74 lines
2.7 KiB
Plaintext
74 lines
2.7 KiB
Plaintext
# Caddy Proxy Manager Environment Configuration
|
|
# Copy this file to .env and update with your secure values
|
|
# IMPORTANT: chmod 600 .env after creating it
|
|
|
|
# =============================================================================
|
|
# REQUIRED SECURITY SETTINGS (PRODUCTION)
|
|
# =============================================================================
|
|
|
|
# Session Secret (REQUIRED)
|
|
# Generate with: openssl rand -base64 32
|
|
# Must be at least 32 characters in production
|
|
SESSION_SECRET=your-secure-session-secret-here-min-32-chars
|
|
|
|
# Admin Credentials (REQUIRED)
|
|
# USERNAME: Any username (e.g., "admin" is fine)
|
|
# PASSWORD: Must be 12+ characters with:
|
|
# - Uppercase letters (A-Z)
|
|
# - Lowercase letters (a-z)
|
|
# - Numbers (0-9)
|
|
# - Special characters (!@#$%^&* etc.)
|
|
ADMIN_USERNAME=admin
|
|
ADMIN_PASSWORD=Your-Secure-P@ssw0rd-Here!
|
|
|
|
# =============================================================================
|
|
# APPLICATION CONFIGURATION
|
|
# =============================================================================
|
|
|
|
# Public base URL for the application
|
|
BASE_URL=http://localhost:3000
|
|
|
|
# =============================================================================
|
|
# OPTIONAL: ADVANCED CONFIGURATION
|
|
# =============================================================================
|
|
|
|
# Database configuration (usually no need to change)
|
|
# DATABASE_URL=file:/app/data/caddy-proxy-manager.db
|
|
|
|
# Caddy Admin API endpoint (usually no need to change)
|
|
# CADDY_API_URL=http://caddy:2019
|
|
|
|
# Certificate storage directory (usually no need to change)
|
|
# CERTS_DIRECTORY=./data/certs
|
|
|
|
# Login rate limiting (optional, for custom rate limit settings)
|
|
# LOGIN_MAX_ATTEMPTS=5
|
|
# LOGIN_WINDOW_MS=300000
|
|
# LOGIN_BLOCK_MS=900000
|
|
|
|
# =============================================================================
|
|
# SECURITY NOTES
|
|
# =============================================================================
|
|
#
|
|
# Production Security (Strictly Enforced):
|
|
# - Application will refuse to start without proper credentials
|
|
# - Default values (admin/admin) are automatically rejected
|
|
# - All requirements are validated at startup
|
|
#
|
|
# Quick Setup for Production:
|
|
# export SESSION_SECRET=$(openssl rand -base64 32)
|
|
# export ADMIN_USERNAME="admin"
|
|
# export ADMIN_PASSWORD="YourStr0ng-P@ssw0rd!"
|
|
#
|
|
# Development Mode:
|
|
# export NODE_ENV=development
|
|
# # Default credentials (admin/admin) work in development
|
|
#
|
|
# Security Best Practices:
|
|
# 1. Never commit your .env file to version control
|
|
# 2. Generate unique secrets for each deployment
|
|
# 3. Use strong passwords with mixed case, numbers, and special characters
|
|
# 4. Rotate secrets regularly in production
|
|
# 5. Keep file permissions restricted (chmod 600 .env)
|
|
# 6. Never share credentials via insecure channels
|