nessi
6093c5dea8
All checks were successful
Container CVE Scan (development) / Scan backend/frontend images for CVEs (push) Successful in 2m40s
PostgreSQL Compatibility Matrix / PG14 smoke (push) Successful in 8s
PostgreSQL Compatibility Matrix / PG15 smoke (push) Successful in 7s
PostgreSQL Compatibility Matrix / PG16 smoke (push) Successful in 7s
PostgreSQL Compatibility Matrix / PG17 smoke (push) Successful in 7s
PostgreSQL Compatibility Matrix / PG18 smoke (push) Successful in 8s
Proxy Profile Validation / validate (push) Successful in 3s
Introduced a secure, repeatable production proxy profile for reverse proxy and HTTPS deployment, including NGINX configuration, environment variables, and CORS guidance. Added CI workflow for static validation of proxy guardrails and detailed documentation to ensure best practices in deployment.
58 lines
2.0 KiB
Plaintext
58 lines
2.0 KiB
Plaintext
# ------------------------------
|
|
# Application
|
|
# ------------------------------
|
|
# Display name used in API docs/UI.
|
|
APP_NAME=NexaPG Monitor
|
|
# Runtime environment: dev | staging | prod | test
|
|
ENVIRONMENT=dev
|
|
# Backend log level: DEBUG | INFO | WARNING | ERROR
|
|
LOG_LEVEL=INFO
|
|
|
|
# ------------------------------
|
|
# Core Database (internal metadata DB)
|
|
# ------------------------------
|
|
# Database that stores users, targets, metrics, query stats, and audit logs.
|
|
DB_NAME=nexapg
|
|
DB_USER=nexapg
|
|
DB_PASSWORD=nexapg
|
|
# Host port mapped to the internal PostgreSQL container port 5432.
|
|
DB_PORT=5433
|
|
|
|
# ------------------------------
|
|
# Backend API
|
|
# ------------------------------
|
|
# Host port mapped to backend container port 8000.
|
|
BACKEND_PORT=8000
|
|
# JWT signing secret. Change this in every non-local environment.
|
|
JWT_SECRET_KEY=change_this_super_secret
|
|
JWT_ALGORITHM=HS256
|
|
# Access token lifetime in minutes.
|
|
JWT_ACCESS_TOKEN_MINUTES=15
|
|
# Refresh token lifetime in minutes (10080 = 7 days).
|
|
JWT_REFRESH_TOKEN_MINUTES=10080
|
|
# Key used to encrypt monitored target passwords at rest.
|
|
# Generate with:
|
|
# python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
|
|
ENCRYPTION_KEY=REPLACE_WITH_FERNET_KEY
|
|
# Allowed CORS origins for browser clients.
|
|
# Use comma-separated values, e.g.:
|
|
# CORS_ORIGINS=http://localhost:5173,https://nexapg.example.com
|
|
# Dev-only shortcut:
|
|
# CORS_ORIGINS=*
|
|
CORS_ORIGINS=http://localhost:5173,http://localhost:8080
|
|
# Target polling interval in seconds.
|
|
POLL_INTERVAL_SECONDS=30
|
|
# Initial admin bootstrap user (created on first startup if not present).
|
|
INIT_ADMIN_EMAIL=admin@example.com
|
|
INIT_ADMIN_PASSWORD=ChangeMe123!
|
|
|
|
# ------------------------------
|
|
# Frontend
|
|
# ------------------------------
|
|
# Host port mapped to frontend container port 8080.
|
|
FRONTEND_PORT=5173
|
|
# Base API URL used at frontend build time.
|
|
# For reverse proxy + SSL, keep this relative to avoid mixed-content issues.
|
|
# Example direct mode: VITE_API_URL=http://localhost:8000/api/v1
|
|
VITE_API_URL=/api/v1
|