104 lines
3.4 KiB
Bash
104 lines
3.4 KiB
Bash
# .env.template (สำหรับ QNAP / Gitea Runner)
|
|
# วิธีใช้:
|
|
# 1. copy ไฟล์นี้เป็น `.env` ในโฟลเดอร์เดียวกับ docker-compose ที่จะ deploy
|
|
# 2. แทนค่า CHANGE_ME_* ทุกตัวด้วยค่าจริง (ห้าม commit `.env`)
|
|
# 3. สร้าง secret 32-byte ด้วย: `openssl rand -hex 32`
|
|
# หมายเหตุ: ไฟล์นี้ต้องไม่มีค่า secret จริงเด็ดขาด (Tier-1 Security)
|
|
|
|
# ---------------------------------------------------------
|
|
# 1. Backend Service Configuration
|
|
# ---------------------------------------------------------
|
|
TZ=Asia/Bangkok
|
|
NODE_ENV=production
|
|
PORT=3000
|
|
|
|
# --- Database (MariaDB) ---
|
|
DB_HOST=mariadb
|
|
DB_PORT=3306
|
|
DB_DATABASE=lcbp3
|
|
DB_USERNAME=center
|
|
# strong password ≥ 16 chars, mixed case + symbol + digit
|
|
DB_PASSWORD=Center#2026
|
|
# ใช้คนละค่ากับ DB_PASSWORD (least privilege)
|
|
DB_ROOT_PASSWORD=Np721220$
|
|
|
|
# --- Redis (Cache & Queue) ---
|
|
REDIS_HOST=cache
|
|
REDIS_PORT=6379
|
|
# Redis server จะถูกเริ่มด้วย --requirepass ${REDIS_PASSWORD}
|
|
REDIS_PASSWORD=Center#2026
|
|
|
|
# --- Search (Elasticsearch) ---
|
|
ELASTICSEARCH_HOST=search
|
|
ELASTICSEARCH_PORT=9200
|
|
ELASTICSEARCH_USERNAME=elastic
|
|
ELASTICSEARCH_PASSWORD=Center#2026
|
|
|
|
# --- Security (JWT) — backend only, อย่าใช้ค่าซ้ำกับ AUTH_SECRET ---
|
|
# generate: openssl rand -hex 32
|
|
JWT_SECRET=6d6a8e8a094881e78df024cdc2975301e2574144e573a176631e02193fa80a53
|
|
JWT_EXPIRATION=8h
|
|
JWT_REFRESH_SECRET=a26d1dfd1d2685410a26a4655f93ce8d9887570550a5d93ea76e15d0e7f1b8d4
|
|
|
|
# --- ClamAV (File upload scanning, ADR-016) ---
|
|
CLAMAV_HOST=clamav
|
|
CLAMAV_PORT=3310
|
|
|
|
# --- Numbering Logic ---
|
|
NUMBERING_LOCK_TIMEOUT=5000
|
|
NUMBERING_RESERVATION_TTL=300
|
|
|
|
# --- File Storage ---
|
|
UPLOAD_TEMP_DIR=/app/uploads/temp
|
|
UPLOAD_PERMANENT_DIR=/app/uploads/permanent
|
|
MAX_FILE_SIZE=52428800
|
|
|
|
# ---------------------------------------------------------
|
|
# 2. Frontend Service Configuration
|
|
# ---------------------------------------------------------
|
|
NEXT_PUBLIC_API_URL=https://backend.np-dms.work/api
|
|
AUTH_URL=https://lcbp3.np-dms.work
|
|
|
|
# --- NextAuth — ห้ามตั้งค่าเดียวกับ JWT_SECRET ---
|
|
# generate: openssl rand -hex 32
|
|
AUTH_SECRET=f4b4706a0e8dfe9ba560e3ed5e3edf1a6692a49b16312ee13d19e49864dd97f3
|
|
AUTH_TRUST_HOST=true
|
|
|
|
# --- Shared Context ---
|
|
INTERNAL_API_URL=http://backend:3000/api
|
|
HOSTNAME=0.0.0.0
|
|
|
|
# ---------------------------------------------------------
|
|
# 3. Infrastructure (อื่น ๆ ที่อ้างอิงจาก compose files)
|
|
# ---------------------------------------------------------
|
|
# n8n
|
|
N8N_ENCRYPTION_KEY=571f856afa8a69f2c75aeb5e9fc919cf16aa8e8c6c6b96f936163a9a05a16aac
|
|
N8N_DB_PASSWORD=Np721220$
|
|
|
|
# Gitea (DB user)
|
|
GITEA_DB_PASSWORD=Center#2026
|
|
|
|
# NPM (DB user)
|
|
NPM_DB_PASSWORD=Center#2026
|
|
|
|
# Grafana
|
|
GRAFANA_ADMIN_PASSWORD=Center#2026
|
|
|
|
|
|
# ---------------------------------------------------------
|
|
# 4. M-phase additions
|
|
# ---------------------------------------------------------
|
|
# App image tags (CI-injected per release)
|
|
BACKEND_IMAGE_TAG=latest
|
|
FRONTEND_IMAGE_TAG=latest
|
|
|
|
# MongoDB / RocketChat (M8)
|
|
MONGO_ROOT_USERNAME=root
|
|
MONGO_ROOT_PASSWORD=Np721220$
|
|
MONGO_RC_USERNAME=rocketchat
|
|
MONGO_RC_PASSWORD=Center#2026
|
|
|
|
# Docker Registry (M6)
|
|
REGISTRY_ADMIN_USER=admin
|
|
REGISTRY_ADMIN_PASSWORD=Center#2026
|