.env.example

# ==============================================================================
# Bugsink Configuration
# ==============================================================================
# Documentation: https://docs.bugsink.com/

# ==============================================================================
# BASIC SETTINGS
# ==============================================================================

# -- Stack Identity --
STACK_NAME=error-observability_app_example_com
BUGSINK_VERSION=2
SITE_TITLE=Error Observability [COMPANY NAME]
TIME_ZONE=UTC

# -- Security Secrets --
# Generate with: openssl rand -base64 50
SECRET_KEY=GENERATE_WITH_openssl_rand_base64_50

# ==============================================================================
# NETWORK & PROXY
# ==============================================================================

# -- Hostname --
# DNS must resolve to this hostname
SERVICE_HOSTNAME=error-observability.app.example.com

# -- Additional Allowed Hosts (optional) --
# Comma-separated list of additional hostnames for ALLOWED_HOSTS
# Use when running behind a proxy that forwards a different Host header
# Example: ALLOWED_HOSTS=alt-hostname.example.com,another.example.com
#ALLOWED_HOSTS=

# -- Docker Network --
# Unique subnet ID (1-254) to avoid conflicts with other stacks
PRIVATESUBNET=252
PROXY_NETWORK=traefik

# -- Development --
# Server port for local development (default: 8000)
DEV_SERVER_PORT=8000

# ==============================================================================
# DATABASE
# ==============================================================================

# PostgreSQL configuration
POSTGRES_VERSION=18
DATABASE_POOLMAXSIZE=100
DATABASE_PASSWORD=CHANGE_ME_SECURE_PASSWORD

# ==============================================================================
# AUTHENTICATION & USERS
# ==============================================================================

# -- Initial Admin User --
# Format: email:password
# IMPORTANT: Remove this variable after first start for security!
CREATE_SUPERUSER=admin@example.com:CHANGE_ME_SECURE_PASSWORD

# -- User Mode --
# SINGLE_USER=true  -> Disable all multi-user functionality
# SINGLE_TEAM=true  -> All users share one team
SINGLE_USER=false
SINGLE_TEAM=false

# -- User Registration --
# Options: CB_ANYBODY  -> Anyone can sign up (dangerous on public internet!)
#          CB_MEMBERS  -> Any existing user can invite new users
#          CB_ADMINS   -> Only admins can invite new users
#          CB_NOBODY   -> User registration disabled entirely
USER_REGISTRATION=CB_ADMINS
USER_REGISTRATION_VERIFY_EMAIL=true

# -- Team Creation --
# Options: CB_MEMBERS, CB_ADMINS, CB_NOBODY
TEAM_CREATION=CB_ADMINS

# ==============================================================================
# EMAIL / SMTP
# ==============================================================================

# Required for notifications and password reset emails
EMAIL_HOST=smtp.example.com
EMAIL_PORT=587
EMAIL_HOST_USER=error-observability@example.com
EMAIL_HOST_PASSWORD=CHANGE_ME_SMTP_PASSWORD
EMAIL_USE_TLS=true
EMAIL_USE_SSL=false
EMAIL_TIMEOUT=5
DEFAULT_FROM_EMAIL=Error Observability <error-observability@example.com>
EMAIL_LOGGING=false

# ==============================================================================
# RATE LIMITS & EVENT PROCESSING
# ==============================================================================

# -- Rate Limits --
# These are PER PROJECT limits, not global!
#
# Sizing guide:
#   Small  (1-10 projects):   1000/5min,  5000/hour
#   Medium (10-50 projects):  2500/5min, 15000/hour
#   Large  (50-200 projects): 2500/5min, 15000/hour (current)
#   XLarge (200+ projects):   1500/5min, 10000/hour (reduce per-project)
MAX_EVENTS_PER_PROJECT_PER_5_MINUTES=2500
MAX_EVENTS_PER_PROJECT_PER_HOUR=15000
# MAX_EMAILS_PER_MONTH=50000

