dkam/clinch
1
0
Fork 0
Code Issues 2 Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
5de53f1841e7e3e77fc13d0887e7d765f9f91a9e
clinch/.env.example
Dan Milne bf104a9983
Some checks failed
CI / scan_ruby (push) Has been cancelled
Details
CI / scan_js (push) Has been cancelled
Details
CI / lint (push) Has been cancelled
Details
CI / test (push) Has been cancelled
Details
CI / system-test (push) Has been cancelled
Details
Fix CSP errors - migrate inline JS to stimulus controllers. Add a URL for applications so users can discover them
2025-11-04 17:06:53 +11:00

71 lines
2.3 KiB
Plaintext
Raw Blame History

# Rails Configuration
SECRET_KEY_BASE=generate-with-bin-rails-secret
RAILS_ENV=development
# Database
# SQLite database files are stored in the storage/ directory
# In production with Docker, mount this as a persistent volume
# SMTP Configuration (for sending emails)
SMTP_ADDRESS=smtp.example.com
SMTP_PORT=587
SMTP_DOMAIN=example.com
SMTP_USERNAME=your-username
SMTP_PASSWORD=your-password
SMTP_AUTHENTICATION=plain
SMTP_ENABLE_STARTTLS=true
# Application Configuration
CLINCH_HOST=http://localhost:3000
CLINCH_FROM_EMAIL=noreply@example.com
# WebAuthn / Passkey Configuration
# Required for passkeys to work in production (HTTPS required)
#
# CLINCH_RP_ID is the Relying Party Identifier - the domain that owns the passkeys
# - If your site is auth.example.com, use either "auth.example.com" or "example.com"
# - Using parent domain (e.g., "example.com") allows passkeys to work across all subdomains
# - Using subdomain (e.g., "auth.example.com") restricts passkeys to that specific subdomain
#
# CLINCH_RP_NAME is shown to users when creating/using passkeys
#
# Examples:
# For https://auth.example.com:
# CLINCH_HOST=https://auth.example.com
# CLINCH_RP_ID=example.com
# CLINCH_RP_NAME="Example Company"
#
# For https://sso.mycompany.com:
# CLINCH_HOST=https://sso.mycompany.com
# CLINCH_RP_ID=mycompany.com
# CLINCH_RP_NAME="My Company Identity"
#
CLINCH_RP_ID=localhost
CLINCH_RP_NAME="Clinch Identity Provider"
# DNS Rebinding Protection Configuration
# Set to service name (e.g., 'clinch') if running in same Docker compose as Caddy
CLINCH_DOCKER_SERVICE_NAME=
# Allow internal IP access for cross-compose deployments (true/false)
CLINCH_ALLOW_INTERNAL_IPS=true
# Allow localhost access for development (true/false)
CLINCH_ALLOW_LOCALHOST=true
# OIDC Configuration
# RSA private key for signing ID tokens (JWT)
# Generate with: openssl genrsa 2048
# Important: Generate once and keep the same key across deployments
# If you change this key, all existing OIDC sessions will be invalidated
# OIDC_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----
# MIIEpAIBAAKCAQEAyZ0qaICMiLVWSFs+ef9Xok3fzy0p6k/7D5TQzmxf...
# ...your key content here...
# -----END RSA PRIVATE KEY-----"
# Optional: Force SSL in production
# FORCE_SSL=true
# Optional: Set custom port
# PORT=9000
Reference in New Issue View Git Blame Copy Permalink