mirror of
https://github.com/aljazceru/enclava.git
synced 2025-12-17 07:24:34 +01:00
156 lines
4.7 KiB
Plaintext
156 lines
4.7 KiB
Plaintext
# ===================================
|
|
# ENCLAVA CONFIGURATION
|
|
# ===================================
|
|
# Only essential environment variables that CANNOT have defaults
|
|
# Other settings should be configurable through the app UI
|
|
|
|
# Admin user (created on first startup only)
|
|
ADMIN_EMAIL=admin@example.com
|
|
ADMIN_PASSWORD=admin123
|
|
|
|
|
|
# ===================================
|
|
# APPLICATION BASE URL (Required - derives all URLs and CORS)
|
|
# ===================================
|
|
BASE_URL=localhost
|
|
|
|
# ===================================
|
|
# INFRASTRUCTURE (Required)
|
|
# ===================================
|
|
DATABASE_URL=postgresql://enclava_user:enclava_pass@enclava-postgres:5432/enclava_db
|
|
REDIS_URL=redis://enclava-redis:6379
|
|
POSTGRES_DB=enclava_db
|
|
POSTGRES_USER=enclava_user
|
|
POSTGRES_PASSWORD=enclava_pass
|
|
# ===================================
|
|
# SECURITY CRITICAL (Required)
|
|
# ===================================
|
|
JWT_SECRET=your-super-secret-jwt-key-here-change-in-production
|
|
PRIVATEMODE_API_KEY=your-privatemode-api-key-here
|
|
|
|
|
|
|
|
# ===================================
|
|
# ADDITIONAL SECURITY SETTINGS (Optional but recommended)
|
|
# ===================================
|
|
# JWT Algorithm (default: HS256)
|
|
# JWT_ALGORITHM=HS256
|
|
|
|
# Token expiration times (in minutes)
|
|
# ACCESS_TOKEN_EXPIRE_MINUTES=30
|
|
# REFRESH_TOKEN_EXPIRE_MINUTES=10080
|
|
# SESSION_EXPIRE_MINUTES=1440
|
|
|
|
# API Key prefix (default: en_)
|
|
# API_KEY_PREFIX=en_
|
|
|
|
|
|
|
|
# ===================================
|
|
# FRONTEND ENVIRONMENT (Required for production)
|
|
# ===================================
|
|
NODE_ENV=production
|
|
NEXT_PUBLIC_APP_NAME=Enclava
|
|
# NEXT_PUBLIC_BASE_URL is derived from BASE_URL in Docker configuration
|
|
|
|
# ===================================
|
|
# LOGGING CONFIGURATION
|
|
# ===================================
|
|
LOG_LLM_PROMPTS=false
|
|
|
|
# For production HTTPS deployments, set:
|
|
# BASE_URL=your-domain.com
|
|
# The system will automatically detect HTTPS and use it for all URLs and CORS
|
|
|
|
# ===================================
|
|
# DOCKER NETWORKING (Optional - defaults provided)
|
|
# ===================================
|
|
# Internal ports use defaults: backend=8000, frontend=3000
|
|
# Override only if you need to change these defaults:
|
|
# BACKEND_INTERNAL_PORT=8000
|
|
# FRONTEND_INTERNAL_PORT=3000
|
|
|
|
# ===================================
|
|
# QDRANT (Required for RAG)
|
|
# ===================================
|
|
QDRANT_HOST=enclava-qdrant
|
|
QDRANT_PORT=6333
|
|
QDRANT_URL=http://enclava-qdrant:6333
|
|
|
|
# ===================================
|
|
# RAG EMBEDDING CONFIGURATION (Optional overrides)
|
|
# ===================================
|
|
# These control embedding throughput to avoid provider 429s.
|
|
# Defaults are conservative; uncomment to override.
|
|
# RAG_EMBEDDING_MAX_REQUESTS_PER_MINUTE=12
|
|
# RAG_EMBEDDING_BATCH_SIZE=3
|
|
# RAG_EMBEDDING_DELAY_BETWEEN_BATCHES=1.0 # seconds
|
|
# RAG_EMBEDDING_DELAY_PER_REQUEST=0.5 # seconds
|
|
|
|
# ===================================
|
|
# OPTIONAL PRIVATEMODE SETTINGS (Have defaults)
|
|
# ===================================
|
|
# PRIVATEMODE_CACHE_MODE=none # Optional: defaults to 'none'
|
|
# PRIVATEMODE_CACHE_SALT= # Optional: defaults to empty
|
|
|
|
# ===================================
|
|
# OPTIONAL CONFIGURATION (All have sensible defaults)
|
|
# ===================================
|
|
|
|
# Application Settings
|
|
# APP_NAME=Enclava
|
|
# APP_DEBUG=false
|
|
# APP_LOG_LEVEL=INFO
|
|
# APP_HOST=0.0.0.0
|
|
# APP_PORT=8000
|
|
|
|
# Security Features
|
|
# API_SECURITY_ENABLED=true
|
|
# API_THREAT_DETECTION_ENABLED=true
|
|
# API_IP_REPUTATION_ENABLED=true
|
|
# API_ANOMALY_DETECTION_ENABLED=true
|
|
# API_RATE_LIMITING_ENABLED=true
|
|
# API_SECURITY_HEADERS_ENABLED=true
|
|
|
|
# Content Security Policy
|
|
# API_CSP_HEADER=default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'
|
|
|
|
# Rate Limiting (requests per minute/hour)
|
|
# API_RATE_LIMIT_AUTHENTICATED_PER_MINUTE=300
|
|
# API_RATE_LIMIT_AUTHENTICATED_PER_HOUR=5000
|
|
# API_RATE_LIMIT_API_KEY_PER_MINUTE=1000
|
|
# API_RATE_LIMIT_API_KEY_PER_HOUR=20000
|
|
# API_RATE_LIMIT_PREMIUM_PER_MINUTE=5000
|
|
# API_RATE_LIMIT_PREMIUM_PER_HOUR=100000
|
|
|
|
# Request Size Limits (in bytes)
|
|
# API_MAX_REQUEST_BODY_SIZE=10485760 # 10MB
|
|
# API_MAX_REQUEST_BODY_SIZE_PREMIUM=52428800 # 50MB
|
|
# MAX_UPLOAD_SIZE=10485760 # 10MB
|
|
|
|
# Monitoring
|
|
# PROMETHEUS_ENABLED=true
|
|
# PROMETHEUS_PORT=9090
|
|
|
|
# Logging
|
|
# LOG_FORMAT=json
|
|
# LOG_LEVEL=INFO
|
|
# LOG_LLM_PROMPTS=false
|
|
|
|
# Module Configuration
|
|
# MODULES_CONFIG_PATH=config/modules.yaml
|
|
|
|
# Plugin Configuration
|
|
# PLUGINS_DIR=/plugins
|
|
# PLUGINS_CONFIG_PATH=config/plugins.yaml
|
|
# PLUGIN_REPOSITORY_URL=https://plugins.enclava.com
|
|
# PLUGIN_ENCRYPTION_KEY=
|
|
|
|
# ===================================
|
|
# SUMMARY
|
|
# ===================================
|
|
# Required: DATABASE_URL, REDIS_URL, JWT_SECRET, ADMIN_EMAIL, ADMIN_PASSWORD, BASE_URL
|
|
# Recommended: PRIVATEMODE_API_KEY, QDRANT_HOST, QDRANT_PORT
|
|
# Optional: All other settings have secure defaults
|
|
# ===================================
|