# -- Event Size Limits --
# Values in bytes: 1MB=1048576, 2MB=2097152, 20MB=20971520, 100MB=104857600
MAX_EVENT_SIZE=2097152
MAX_ENVELOPE_SIZE=104857600
MAX_ENVELOPE_COMPRESSED_SIZE=20971520

# -- Background Worker --
# TASK_ALWAYS_EAGER=true  -> Process inline (dev only)
# TASK_ALWAYS_EAGER=false -> Use background worker (production)
# SNAPPEA_NUM_WORKERS: 2-4 for small, 4-6 for medium, 6-8 for large instances
TASK_ALWAYS_EAGER=false
SNAPPEA_NUM_WORKERS=4

# ==============================================================================
# WEBHOOK SECURITY (Bugsink 2.1+)
# ==============================================================================

# -- Outbound webhook policy --
# Controls which outbound webhook destinations are allowed
# Options: open          -> Allow all destinations unless explicitly denied
#          allowlist_only -> Only allow destinations on the allow list
ALERTS_WEBHOOK_OUTBOUND_MODE=open

# -- Allow/Deny Lists --
# Comma-separated hostnames, IP addresses, or CIDR ranges
# Example: ALERTS_WEBHOOK_ALLOW_LIST=hooks.slack.com,discord.com,10.0.0.0/8
#ALERTS_WEBHOOK_ALLOW_LIST=
#ALERTS_WEBHOOK_DENY_LIST=

# -- Block non-global IPs --
# Blocks requests to private/loopback IP addresses (SSRF protection)
# Set to false only if your notification targets are on internal networks
ALERTS_WEBHOOK_DENY_NON_GLOBAL=true

# ==============================================================================
# DATA RETENTION (Bugsink 2.1+)
# ==============================================================================

# -- Event Retention --
# Automatically delete events older than N days (disabled by default)
#MAX_EVENT_AGE_DAYS=90

# -- File Storage Caps --
# Limit stored file count and total bytes (disabled by default)
#MAX_STORED_FILE_COUNT=
#MAX_STORED_FILE_BYTES=

# -- Object Storage --
# Optional: Store files on disk instead of database
# Set a path to enable (volume mount recommended)
#FILE_OBJECT_STORAGE_PATH=/data/objects

# ==============================================================================
# PROXY HEADERS (Bugsink 2.1+)
# ==============================================================================

# -- Forwarded headers --
# Enable these if your reverse proxy sends X-Forwarded-Host or X-Forwarded-For
# USE_X_FORWARDED_HOST and USE_X_FORWARDED_FOR require BEHIND_HTTPS_PROXY=true
#USE_X_FORWARDED_HOST=false
#USE_X_FORWARDED_FOR=false
#X_FORWARDED_FOR_PROXY_COUNT=1

# ==============================================================================
# PRIVACY & DEBUGGING
# ==============================================================================

# Disable telemetry to bugsink.com
PHONEHOME=false
DEBUG=false

# Enable Django Admin interface (disabled by default)
#USE_ADMIN=false

# ==============================================================================
# QUICK START GUIDE
# ==============================================================================
#
# 1. Copy this file to .env:
#    cp .env.example .env
#
# 2. Update all CHANGE_ME values:
#    - DATABASE_PASSWORD
#    - SECRET_KEY (generate with: openssl rand -base64 50)
#    - CREATE_SUPERUSER
#    - EMAIL_HOST_PASSWORD
#
# 3. Adjust network settings:
#    - SERVICE_HOSTNAME
#    - PRIVATESUBNET
#
# 4. Start the stack:
#    docker compose up -d
#
# 5. Remove CREATE_SUPERUSER from .env after first login!
#
# ==============================================================================
# SENTRY SDK INTEGRATION
# ==============================================================================
#
# DSN Format: https://<project-key>@<hostname>/<project-id>
# Example:    https://abc123@error-observability.app.example.com/1
#
# Application URL: https://error-observability.app.example.com
#