mirror of
https://github.com/aljazceru/enclava.git
synced 2025-12-17 07:24:34 +01:00
153 lines
4.7 KiB
Bash
153 lines
4.7 KiB
Bash
# ===================================
|
|
# ENCLAVA MINIMAL CONFIGURATION
|
|
# ===================================
|
|
# Only essential environment variables that CANNOT have defaults
|
|
# Other settings should be configurable through the app UI
|
|
|
|
# ===================================
|
|
# INFRASTRUCTURE (Required)
|
|
# ===================================
|
|
DATABASE_URL=postgresql://enclava_user:enclava_pass@enclava-postgres:5432/enclava_db
|
|
REDIS_URL=redis://enclava-redis:6379
|
|
|
|
# ===================================
|
|
# SECURITY CRITICAL (Required)
|
|
# ===================================
|
|
JWT_SECRET=your-super-secret-jwt-key-here-change-in-production
|
|
PRIVATEMODE_API_KEY=dfaea90e-df15-48d4-94ff-5ee243b846bb
|
|
|
|
# Admin user (created on first startup only)
|
|
ADMIN_EMAIL=admin@example.com
|
|
ADMIN_PASSWORD=admin123
|
|
API_RATE_LIMITING_ENABLED=false
|
|
# ===================================
|
|
# ADDITIONAL SECURITY SETTINGS (Optional but recommended)
|
|
# ===================================
|
|
# JWT Algorithm (default: HS256)
|
|
# JWT_ALGORITHM=HS256
|
|
|
|
# Token expiration times (in minutes)
|
|
# ACCESS_TOKEN_EXPIRE_MINUTES=30
|
|
# REFRESH_TOKEN_EXPIRE_MINUTES=10080
|
|
# SESSION_EXPIRE_MINUTES=1440
|
|
|
|
# API Key prefix (default: en_)
|
|
# API_KEY_PREFIX=en_
|
|
|
|
# Security thresholds (0.0-1.0)
|
|
# API_SECURITY_RISK_THRESHOLD=0.8
|
|
# API_SECURITY_WARNING_THRESHOLD=0.6
|
|
# API_SECURITY_ANOMALY_THRESHOLD=0.7
|
|
|
|
# IP security (comma-separated for multiple IPs)
|
|
# API_BLOCKED_IPS=
|
|
# API_ALLOWED_IPS=
|
|
|
|
# ===================================
|
|
# APPLICATION BASE URL (Required - derives all URLs and CORS)
|
|
# ===================================
|
|
BASE_URL=localhost:80
|
|
# Frontend derives: APP_URL=http://localhost, API_URL=http://localhost, WS_URL=ws://localhost
|
|
# Backend derives: CORS_ORIGINS=["http://localhost"]
|
|
|
|
# ===================================
|
|
# DOCKER NETWORKING (Required for containers)
|
|
# ===================================
|
|
BACKEND_INTERNAL_PORT=8000
|
|
FRONTEND_INTERNAL_PORT=3000
|
|
# Hosts are fixed: enclava-backend, enclava-frontend
|
|
# Upstreams derive: enclava-backend:8000, enclava-frontend:3000
|
|
|
|
# ===================================
|
|
# QDRANT (Required for RAG)
|
|
# ===================================
|
|
QDRANT_HOST=enclava-qdrant
|
|
QDRANT_PORT=6333
|
|
QDRANT_URL=http://enclava-qdrant:6333
|
|
|
|
# ===================================
|
|
# OPTIONAL PRIVATEMODE SETTINGS (Have defaults)
|
|
# ===================================
|
