3b9d759b4b
- Clone of github.com/fluxerapp/fluxer (official upstream) - SELF_HOSTING.md: full VM rebuild procedure, architecture overview, service reference, step-by-step setup, troubleshooting, seattle reference - dev/.env.example: all env vars with secrets redacted and generation instructions - dev/livekit.yaml: LiveKit config template with placeholder keys - fluxer-seattle/: existing seattle deployment setup scripts
229 lines
8.2 KiB
Plaintext
229 lines
8.2 KiB
Plaintext
NODE_ENV=production
|
|
|
|
# =============================================================================
|
|
# Domain configuration
|
|
# Replace with your actual domain
|
|
# =============================================================================
|
|
FLUXER_API_PUBLIC_ENDPOINT=https://your-domain.example.com/api
|
|
FLUXER_API_CLIENT_ENDPOINT=
|
|
FLUXER_APP_ENDPOINT=https://your-domain.example.com
|
|
FLUXER_GATEWAY_ENDPOINT=wss://your-domain.example.com/gateway
|
|
FLUXER_MEDIA_ENDPOINT=https://your-domain.example.com/media
|
|
FLUXER_CDN_ENDPOINT=https://fluxerstatic.com
|
|
FLUXER_MARKETING_ENDPOINT=https://your-domain.example.com
|
|
FLUXER_ADMIN_ENDPOINT=https://your-domain.example.com/admin
|
|
FLUXER_INVITE_ENDPOINT=https://your-domain.example.com
|
|
FLUXER_GIFT_ENDPOINT=https://your-domain.example.com
|
|
FLUXER_API_HOST=api:8080
|
|
|
|
FLUXER_API_PORT=8080
|
|
FLUXER_GATEWAY_WS_PORT=8080
|
|
FLUXER_GATEWAY_RPC_PORT=8081
|
|
FLUXER_MEDIA_PROXY_PORT=8080
|
|
FLUXER_ADMIN_PORT=8080
|
|
FLUXER_MARKETING_PORT=8080
|
|
|
|
FLUXER_PATH_GATEWAY=/gateway
|
|
FLUXER_PATH_ADMIN=/
|
|
FLUXER_PATH_MARKETING=/marketing
|
|
|
|
API_HOST=api:8080
|
|
FLUXER_GATEWAY_RPC_HOST=
|
|
FLUXER_GATEWAY_PUSH_ENABLED=false
|
|
FLUXER_GATEWAY_PUSH_USER_GUILD_SETTINGS_CACHE_MB=1024
|
|
FLUXER_GATEWAY_PUSH_SUBSCRIPTIONS_CACHE_MB=1024
|
|
FLUXER_GATEWAY_PUSH_BLOCKED_IDS_CACHE_MB=1024
|
|
FLUXER_GATEWAY_IDENTIFY_RATE_LIMIT_ENABLED=false
|
|
|
|
FLUXER_MEDIA_PROXY_HOST=
|
|
MEDIA_PROXY_ENDPOINT=
|
|
|
|
# =============================================================================
|
|
# VAPID keys (Web Push notifications)
|
|
# Generate with: npx web-push generate-vapid-keys
|
|
# =============================================================================
|
|
VAPID_PUBLIC_KEY=GENERATE_WITH_web-push_generate-vapid-keys
|
|
VAPID_PRIVATE_KEY=GENERATE_WITH_web-push_generate-vapid-keys
|
|
VAPID_EMAIL=noreply@your-domain.example.com
|
|
|
|
# =============================================================================
|
|
# Secrets
|
|
# Generate each with: openssl rand -hex 64 (or 32 for shorter ones)
|
|
# =============================================================================
|
|
SECRET_KEY_BASE=GENERATE_openssl_rand_hex_64
|
|
GATEWAY_RPC_SECRET=GENERATE_openssl_rand_hex_32
|
|
GATEWAY_ADMIN_SECRET=GENERATE_openssl_rand_hex_32
|
|
ERLANG_COOKIE=GENERATE_openssl_rand_hex_32
|
|
MEDIA_PROXY_SECRET_KEY=GENERATE_openssl_rand_hex_32
|
|
SUDO_MODE_SECRET=GENERATE_openssl_rand_hex_32
|
|
|
|
# =============================================================================
|
|
# Passkeys / WebAuthn
|
|
# =============================================================================
|
|
PASSKEYS_ENABLED=true
|
|
PASSKEY_RP_NAME=Fluxer
