# Environment Configuration Example # Copy this file to .env and customize as needed # Server Configuration PORT=1999 HOST=localhost GO_ENV=development # Template Configuration TEMPLATE_DIR=templates PARTIALS_DIR=templates/partials TEMPLATE_HOT_RELOAD=true # Data Configuration DATA_DIR=data # Server Timeouts (seconds) # Write timeout must accommodate local LLM response times (Ollama ~60s for tool-calling queries) READ_TIMEOUT=15 WRITE_TIMEOUT=120 # Security Configuration # Allowed origins for API access (comma-separated domains) # Prevents external sites from accessing your API/PDF endpoint # # DEFAULT: If empty, defaults to juan.andres.morenorub.io (the CV site domain) # Plus localhost and 127.0.0.1 are always allowed in development # # For custom domains in production: ALLOWED_ORIGINS=yourdomain.com,www.yourdomain.com # Multiple domains: ALLOWED_ORIGINS=domain1.com,domain2.com,www.domain1.com ALLOWED_ORIGINS= # Rate Limiter Configuration # CRITICAL: Prevents IP spoofing attacks that bypass rate limiting # # BEHIND_PROXY: Set to true ONLY if behind a trusted reverse proxy (nginx, caddy, cloudflare) # - Development (default): false - Uses RemoteAddr only, immune to header spoofing # - Production behind proxy: true - Trusts X-Forwarded-For from proxy # # TRUSTED_PROXY_IP: Optional - IP address of your reverse proxy # - If set, only X-Forwarded-For headers from this IP are trusted # - Example: 127.0.0.1 (for local nginx), 10.0.0.1 (for load balancer) # - Leave empty to trust X-Forwarded-For from any source (less secure) # # Security Impact: # - BEHIND_PROXY=false (dev): Ignores all X-Forwarded-For headers, uses actual connection IP # - BEHIND_PROXY=true (prod): Trusts proxy, extracts client IP from X-Forwarded-For # - Logs all suspicious spoofing attempts for security monitoring # BEHIND_PROXY=false TRUSTED_PROXY_IP= # Email Configuration (Contact Form) # # Supported providers: # # DreamHost (port 465 - SSL): # SMTP_HOST=smtp.dreamhost.com # SMTP_PORT=465 # SMTP_USER=your-email@yourdomain.com # SMTP_PASSWORD=your-email-password # SMTP_FROM_EMAIL=your-email@yourdomain.com # # Gmail (port 587 - TLS): # 1. Enable 2FA in your Google account # 2. Go to https://myaccount.google.com/apppasswords # 3. Generate an App Password # SMTP_HOST=smtp.gmail.com # SMTP_PORT=587 # SMTP_USER=your-email@gmail.com # SMTP_PASSWORD=your-app-password-here # SMTP_FROM_EMAIL=your-email@gmail.com # # Port 465 = SSL (direct TLS connection) # Port 587 = TLS/STARTTLS (upgrades to TLS) # SMTP_HOST=smtp.dreamhost.com SMTP_PORT=465 SMTP_USER=your-email@yourdomain.com SMTP_PASSWORD=your-password SMTP_FROM_EMAIL=your-email@yourdomain.com CONTACT_EMAIL=recipient@example.com # Chat AI Configuration # # MODEL_PROVIDER: "gemini" (default) or "ollama" # MODEL_PROVIDER=gemini # # Gemini settings (when MODEL_PROVIDER=gemini): # GOOGLE_API_KEY=your-google-api-key # MODEL_NAME=gemini-2.5-flash # # Ollama settings (when MODEL_PROVIDER=ollama): # OLLAMA_HOST=http://localhost:11434 # OLLAMA_MODEL=glm-4.7-flash # Production Settings # Uncomment for production: # GO_ENV=production # TEMPLATE_HOT_RELOAD=false # READ_TIMEOUT=30 # WRITE_TIMEOUT=30 # ALLOWED_ORIGINS=yourdomain.com,www.yourdomain.com # # Production behind reverse proxy: # BEHIND_PROXY=true # TRUSTED_PROXY_IP=127.0.0.1