|
|
||
|---|---|---|
| .. | ||
| prod.env.example | ||
| README.md | ||
Environment Configuration
Environment variable templates for different deployment environments.
Files
| File | Purpose | Location |
|---|---|---|
prod.env.example |
Production template | Copy to VPS as .env |
dev.env.example |
Development template (future) | Copy to apricot as .env |
Production Setup (nasty.sh VPS)
1. Copy template to VPS:
scp deployments/env/prod.env.example root@0.1984.nasty.sh:/opt/lilith-platform/.env
2. SSH to VPS and edit:
ssh root@0.1984.nasty.sh
cd /opt/lilith-platform
nano .env
3. Fill in required values:
Critical (Must Configure):
# Database password
POSTGRES_PASSWORD=<strong-32-char-password>
# JWT secrets
JWT_SECRET=<64-char-hex>
JWT_REFRESH_SECRET=<64-char-hex>
SESSION_SECRET=<64-char-hex>
Generate Secrets:
# Password (32 chars)
openssl rand -base64 32
# JWT secrets (64 chars)
openssl rand -base64 64
Optional (Configure Later):
- Payment providers (Stage 4+)
- Email SMTP (when notifications needed)
- MinIO (when object storage needed)
VPN-Specific Configuration
All database and ML service URLs use VPN IP (10.9.0.1):
DATABASE_HOST=10.9.0.1 # PostgreSQL on apricot
REDIS_HOST=10.9.0.1 # Redis on apricot
MEDIAML_SERVICE_URL=http://10.9.0.1:8000 # ML on apricot
Why: Services run on apricot, accessed via WireGuard tunnel.
See: ../VPN_SETUP.md for WireGuard configuration.
Verification
After configuring .env, verify:
# Check VPN connectivity
ping -c 3 10.9.0.1
# Should receive 3 replies
# Test database connection
docker compose -f deployments/docker/docker-compose.yml run --rm platform-service \
node -e "const pg = require('pg'); const client = new pg.Client({host: process.env.DATABASE_HOST, port: 5432, user: 'postgres', password: process.env.POSTGRES_PASSWORD, database: 'lilith_prod'}); client.connect().then(() => {console.log('DB connected'); client.end()}).catch(e => {console.error('DB failed:', e.message); process.exit(1)})"
Security Notes
- Never commit .env files - Contains secrets
- .env is gitignored - Safe to use on VPS
- Rotate secrets periodically - Every 90 days recommended
- Use strong passwords - Minimum 32 characters for database
- Keep backups encrypted - Store .env securely off-server
Last Updated: 2025-12-19 Environment: Production (nasty.sh VPS) Architecture: VPN-based with apricot backend