first commit
This commit is contained in:
juanatsap
@@ -0,0 +1,62 @@
|
||||
# Environment Configuration Example
|
||||
# Copy this file to .env and customize as needed
|
||||
|
||||
# Server Configuration
|
||||
PORT=1999
|
||||
HOST=localhost
|
||||
GO_ENV=development
|
||||
|
||||
# Template Configuration
|
||||
TEMPLATE_DIR=templates
|
||||
PARTIALS_DIR=templates/partials
|
||||
TEMPLATE_HOT_RELOAD=true
|
||||
|
||||
# Data Configuration
|
||||
DATA_DIR=data
|
||||
|
||||
# Server Timeouts (seconds)
|
||||
READ_TIMEOUT=15
|
||||
WRITE_TIMEOUT=15
|
||||
|
||||
# Security Configuration
|
||||
# Allowed origins for API access (comma-separated domains)
|
||||
# Prevents external sites from accessing your API/PDF endpoint
|
||||
#
|
||||
# DEFAULT: If empty, defaults to juan.andres.morenorub.io (the CV site domain)
|
||||
# Plus localhost and 127.0.0.1 are always allowed in development
|
||||
#
|
||||
# For custom domains in production: ALLOWED_ORIGINS=yourdomain.com,www.yourdomain.com
|
||||
# Multiple domains: ALLOWED_ORIGINS=domain1.com,domain2.com,www.domain1.com
|
||||
ALLOWED_ORIGINS=
|
||||
|
||||
# Rate Limiter Configuration
|
||||
# CRITICAL: Prevents IP spoofing attacks that bypass rate limiting
|
||||
#
|
||||
# BEHIND_PROXY: Set to true ONLY if behind a trusted reverse proxy (nginx, caddy, cloudflare)
|
||||
# - Development (default): false - Uses RemoteAddr only, immune to header spoofing
|
||||
# - Production behind proxy: true - Trusts X-Forwarded-For from proxy
|
||||
#
|
||||
# TRUSTED_PROXY_IP: Optional - IP address of your reverse proxy
|
||||
# - If set, only X-Forwarded-For headers from this IP are trusted
|
||||
# - Example: 127.0.0.1 (for local nginx), 10.0.0.1 (for load balancer)
|
||||
# - Leave empty to trust X-Forwarded-For from any source (less secure)
|
||||
#
|
||||
# Security Impact:
|
||||
# - BEHIND_PROXY=false (dev): Ignores all X-Forwarded-For headers, uses actual connection IP
|
||||
# - BEHIND_PROXY=true (prod): Trusts proxy, extracts client IP from X-Forwarded-For
|
||||
# - Logs all suspicious spoofing attempts for security monitoring
|
||||
#
|
||||
BEHIND_PROXY=false
|
||||
TRUSTED_PROXY_IP=
|
||||
|
||||
# Production Settings
|
||||
# Uncomment for production:
|
||||
# GO_ENV=production
|
||||
# TEMPLATE_HOT_RELOAD=false
|
||||
# READ_TIMEOUT=30
|
||||
# WRITE_TIMEOUT=30
|
||||
# ALLOWED_ORIGINS=yourdomain.com,www.yourdomain.com
|
||||
#
|
||||
# Production behind reverse proxy:
|
||||
# BEHIND_PROXY=true
|
||||
# TRUSTED_PROXY_IP=127.0.0.1
|
||||
Reference in New Issue
Block a user