50 lines
1.7 KiB
Plaintext
50 lines
1.7 KiB
Plaintext
## Production-safe qsfera_full environment template.
|
|
## Copy to .env and fill every placeholder before running docker compose.
|
|
|
|
COMPOSE_PATH_SEPARATOR=:
|
|
QSFERA=:qsfera.yml
|
|
|
|
## Public deployment identity.
|
|
OC_DOMAIN=<cloud.example.com>
|
|
TRAEFIK_ACME_MAIL=<admin@example.com>
|
|
|
|
## Use the production image and pin a release tag for repeatable rollouts.
|
|
OC_DOCKER_IMAGE=qsfera/qsfera
|
|
OC_DOCKER_TAG=<release-tag>
|
|
|
|
## Production must validate TLS certificates and must not create demo users.
|
|
INSECURE=false
|
|
DEMO_USERS=false
|
|
|
|
## Required by qsfera.yml.
|
|
ADMIN_PASSWORD=<replace-with-strong-password>
|
|
|
|
## Optional: enable Keycloak-backed production identity.
|
|
## Uncomment KEYCLOAK and fill all values before enabling it.
|
|
#KEYCLOAK=:keycloak.yml
|
|
KEYCLOAK_DOMAIN=<keycloak.example.com>
|
|
KEYCLOAK_REALM=qsfera
|
|
KEYCLOAK_POSTGRES_PASSWORD=<replace-with-strong-password>
|
|
KEYCLOAK_ADMIN_USER=<replace-with-admin-user>
|
|
KEYCLOAK_ADMIN_PASSWORD=<replace-with-strong-password>
|
|
|
|
## Optional: enable S3-backed user storage.
|
|
## Uncomment DECOMPOSEDS3 and fill all values before enabling it.
|
|
#DECOMPOSEDS3=:decomposeds3.yml
|
|
DECOMPOSEDS3_ENDPOINT=<https://s3.example.com>
|
|
DECOMPOSEDS3_REGION=<region>
|
|
DECOMPOSEDS3_ACCESS_KEY=<replace-with-access-key>
|
|
DECOMPOSEDS3_SECRET_KEY=<replace-with-secret-key>
|
|
DECOMPOSEDS3_BUCKET=<bucket>
|
|
|
|
## Optional: local MinIO is intended for test/lab installs, not public production.
|
|
#DECOMPOSEDS3_MINIO=:minio.yml
|
|
#MINIO_DOMAIN=<minio.example.com>
|
|
|
|
## Optional: use host paths for backup-friendly config and data storage.
|
|
#OC_CONFIG_DIR=/srv/qsfera/config
|
|
#OC_DATA_DIR=/srv/qsfera/data
|
|
|
|
## Keep this last: it assembles the selected compose files.
|
|
COMPOSE_FILE=docker-compose.yml${QSFERA:-}${DECOMPOSEDS3:-}${DECOMPOSEDS3_MINIO:-}${KEYCLOAK:-}
|