mirror of
http://172.20.10.11:3000/gitadmin/INSIGHT-MVP.git
synced 2026-06-24 21:16:40 +02:00
5412ae137a
Switch from hostname+HTTPS (insight-dev.xinion.lan) to IP+HTTP (172.20.10.59) for alpha/dev deployment without DNS. Key changes: - Cookie secure/sameSite flags environment-conditional (fixes HTTP auth) - docker-compose.yml: remove HTTPS, update host rules, reduce PG memory - Traefik: disable TLS, update CORS/CSP for HTTP - Add Prisma init migration (7 tables) and admin seed script - Generate package-lock.json for npm ci in Docker builds - Update all documentation for IP-based access Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
77 lines
2.1 KiB
Text
77 lines
2.1 KiB
Text
# ============================================================
|
|
# INSIGHT MVP - Umgebungsvariablen
|
|
# ============================================================
|
|
# Kopiere diese Datei nach .env und befuelle die Werte.
|
|
# .env wird NIEMALS in Git committed!
|
|
# ============================================================
|
|
|
|
# --- Allgemein ---
|
|
NODE_ENV=development
|
|
APP_PORT=3000
|
|
APP_URL=http://172.20.10.59
|
|
FRONTEND_URL=http://172.20.10.59
|
|
LOG_LEVEL=info
|
|
|
|
# --- PostgreSQL ---
|
|
DB_HOST=pgbouncer
|
|
DB_PORT=6432
|
|
DB_USER=insight
|
|
DB_PASSWORD= # Sicheres Passwort setzen!
|
|
DB_NAME=platform_core
|
|
DATABASE_URL=postgresql://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME}
|
|
|
|
# Direktverbindung (fuer Prisma Migrate, umgeht PgBouncer)
|
|
DB_DIRECT_HOST=postgres
|
|
DB_DIRECT_PORT=5432
|
|
DATABASE_URL_DIRECT=postgresql://${DB_USER}:${DB_PASSWORD}@${DB_DIRECT_HOST}:${DB_DIRECT_PORT}/${DB_NAME}
|
|
|
|
# --- Redis ---
|
|
REDIS_HOST=redis
|
|
REDIS_PORT=6379
|
|
REDIS_PASSWORD= # Optional, aber empfohlen
|
|
|
|
# --- JWT (RS256) ---
|
|
JWT_PRIVATE_KEY_PATH=/app/keys/jwt-private.pem
|
|
JWT_PUBLIC_KEY_PATH=/app/keys/jwt-public.pem
|
|
JWT_ACCESS_TOKEN_EXPIRY=15m
|
|
JWT_REFRESH_TOKEN_EXPIRY=7d
|
|
JWT_ISSUER=insight-platform
|
|
|
|
# --- Bcrypt ---
|
|
BCRYPT_COST=12
|
|
|
|
# --- CORS ---
|
|
CORS_ORIGINS=http://172.20.10.59
|
|
|
|
# --- Rate Limiting ---
|
|
THROTTLE_TTL=60000
|
|
THROTTLE_LIMIT=200
|
|
|
|
# --- Traefik ---
|
|
TRAEFIK_DASHBOARD_USER=admin
|
|
TRAEFIK_DASHBOARD_PASSWORD= # htpasswd Hash
|
|
|
|
# --- step-ca (mTLS) ---
|
|
STEP_CA_URL=https://step-ca:9000
|
|
STEP_CA_FINGERPRINT= # step-ca Root CA Fingerprint
|
|
|
|
# --- SMTP (fuer Einladungs-E-Mails) ---
|
|
SMTP_HOST=
|
|
SMTP_PORT=587
|
|
SMTP_USER=
|
|
SMTP_PASSWORD=
|
|
SMTP_FROM=noreply@xinion.de
|
|
|
|
# --- Observability ---
|
|
GRAFANA_ADMIN_USER=admin
|
|
GRAFANA_ADMIN_PASSWORD= # Sicheres Passwort setzen!
|
|
|
|
# --- MS SSO (Beta - noch nicht aktiv) ---
|
|
# MS_SSO_CLIENT_ENCRYPTION_KEY= # AES-256 Key fuer Client Secret Verschluesselung
|
|
|
|
# --- KI-Hilfe-Chat (optional) ---
|
|
# ANTHROPIC_API_KEY= # Claude API Key
|
|
# AI_CHAT_ENABLED=false
|
|
|
|
# --- DeepL (optional, fuer Hilfesystem-Uebersetzungen) ---
|
|
# DEEPL_API_KEY=
|