08787c89c8
Some checks failed
Dev CI / Unit Tests (${{ matrix.app }}) (backend) (push) Blocked by required conditions
Dev CI / Unit Tests (${{ matrix.app }}) (frontend) (push) Blocked by required conditions
Dev CI / Notify Failure (push) Blocked by required conditions
Dev CI / Quality (${{ matrix.app }}) (backend) (push) Has been cancelled
Dev CI / Quality (${{ matrix.app }}) (frontend) (push) Has been cancelled
Aligns dev with the complete application codebase (cicd branch). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
98 lines
3.0 KiB
Plaintext
98 lines
3.0 KiB
Plaintext
# Xpeditis - Production Environment Variables
|
|
# Copy this file to .env.production and fill in the values
|
|
|
|
# ===================================
|
|
# DOCKER REGISTRY
|
|
# ===================================
|
|
DOCKER_REGISTRY=docker.io
|
|
BACKEND_IMAGE=xpeditis/backend
|
|
BACKEND_TAG=latest
|
|
FRONTEND_IMAGE=xpeditis/frontend
|
|
FRONTEND_TAG=latest
|
|
|
|
# ===================================
|
|
# DATABASE (PostgreSQL)
|
|
# ===================================
|
|
POSTGRES_DB=xpeditis_prod
|
|
POSTGRES_USER=xpeditis
|
|
POSTGRES_PASSWORD=CHANGE_ME_SECURE_PASSWORD_64_CHARS_MINIMUM
|
|
|
|
# ===================================
|
|
# REDIS CACHE
|
|
# ===================================
|
|
REDIS_PASSWORD=CHANGE_ME_REDIS_PASSWORD_64_CHARS_MINIMUM
|
|
|
|
# ===================================
|
|
# JWT AUTHENTICATION
|
|
# ===================================
|
|
JWT_SECRET=CHANGE_ME_JWT_SECRET_512_BITS_MINIMUM
|
|
|
|
# ===================================
|
|
# AWS CONFIGURATION
|
|
# ===================================
|
|
AWS_REGION=eu-west-3
|
|
AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
|
|
AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
|
|
AWS_SES_REGION=eu-west-1
|
|
|
|
# S3 Buckets
|
|
S3_BUCKET_DOCUMENTS=xpeditis-prod-documents
|
|
S3_BUCKET_UPLOADS=xpeditis-prod-uploads
|
|
|
|
# ===================================
|
|
# EMAIL CONFIGURATION
|
|
# ===================================
|
|
EMAIL_SERVICE=ses
|
|
EMAIL_FROM=noreply@xpeditis.com
|
|
EMAIL_FROM_NAME=Xpeditis
|
|
|
|
# ===================================
|
|
# MONITORING (Sentry) - REQUIRED
|
|
# ===================================
|
|
SENTRY_DSN=https://your-sentry-dsn@sentry.io/project-id
|
|
NEXT_PUBLIC_SENTRY_DSN=https://your-sentry-dsn@sentry.io/project-id
|
|
|
|
# ===================================
|
|
# ANALYTICS (Google Analytics) - REQUIRED
|
|
# ===================================
|
|
NEXT_PUBLIC_GA_MEASUREMENT_ID=G-XXXXXXXXXX
|
|
|
|
# ===================================
|
|
# CARRIER APIs (Production) - REQUIRED
|
|
# ===================================
|
|
# Maersk Production
|
|
MAERSK_API_URL=https://api.maersk.com
|
|
MAERSK_API_KEY=your-maersk-production-api-key
|
|
|
|
# MSC Production
|
|
MSC_API_URL=https://api.msc.com
|
|
MSC_API_KEY=your-msc-production-api-key
|
|
|
|
# CMA CGM Production
|
|
CMA_CGM_API_URL=https://api.cma-cgm.com
|
|
CMA_CGM_API_KEY=your-cma-cgm-production-api-key
|
|
|
|
# Hapag-Lloyd Production
|
|
HAPAG_LLOYD_API_URL=https://api.hapag-lloyd.com
|
|
HAPAG_LLOYD_API_KEY=your-hapag-lloyd-api-key
|
|
|
|
# ONE (Ocean Network Express)
|
|
ONE_API_URL=https://api.one-line.com
|
|
ONE_API_KEY=your-one-api-key
|
|
|
|
# ===================================
|
|
# SECURITY BEST PRACTICES
|
|
# ===================================
|
|
# ✅ Use AWS Secrets Manager for production secrets
|
|
# ✅ Rotate credentials every 90 days
|
|
# ✅ Enable AWS CloudTrail for audit logs
|
|
# ✅ Use IAM roles with least privilege
|
|
# ✅ Enable MFA on all AWS accounts
|
|
# ✅ Use strong passwords (min 64 characters, random)
|
|
# ✅ Never commit this file with real credentials
|
|
# ✅ Restrict database access to VPC only
|
|
# ✅ Enable SSL/TLS for all connections
|
|
# ✅ Monitor failed login attempts (Sentry)
|
|
# ✅ Setup automated backups (daily, 30-day retention)
|
|
# ✅ Test disaster recovery procedures monthly
|