.env.example

# Example environment configuration for the docker compose stack

###########
# General #
###########

# Path to the directory which contains the certificates (default: ./certs)
# CERTIFICATES_DIR_PATH=

# Public URL at which the API container will be reachable (default: https://localhost:54844)
# API_URL=

#########
# HTTPS #
#########

# Path to the server TLS certificate on the container disk (default: /certs/server.crt)
# SERVER_CERTIFICATE=

# Path to the server TLS private key on the container disk (default: /certs/server.key)
# SERVER_PRIVATE_KEY=

###########
# MongoDB #
###########

# Connection string to connect to the mongoDB instance (default: mongodb://root:root@change_me:27017/)
# MONGO_CONNECTION_STRING=

# User to use for authentication with MongoDB (overrides connection string)
# MONGO_USER=

# Password to use for authentication with MongoDB (overrides connection string)
# MONGO_PASSWORD=

# Database that should be used in MongoDB (overrides connection string)
# MONGO_DATABASE=

##########
# OAuth2 #
##########

# Google OAuth2 client ID (required)
GOOGLE_CLIENT_ID=

# Google OAuth2 client secret (required)
GOOGLE_CLIENT_SECRET=

#########################
# Authentication Tokens #
#########################

# Secret used to encrypt session tokens
SESSION_SECRET=

# Server identifier (recommended for security)
# This string can be anything, it must however be the same on all the server instances
# It is custom to use the server's public url for this (https://my-server.com)
# SERVER_ID=

# Duration of an access token validity (default: 1h)
# Integer values are considered milliseconds, but more complex structures can be used like "1d", or "2.5hrs"
# Format documentation: https://github.com/vercel/ms
# ACCESS_TOKEN_EXPIRATION=

# Secret used to sign access tokens
# If not set, a new one will be generated at each start, which will invalidate previous access tokens
# ACCESS_TOKEN_SECRET=

# Base64 representation of the key used to encrypt refresh tokens
# If not set, a new one will be generated at each start, which will invalidate previous refresh tokens
# It is highly recommended to set this parameter
# Generate one with one of these commands:
# > xxd -l32 -ps /dev/urandom | xxd -r -ps | base64
# > openssl rand -base64 32
# REFRESH_TOKEN_KEY_BASE64=

##############
# VPN Server #
##############

# Secret shared with the VPN server. It acts as an authentication mechanism and must be the same on both. (required)
VPN_SERVER_SECRET=

# ID of the server, this should be unique to each instance.
# If not specified a new one will be generated at each startup
# This is used to identify a server across restarts
# VPN_SERVER_ID=

# Path to the PEM encoded Diffie–Hellman key exchange prime number parameter. (default: /certs/dh2048.pem)
# Generate it wil the following command
# > openssl dhparam -out dh2048.pem 2048
# You must provide the path to the generated file
# VPN_SERVER_DH_PARAM=

# Public IP address of the VPN server, it will be ued by the clients to connect
# By default we attempt to get it by making a request to a known server
# VPN_SERVER_PUBLIC_URL=

# Port on which the VPN server should be available (default: 1194)
# VPN_SERVER_PORT=

#############################
# Public Key Infrastructure #
#############################

# Path to the CA private key (default: /certs/ca.key)
# The key can be generated with this command
# > openssl genrsa -out ca.key 4096
# CA_PRIVATE_KEY=

# Path to the CA certificate (default: /certs/ca.crt)
# The API acts as a CA and signs + distributes certificates to all the servers and clients in the network
# The certificate can be generated with this command
# > openssl req -x509 -new -nodes -key ca.key -sha256 -days 1826 -out ca.crt
# CA_CERTIFICATE=