643504d89b
- Add *.sqlite* patterns to .gitignore - Expand .dockerignore to exclude chart/, docs/, .github/, etc. - Add HEALTHCHECK instruction to Dockerfile - Fix Helm chart: preserve JWT secret across upgrades (lookup), add securityContext, conditional PVC creation, resource defaults - Remove hardcoded demo credentials from MCP.md - Complete .env.example with all configurable environment variables https://claude.ai/code/session_01SoQKcF5Rz9Y8Nzo4PzkxY8
34 lines
913 B
Plaintext
34 lines
913 B
Plaintext
PORT=3000
|
|
NODE_ENV=development
|
|
DEBUG=false
|
|
|
|
# REQUIRED for production — generate with: openssl rand -hex 32
|
|
JWT_SECRET=CHANGEME_GENERATE_WITH_openssl_rand_hex_32
|
|
|
|
# Timezone (defaults to system timezone)
|
|
# TZ=UTC
|
|
|
|
# CORS — comma-separated origins (leave unset for same-origin in production, allow-all in development)
|
|
# ALLOWED_ORIGINS=https://trek.example.com
|
|
|
|
# Force HTTPS redirect (set to true behind TLS-terminating proxy)
|
|
# FORCE_HTTPS=true
|
|
|
|
# Trust proxy (set to number of proxy hops, e.g. 1 for single reverse proxy)
|
|
# TRUST_PROXY=1
|
|
|
|
# Application URL (used for OIDC callback validation)
|
|
# APP_URL=https://trek.example.com
|
|
|
|
# Demo mode (enables demo login, disables registration)
|
|
# DEMO_MODE=false
|
|
|
|
# --- OIDC / SSO ---
|
|
# OIDC_ISSUER=https://auth.example.com
|
|
# OIDC_CLIENT_ID=
|
|
# OIDC_CLIENT_SECRET=
|
|
# OIDC_DISPLAY_NAME=SSO
|
|
# OIDC_ONLY=false
|
|
# OIDC_ADMIN_CLAIM=groups
|
|
# OIDC_ADMIN_VALUE=app-trek-admins
|