|
|
PASSKEY_RP_ID=your-domain.example.com
|
|
PASSKEY_ALLOWED_ORIGINS=https://your-domain.example.com
|
|
|
|
# =============================================================================
|
|
# Admin OAuth2
|
|
# Set after first boot — create an OAuth2 app in the Fluxer admin panel
|
|
# =============================================================================
|
|
ADMIN_OAUTH2_CLIENT_ID=
|
|
ADMIN_OAUTH2_CLIENT_SECRET=
|
|
ADMIN_OAUTH2_AUTO_CREATE=false
|
|
ADMIN_OAUTH2_REDIRECT_URI=https://your-domain.example.com/admin/oauth2_callback
|
|
|
|
RELEASE_CHANNEL=stable
|
|
|
|
# =============================================================================
|
|
# Databases
|
|
# =============================================================================
|
|
DATABASE_URL=postgresql://postgres:postgres@postgres:5432/fluxer
|
|
|
|
REDIS_URL=redis://redis:6379
|
|
|
|
CASSANDRA_HOSTS=cassandra
|
|
CASSANDRA_KEYSPACE=fluxer
|
|
CASSANDRA_LOCAL_DC=datacenter1
|
|
CASSANDRA_USERNAME=cassandra
|
|
CASSANDRA_PASSWORD=cassandra
|
|
|
|
# =============================================================================
|
|
# S3 / MinIO (object storage)
|
|
# Defaults use local MinIO container — replace with real S3/R2 for production
|
|
# =============================================================================
|
|
AWS_S3_ENDPOINT=http://minio:9000
|
|
AWS_ACCESS_KEY_ID=minioadmin
|
|
AWS_SECRET_ACCESS_KEY=minioadmin
|
|
|
|
AWS_S3_BUCKET_CDN=fluxer
|
|
AWS_S3_BUCKET_UPLOADS=fluxer-uploads
|
|
AWS_S3_BUCKET_DOWNLOADS=fluxer-downloads
|
|
AWS_S3_BUCKET_REPORTS=fluxer-reports
|
|
AWS_S3_BUCKET_HARVESTS=fluxer-harvests
|
|
|
|
R2_S3_ENDPOINT=http://minio:9000
|
|
R2_ACCESS_KEY_ID=minioadmin
|
|
R2_SECRET_ACCESS_KEY=minioadmin
|
|
|
|
# =============================================================================
|
|
# Metrics
|
|
# =============================================================================
|
|
METRICS_MODE=noop
|
|
|
|
CLICKHOUSE_URL=http://clickhouse:8123
|
|
CLICKHOUSE_DATABASE=fluxer_metrics
|
|
CLICKHOUSE_USER=fluxer
|
|
CLICKHOUSE_PASSWORD=fluxer_dev
|
|
|
|
ANOMALY_DETECTION_ENABLED=true
|
|
ANOMALY_WINDOW_SIZE=100
|
|
ANOMALY_ZSCORE_THRESHOLD=3.0
|
|
ANOMALY_CHECK_INTERVAL_SECS=60
|
|
ANOMALY_COOLDOWN_SECS=300
|
|
ANOMALY_ERROR_RATE_THRESHOLD=0.05
|
|
ALERT_WEBHOOK_URL=
|
|
|
|
# =============================================================================
|
|
# Email (disabled by default)
|
|
# =============================================================================
|
|
EMAIL_ENABLED=false
|
|
SENDGRID_FROM_EMAIL=noreply@your-domain.example.com
|
|
SENDGRID_FROM_NAME=Fluxer
|
|
SENDGRID_API_KEY=
|
|
SENDGRID_WEBHOOK_PUBLIC_KEY=
|
|
|
|
# =============================================================================
|
|
# SMS (disabled by default)
|
|
# =============================================================================
|
|
SMS_ENABLED=false
|
|
TWILIO_ACCOUNT_SID=
|
|
TWILIO_AUTH_TOKEN=
|
|
TWILIO_VERIFY_SERVICE_SID=
|
|
|
|
# =============================================================================
|
|
# CAPTCHA (disabled by default)
|
|
# =============================================================================
|
|
CAPTCHA_ENABLED=false
|
|
