-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
273 lines (214 loc) · 8.07 KB
/
.env.example
File metadata and controls
273 lines (214 loc) · 8.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
# MarchProxy Environment Configuration Example
# Copy this file to .env and customize for your environment
# IMPORTANT: Never commit actual secrets - only use for local development
# ==============================================================================
# DATABASE CONFIGURATION
# ==============================================================================
# PostgreSQL connection
POSTGRES_PASSWORD=marchproxy123
DATABASE_URL=postgresql+asyncpg://marchproxy:marchproxy123@postgres:5432/marchproxy
# Database connection pooling
DB_POOL_SIZE=20
DB_MAX_OVERFLOW=10
# ==============================================================================
# REDIS CONFIGURATION
# ==============================================================================
# Redis cache
REDIS_PASSWORD=redis123
REDIS_URL=redis://:redis123@redis:6379/0
REDIS_DATABASE=0
REDIS_SSL=false
REDIS_POOL_SIZE=10
# ==============================================================================
# APPLICATION SECURITY
# ==============================================================================
# Secret key for token generation (CHANGE THIS IN PRODUCTION!)
SECRET_KEY=your-secret-key-change-this
# Token expiration settings
ACCESS_TOKEN_EXPIRE_MINUTES=60
REFRESH_TOKEN_EXPIRE_DAYS=7
# License configuration
LICENSE_KEY=
LICENSE_SERVER_URL=https://license.penguintech.io
LICENSE_CHECK_INTERVAL=24
LICENSE_OFFLINE_GRACE=7
# ==============================================================================
# API SERVER CONFIGURATION
# ==============================================================================
# Debugging and logging
DEBUG=false
LOG_LEVEL=info
MARCHPROXY_ENV=production
# API server settings
XDS_GRPC_PORT=18000
XDS_GRPC_BIND=0.0.0.0:18000
# CORS configuration
CORS_ORIGINS=http://localhost:3000,http://webui:3000,http://localhost:8000
# ==============================================================================
# PROXY L7 (ENVOY) CONFIGURATION
# ==============================================================================
# Envoy proxy settings
ENVOY_LOG_LEVEL=info
NUM_WORKERS=4
BUFFER_SIZE=1024
# Cluster API key (shared between all proxies)
CLUSTER_API_KEY=default-api-key
# Network acceleration (L7)
ENABLE_XDP=false
ENABLE_EBPF_L7=true
# ==============================================================================
# PROXY L3/L4 (GO) CONFIGURATION
# ==============================================================================
# Proxy L3/L4 identification
PROXY_L3L4_NAME=proxy-l3l4-1
# Listen ports
LISTEN_PORT=8081
ADMIN_PORT=8082
# Network acceleration (L3/L4)
ENABLE_EBPF=true
ENABLE_XDP=false
ENABLE_AF_XDP=false
ENABLE_NUMA=false
NUMA_NODE=0
# Performance tuning
CONNECTION_POOL_SIZE=1000
# Traffic shaping (Enterprise feature)
TRAFFIC_SHAPING_ENABLED=false
RATE_LIMIT_ENABLED=false
RATE_LIMIT_RPS=10000
# Multi-cloud routing (Enterprise feature)
MULTI_CLOUD_ENABLED=false
HEALTH_CHECK_ENABLED=false
HEALTH_CHECK_INTERVAL=30
# Zero-trust security (Enterprise feature)
ZERO_TRUST_ENABLED=false
# ==============================================================================
# OBSERVABILITY & MONITORING
# ==============================================================================
# Jaeger distributed tracing
JAEGER_ENABLED=true
# Prometheus metrics
ENABLE_METRICS=true
# Metrics retention
METRICS_RETENTION_DAYS=30
LOGS_RETENTION_DAYS=7
TRACES_RETENTION_DAYS=3
# Grafana
GRAFANA_PASSWORD=admin123
# ==============================================================================
# LOGGING & SYSLOG
# ==============================================================================
# Syslog configuration
SYSLOG_ENABLED=true
SYSLOG_HOST=logstash
SYSLOG_PORT=5514
SYSLOG_PROTOCOL=udp
SYSLOG_FACILITY=local0
SYSLOG_TAG=marchproxy
# ==============================================================================
# SMTP & ALERTING
# ==============================================================================
# SMTP configuration
SMTP_HOST=localhost
SMTP_PORT=587
SMTP_USERNAME=
