGE_PASSWORD=change-me
# App-level S3 config (used by host tools)
# docker-compose overrides S3_ENDPOINT with http://minio:9000 for the app container
# Local (MinIO): S3_ENDPOINT=http://localhost:9000, S3_FORCE_PATH_STYLE=true
# Railway Bucket: S3_ENDPOINT=${{Bucket.ENDPOINT}}, S3_FORCE_PATH_STYLE=false
S3_ENDPOINT=http://localhost:9000
S3_ACCESS_KEY=reqcore
S3_SECRET_KEY=change-me
S3_BUCKET=reqcore
S3_REGION=us-east-1
S3_FORCE_PATH_STYLE=true
# ─── SEO ─────────────────────────────────────────────────────────────────────
# Used by @nuxtjs/seo for sitemaps, canonical URLs, and OG tags
NUXT_PUBLIC_SITE_URL=http://localhost:3000
# Public URL for the "Upgrade to hosted plan" button in the preview upsell modal
# NUXT_PUBLIC_HOSTED_PLAN_URL=https://reqcore.com
# ─── Optional: Demo Mode ─────────────────────────────────────────────────────
# Set to an org slug to make that org read-only (blocks all mutations)
# Default seeded slug: reqcore-demo
# DEMO_ORG_SLUG=reqcore-demo
# ─── Optional: Trusted Proxy ─────────────────────────────────────────────────
# IP of the reverse proxy (Cloudflare, Railway, nginx). Enables accurate
# IP extraction from X-Forwarded-For for rate limiting.
# TRUSTED_PROXY_IP=
# ─── Optional: In-App Feedback ───────────────────────────────────────────────
# Fine-grained GitHub PAT with Issues:write scope
# GITHUB_FEEDBACK_TOKEN=ghp_...
# GitHub repo in "owner/repo" format
# GITHUB_FEEDBACK_REPO=reqcore/reqcore
# ─── Optional: Analytics (PostHog) ──────────────────────────────────────────
# Privacy-focused product analytics & feature flags powered by PostHog.
# Get your project API key from https://posthog.com → Project settings.
# Users must accept the consent banner before any events are captured (GDPR).
# POSTHOG_PUBLIC_KEY=phc_...
# EU data center (default). Use https://us.i.posthog.com for US.
# POSTHOG_HOST=https://eu.i.posthog.com
# Personal API key with "Feature Flags: read" scope. When set, the server
# evaluates feature flags locally (no per-request HTTP round trip).
# POSTHOG_FEATURE_FLAGS_KEY=phx_...
# ─── Optional: Feature Flag Overrides (no PostHog required) ─────────────────
# Force any flag on or off without running PostHog. The full list of available
# flags lives in shared/feature-flags.ts. Variable name pattern:
# FEATURE_FLAG_<UPPERCASE_KEY_WITH_UNDERSCORES>
# Accepted values: true / false / 1 / 0 / on / off (or a variant key for
# multivariate flags). Env overrides win over PostHog rollouts.
# Example — enable the new chatbot experience for everyone on this instance:
# FEATURE_FLAG_CHATBOT_EXPERIENCE=true
# ─── Optional: OIDC SSO (Keycloak, Authentik, Authelia, Okta, etc.) ──────────
# Enable Single Sign-On via any OIDC-compliant identity provider.
# All three variables (CLIENT_ID, CLIENT_SECRET, DISCOVERY_URL) must be set to activate SSO.
# When configured, a "Sign in with SSO" button appears on the login page.
# OIDC client ID — from your identity provider's client/application settings
# OIDC_CLIENT_ID=reqcore
# OIDC client secret — from your identity provider's credentials tab
# OIDC_CLIENT_SECRET=your-client-secret-here
# OIDC discovery URL — the .well-known/openid-configuration endpoint
# Keycloak: https://keycloak.example.com/realms/YOUR_REALM/.well-known/openid-configuration
# Authentik: https://authentik.example.com/application/o/YOUR_APP/.well-known/openid-configuration
# Authelia: https://authelia.example.com/.well-known/openid-configuration
# Okta: https://YOUR_ORG.okta.com/.well-known/openid-configuration
# Azure AD: https://login.microsoftonline.com/YOUR_TENANT_ID/v2.0/.well-known/openid-configuration
# OIDC_DISCOVERY_URL=https://keycloak.example.com/realms/master/.well-known/openid-configuration
# Display name for the SSO button (default: "SSO")
# OIDC_PROVIDER_NAME=Company SSO
# ─── Optional: Transactional Email ───────────────────────────────────────────
# Reqcore logs emails to the console by default (safe for local dev).
# For production, configure one of the providers below.
# SMTP takes priority over Resend when SMTP_HOST is set.
# Option A: SMTP (recommended for self-hosted / enterprise setups)
# Supports any SMTP server: Postfix, Gmail, Exchange, Mailcow, Mailu, etc.
# SMTP_HOST=smtp.example.com
# SMTP_PORT=587
# SMTP_USER=reqcore@example.com
# SMTP_PASS=your-smtp-password
# SMTP_FROM="Reqcore <noreply@example.com>"
# SMTP_SECURE=false # true = implicit TLS (port 465), false = STARTTLS (port 587)
# Option B: Resend (free tier: 3,000 emails/month — resend.com)
# RESEND_API_KEY=re_xxxxxxxxxxxx
# RESEND_FROM_EMAIL="Reqcore <noreply@yourcompany.com>"
# ─── Optional: Social Sign-In (Google, GitHub, Microsoft) ────────────────────
# Enable social login buttons on the sign-in and sign-up pages.
# Each provider requires both CLIENT_ID and CLIENT_SECRET to be set.
# When configured, "Continue with <Provider>" buttons appear on the auth pages.
# Google — Create credentials at https://console.cloud.google.com/apis/credentials
# Redirect URI: https://yourdomain.com/api/auth/callback/google
# AUTH_GOOGLE_CLIENT_ID=your-google-client-id.apps.googleusercontent.com
# AUTH_GOOGLE_CLIENT_SECRET=GOCSPX-your-google-client-secret
# GitHub — Create an OAuth App at https://github.com/settings/developers
# Redirect URI: https://yourdomain.com/api/auth/callback/github
# AUTH_GITHUB_CLIENT_ID=your-github-client-id
# AUTH_GITHUB_CLIENT_SECRET=your-github-client-secret
# Microsoft — Register an app at https://portal.azure.com → App registrations
# Redirect URI: https://yourdomain.com/api/auth/callback/microsoft
# AUTH_MICROSOFT_CLIENT_ID=your-microsoft-client-id
# AUTH_MICROSOFT_CLIENT_SECRET=your-microsoft-client-secret
# AUTH_MICROSOFT_TENANT_ID=common