CAPTCHA_PRIMARY_PROVIDER=none
|
|
HCAPTCHA_SITE_KEY=
|
|
HCAPTCHA_PUBLIC_SITE_KEY=
|
|
HCAPTCHA_SECRET_KEY=
|
|
TURNSTILE_SITE_KEY=
|
|
TURNSTILE_PUBLIC_SITE_KEY=
|
|
TURNSTILE_SECRET_KEY=
|
|
|
|
# =============================================================================
|
|
# Search (meilisearch)
|
|
# =============================================================================
|
|
SEARCH_ENABLED=true
|
|
MEILISEARCH_URL=http://meilisearch:7700
|
|
MEILISEARCH_API_KEY=masterKey
|
|
|
|
# =============================================================================
|
|
# Stripe / payments (disabled by default)
|
|
# =============================================================================
|
|
STRIPE_ENABLED=false
|
|
STRIPE_SECRET_KEY=
|
|
STRIPE_WEBHOOK_SECRET=
|
|
STRIPE_PRICE_ID_MONTHLY_USD=
|
|
STRIPE_PRICE_ID_MONTHLY_EUR=
|
|
STRIPE_PRICE_ID_YEARLY_USD=
|
|
STRIPE_PRICE_ID_YEARLY_EUR=
|
|
STRIPE_PRICE_ID_VISIONARY_USD=
|
|
STRIPE_PRICE_ID_VISIONARY_EUR=
|
|
STRIPE_PRICE_ID_GIFT_VISIONARY_USD=
|
|
STRIPE_PRICE_ID_GIFT_VISIONARY_EUR=
|
|
STRIPE_PRICE_ID_GIFT_1_MONTH_USD=
|
|
STRIPE_PRICE_ID_GIFT_1_MONTH_EUR=
|
|
STRIPE_PRICE_ID_GIFT_1_YEAR_USD=
|
|
STRIPE_PRICE_ID_GIFT_1_YEAR_EUR=
|
|
|
|
# =============================================================================
|
|
# Cloudflare (tunnel + optional purge)
|
|
# =============================================================================
|
|
CLOUDFLARE_PURGE_ENABLED=false
|
|
CLOUDFLARE_ZONE_ID=
|
|
CLOUDFLARE_API_TOKEN=
|
|
# Get from Cloudflare Zero Trust → Networks → Tunnels → your tunnel → token
|
|
CLOUDFLARE_TUNNEL_TOKEN=YOUR_CLOUDFLARE_TUNNEL_TOKEN
|
|
|
|
# =============================================================================
|
|
# Voice & Video (LiveKit)
|
|
# Generate: LIVEKIT_API_KEY with openssl rand -hex 16
|
|
# LIVEKIT_API_SECRET with openssl rand -hex 32
|
|
# Must match keys in dev/livekit.yaml
|
|
# =============================================================================
|
|
VOICE_ENABLED=true
|
|
LIVEKIT_API_KEY=GENERATE_openssl_rand_hex_16
|
|
LIVEKIT_API_SECRET=GENERATE_openssl_rand_hex_32
|
|
LIVEKIT_WEBHOOK_URL=http://api:8080/webhooks/livekit
|
|
LIVEKIT_AUTO_CREATE_DUMMY_DATA=true
|
|
|
|
# =============================================================================
|
|
# ClamAV (virus scanning)
|
|
# Can be disabled — api/worker don't depend on it
|
|
# =============================================================================
|
|
CLAMAV_ENABLED=false
|
|
CLAMAV_HOST=clamav
|
|
CLAMAV_PORT=3310
|
|
|
|
# =============================================================================
|
|
# Third-party integrations (optional)
|
|
# =============================================================================
|
|
TENOR_API_KEY=
|
|
YOUTUBE_API_KEY=
|
|
|
|
# =============================================================================
|
|
# Self-hosting config
|
|
# =============================================================================
|
|
SELF_HOSTED=true
|
|
# Invite code to auto-join a community on registration (leave blank to disable)
|
|
AUTO_JOIN_INVITE_CODE=
|
|
FLUXER_VISIONARIES_GUILD_ID=
|
|
FLUXER_OPERATORS_GUILD_ID=
|
|
|
|
GIT_SHA=production
|
|
BUILD_TIMESTAMP=
|