forked from MansiVisuals/ViTransfer
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
108 lines (97 loc) · 4.04 KB
/
.env.example
File metadata and controls
108 lines (97 loc) · 4.04 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
# ViTransfer Environment Configuration
# Copy this file to .env and update with your values
# ============================================
# Application Port
# ============================================
# Port to expose on the host
APP_PORT=4321
# ============================================
# User/Group ID Mapping (Linux only)
# ============================================
# PUID and PGID allow containers to run with your host user's permissions
# Find your values with: id $USER
PUID=1000
PGID=1000
# ============================================
# Timezone Configuration
# ============================================
# CRITICAL for notification schedules to work correctly
# Format: Region/City (see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones)
# Examples: Europe/Amsterdam, America/New_York, Asia/Tokyo
TZ=UTC
# ============================================
# Database Configuration (PostgreSQL)
# ============================================
# IMPORTANT: Use alphanumeric passwords only (no special chars like +/=)
# Good: openssl rand -hex 32
# Avoid: openssl rand -base64 32 (contains +/= which break DATABASE_URL)
POSTGRES_USER=vitransfer
POSTGRES_PASSWORD=<<REPLACE_WITH_openssl_rand_hex_32>>
POSTGRES_DB=vitransfer
# ============================================
# Redis Configuration
# ============================================
REDIS_PASSWORD=<<REPLACE_WITH_openssl_rand_hex_32>>
# ============================================
# Security Keys (REQUIRED!)
# ============================================
# These can use base64 (not used in URLs)
# openssl rand -base64 32
# openssl rand -base64 64
ENCRYPTION_KEY=<<REPLACE_WITH_openssl_rand_base64_32>>
JWT_SECRET=<<REPLACE_WITH_openssl_rand_base64_64>>
JWT_REFRESH_SECRET=<<REPLACE_WITH_openssl_rand_base64_64>>
SHARE_TOKEN_SECRET=<<REPLACE_WITH_openssl_rand_base64_64>>
# ============================================
# Admin Credentials (REQUIRED - Initial Setup)
# ============================================
# REQUIRED: These credentials are used to create the initial admin user
# The application will NOT start without these values set
#
# SECURITY REQUIREMENTS:
# - ADMIN_EMAIL: Must be a valid email address (REQUIRED)
# - ADMIN_PASSWORD: Must be at least 8 characters long (REQUIRED)
# - ADMIN_NAME: Display name for the admin user (Optional, defaults to "Admin")
# - Avoid special characters in password (!, @, #, etc.) due to JSON parsing
#
# IMPORTANT: These are only used during initial setup when NO admin exists
# After the first admin is created, changing these values has no effect
ADMIN_EMAIL=<<REPLACE_WITH_YOUR_EMAIL>>
ADMIN_PASSWORD=<<REPLACE_WITH_SECURE_PASSWORD>>
ADMIN_NAME=Admin
# ============================================
# Uploads (Optional)
# ============================================
# If you expose TUS uploads on a separate origin, set NEXT_PUBLIC_TUS_ENDPOINT
# NEXT_PUBLIC_TUS_ENDPOINT=https://uploads.example.com
# ============================================
# Worker CPU Tuning (Optional)
# ============================================
# Override detected CPU thread count for worker/FFmpeg allocation
# CPU_THREADS=8
# ============================================
# HTTPS Enforcement (IMPORTANT!)
# ============================================
# PRECEDENCE: This env var ALWAYS overrides database setting
#
# Database default: true (secure by default)
# Code default: true (secure by default)
# Docker-compose fallback: false (localhost/LAN friendly if not set in .env)
#
# THIS IS YOUR ESCAPE HATCH:
# If you get locked out on localhost, set this to 'false' and restart containers.
# The env var ALWAYS takes precedence over database settings.
#
# When HTTPS is ON (true - RECOMMENDED):
# - HSTS header enabled (forces browser to use HTTPS)
# - Required for: Reverse proxy with HTTPS, production deployments
#
# When HTTPS is OFF (false):
# - HSTS header disabled
# - Use for: Localhost development, internal LAN deployments
#
# Can also be toggled in Admin Settings > Advanced Security Settings
# (but env var always takes precedence if set)
#
# Default: true (secure by default)
HTTPS_ENABLED=true