SMTP_PASSWORD=
SMTP_FROM=marchproxy@company.com
SMTP_USE_TLS=true
SMTP_USE_SSL=false
# Alert recipients
ALERT_EMAIL_DEFAULT=ops-team@company.com
ALERT_EMAIL_CRITICAL=critical-alerts@company.com
ALERT_EMAIL_LICENSE=license-admin@company.com
ALERT_EMAIL_PERFORMANCE=performance-team@company.com
ALERT_EMAIL_SECURITY=security-team@company.com
# Slack integration
SLACK_WEBHOOK_URL=
# PagerDuty integration
PAGERDUTY_URL=
# ==============================================================================
# CONFIGURATION SYNCHRONIZATION
# ==============================================================================
# Config sync service
CONFIG_SYNC_INTERVAL=300
# ==============================================================================
# WEB UI CONFIGURATION
# ==============================================================================
# React UI settings
NODE_ENV=production
VITE_API_URL=http://api-server:8000
VITE_JAEGER_URL=http://jaeger:16686
# ==============================================================================
# FEATURE FLAGS
# ==============================================================================
# Optional features (requires Enterprise license)
ENABLE_SAML=false
ENABLE_OAUTH2=false
ENABLE_SCIM=false
# Optional acceleration (requires compatible hardware)
ENABLE_DPDK=false
ENABLE_SR_IOV=false
# ==============================================================================
# TLS/mTLS CONFIGURATION
# ==============================================================================
# mTLS certificate paths (in containers)
MTLS_ENABLED=false
MTLS_SERVER_CERT_PATH=/app/certs/server-cert.pem
MTLS_SERVER_KEY_PATH=/app/certs/server-key.pem
MTLS_CLIENT_CA_PATH=/app/certs/ca.pem
MTLS_CLIENT_CERT_PATH=/app/certs/client-cert.pem
MTLS_CLIENT_KEY_PATH=/app/certs/client-key.pem
MTLS_REQUIRE_CLIENT_CERT=true
MTLS_VERIFY_CLIENT_CERT=true
# ==============================================================================
# PROXY-SPECIFIC NAMES
# ==============================================================================
# Proxy identifiers
PROXY_EGRESS_NAME=proxy-egress-1
PROXY_INGRESS_NAME=proxy-ingress-1
PROXY_L7_NAME=proxy-l7-1
PROXY_L3L4_NAME=proxy-l3l4-1
# ==============================================================================
# INGRESS PROXY CONFIGURATION
# ==============================================================================
# Load balancing
LOAD_BALANCER_ALGORITHM=round_robin
HEALTH_CHECK_ENABLED=true
HEALTH_CHECK_INTERVAL=30
HEALTH_CHECK_TIMEOUT=5
# DDoS protection
DDOS_PROTECTION_ENABLED=true
# ==============================================================================
# ELASTICSEARCH (ELK Stack)
# ==============================================================================
# Elasticsearch configuration
ELASTICSEARCH_HOSTS=http://elasticsearch:9200
# ==============================================================================
# KUBERNETES (if deploying to K8s)
# ==============================================================================
# Namespace for K8s deployment
KUBE_NAMESPACE=marchproxy
# ==============================================================================
# DEVELOPMENT FLAGS
# ==============================================================================
# Only for development - never use in production
DEV_MODE=false
SKIP_LICENSE_CHECK=false
SKIP_VALIDATION=false
# ==============================================================================
# NOTES
# ==============================================================================
# Production Security Checklist:
# [ ] Change SECRET_KEY to a strong random value
# [ ] Set POSTGRES_PASSWORD to a strong password
# [ ] Set REDIS_PASSWORD to a strong password
# [ ] Configure actual SMTP settings for alerts
# [ ] Set up SLACK_WEBHOOK_URL if using Slack
# [ ] Enable MTLS_ENABLED if supporting client authentication
# [ ] Configure LICENSE_KEY for Enterprise features
# [ ] Set LOG_LEVEL to 'warn' in production
# [ ] Enable rate limiting for API endpoints
# [ ] Set up proper monitoring and alerting
# [ ] Configure backup strategies for postgres_data
# [ ] Test disaster recovery procedures
# [ ] Document all environment-specific overrides