mirrors/at-container-registry
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
test
at-container-registry/.env.appview.example
Evan Jarrett 6793ba6a50 use confidential oauth in production
2025-10-29 12:06:47 -05:00

123 lines
4.8 KiB
Plaintext
Raw Permalink Blame History

# ATCR AppView Configuration
# Copy this file to .env.appview and fill in your values
# Load with: source .env.appview && ./bin/atcr-appview serve
# ==============================================================================
# Server Configuration
# ==============================================================================
# HTTP listen address (default: :5000)
ATCR_HTTP_ADDR=:5000
# Debug listen address (default: :5001)
# ATCR_DEBUG_ADDR=:5001
# Base URL for the AppView service (REQUIRED for production)
# Used to generate OAuth redirect URIs and JWT realms
# Development: Auto-detected from ATCR_HTTP_ADDR (e.g., http://127.0.0.1:5000)
# Production: Set to your public URL (e.g., https://atcr.io)
# ATCR_BASE_URL=http://127.0.0.1:5000
# Service name (used for JWT service/issuer fields)
# Default: Derived from base URL hostname, or "atcr.io"
# ATCR_SERVICE_NAME=atcr.io
# ==============================================================================
# Storage Configuration
# ==============================================================================
# Default hold service DID for users without their own storage (REQUIRED)
# Users with a sailor profile defaultHold setting will override this
# Format: did:web:hostname[:port]
# Docker: did:web:atcr-hold:8080
# Local dev: did:web:127.0.0.1:8080
# Production: did:web:hold01.atcr.io
ATCR_DEFAULT_HOLD_DID=did:web:127.0.0.1:8080
# ==============================================================================
# Authentication Configuration
# ==============================================================================
# Path to JWT signing private key (auto-generated if missing)
# Default: /var/lib/atcr/auth/private-key.pem
# ATCR_AUTH_KEY_PATH=/var/lib/atcr/auth/private-key.pem
# Path to JWT signing certificate (auto-generated if missing)
# Default: /var/lib/atcr/auth/private-key.crt
# ATCR_AUTH_CERT_PATH=/var/lib/atcr/auth/private-key.crt
# JWT token expiration in seconds (default: 300 = 5 minutes)
# ATCR_TOKEN_EXPIRATION=300
# Path to OAuth client P-256 signing key (auto-generated on first run)
# Used for confidential OAuth client authentication (production only)
# Localhost deployments always use public OAuth clients (no key needed)
# Default: /var/lib/atcr/oauth/client.key
# ATCR_OAUTH_KEY_PATH=/var/lib/atcr/oauth/client.key
# OAuth client display name (shown in authorization screens)
# Default: AT Container Registry
# ATCR_CLIENT_NAME=AT Container Registry
# ==============================================================================
# UI Configuration
# ==============================================================================
# Enable web UI (default: true)
# Set to "false" to disable web interface and run registry-only
ATCR_UI_ENABLED=true
# SQLite database path for UI data (sessions, stars, pull counts, etc.)
# Default: /var/lib/atcr/ui.db
# ATCR_UI_DATABASE_PATH=/var/lib/atcr/ui.db
# Skip database migrations on startup (default: false)
# Set to "true" to skip running migrations (useful for tests or fresh databases)
# Production: Keep as "false" to ensure migrations are applied
SKIP_DB_MIGRATIONS=false
# ==============================================================================
# Logging Configuration
# ==============================================================================
# Log level: debug, info, warn, error (default: info)
ATCR_LOG_LEVEL=debug
# Log formatter: text, json (default: text)
# ATCR_LOG_FORMATTER=text
# ==============================================================================
# Hold Health Check Configuration
# ==============================================================================
# How often to check health of hold endpoints in the background (default: 15m)
# Queries database for unique hold endpoints and checks if they're reachable
# Examples: 5m, 15m, 30m, 1h
# ATCR_HEALTH_CHECK_INTERVAL=15m
# How long to cache health check results (default: 15m)
# Cached results avoid redundant health checks on page renders
# Should be >= ATCR_HEALTH_CHECK_INTERVAL for efficiency
# Examples: 15m, 30m, 1h
# ATCR_HEALTH_CACHE_TTL=15m
# ==============================================================================
# Jetstream Configuration (ATProto event streaming)
# ==============================================================================
# Jetstream WebSocket URL for real-time ATProto events
# Default: wss://jetstream2.us-west.bsky.network/subscribe
# JETSTREAM_URL=wss://jetstream2.us-west.bsky.network/subscribe
# Enable backfill worker to sync historical records (default: false)
# Set to "true" to enable periodic syncing of ATProto records
# ATCR_BACKFILL_ENABLED=true
# ATProto relay endpoint for backfill sync API
# Default: https://relay1.us-east.bsky.network
# ATCR_RELAY_ENDPOINT=https://relay1.us-east.bsky.network
# Backfill interval (default: 1h)
# Examples: 30m, 1h, 2h, 24h
# ATCR_BACKFILL_INTERVAL=1h
Reference in New Issue View Git Blame Copy Permalink