|
# PRIVATEMODE_CACHE_MODE=none # Optional: defaults to 'none'
|
|
# PRIVATEMODE_CACHE_SALT= # Optional: defaults to empty
|
|
|
|
# ===================================
|
|
# OPTIONAL CONFIGURATION (All have sensible defaults)
|
|
# ===================================
|
|
|
|
# Application Settings
|
|
# APP_NAME=Enclava
|
|
# APP_DEBUG=false
|
|
# APP_LOG_LEVEL=INFO
|
|
# APP_HOST=0.0.0.0
|
|
# APP_PORT=8000
|
|
|
|
# Security Features
|
|
API_SECURITY_ENABLED=false
|
|
# API_THREAT_DETECTION_ENABLED=true
|
|
# API_IP_REPUTATION_ENABLED=true
|
|
# API_ANOMALY_DETECTION_ENABLED=true
|
|
API_RATE_LIMITING_ENABLED=false
|
|
# API_SECURITY_HEADERS_ENABLED=true
|
|
|
|
# Content Security Policy
|
|
# API_CSP_HEADER=default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'
|
|
|
|
# Rate Limiting (requests per minute/hour)
|
|
# API_RATE_LIMIT_AUTHENTICATED_PER_MINUTE=300
|
|
# API_RATE_LIMIT_AUTHENTICATED_PER_HOUR=5000
|
|
# API_RATE_LIMIT_API_KEY_PER_MINUTE=1000
|
|
# API_RATE_LIMIT_API_KEY_PER_HOUR=20000
|
|
# API_RATE_LIMIT_PREMIUM_PER_MINUTE=5000
|
|
# API_RATE_LIMIT_PREMIUM_PER_HOUR=100000
|
|
|
|
# Request Size Limits (in bytes)
|
|
# API_MAX_REQUEST_BODY_SIZE=10485760 # 10MB
|
|
# API_MAX_REQUEST_BODY_SIZE_PREMIUM=52428800 # 50MB
|
|
# MAX_UPLOAD_SIZE=10485760 # 10MB
|
|
|
|
# Monitoring
|
|
# PROMETHEUS_ENABLED=true
|
|
# PROMETHEUS_PORT=9090
|
|
|
|
# Logging
|
|
# LOG_FORMAT=json
|
|
# LOG_LEVEL=INFO
|
|
# LOG_LLM_PROMPTS=false
|
|
|
|
# Module Configuration
|
|
# MODULES_CONFIG_PATH=config/modules.yaml
|
|
|
|
# Plugin Configuration
|
|
# PLUGINS_DIR=/plugins
|
|
# PLUGINS_CONFIG_PATH=config/plugins.yaml
|
|
# PLUGIN_REPOSITORY_URL=https://plugins.enclava.com
|
|
# PLUGIN_ENCRYPTION_KEY=
|
|
|
|
# ===================================
|
|
# RAG EMBEDDING ENHANCED SETTINGS
|
|
# ===================================
|
|
# Enhanced embedding service configuration
|
|
RAG_EMBEDDING_MAX_REQUESTS_PER_MINUTE=60
|
|
RAG_EMBEDDING_BATCH_SIZE=5
|
|
RAG_EMBEDDING_RETRY_COUNT=3
|
|
RAG_EMBEDDING_RETRY_DELAYS=1,2,4,8,16
|
|
RAG_EMBEDDING_DELAY_BETWEEN_BATCHES=0.5
|
|
|
|
# Fallback embedding behavior
|
|
RAG_ALLOW_FALLBACK_EMBEDDINGS=true
|
|
RAG_WARN_ON_FALLBACK=true
|
|
|
|
# Processing timeouts (in seconds)
|
|
RAG_DOCUMENT_PROCESSING_TIMEOUT=300
|
|
RAG_EMBEDDING_GENERATION_TIMEOUT=120
|
|
RAG_INDEXING_TIMEOUT=120
|
|
|
|
# ===================================
|
|
# SUMMARY
|
|
# ===================================
|
|
# Required: DATABASE_URL, REDIS_URL, JWT_SECRET, ADMIN_EMAIL, ADMIN_PASSWORD, BASE_URL
|
|
# Recommended: PRIVATEMODE_API_KEY, QDRANT_HOST, QDRANT_PORT
|
|
# Optional: All other settings have secure defaults
|
|
# ===================================
|