-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path.env.example
More file actions
64 lines (50 loc) · 3.88 KB
/
.env.example
File metadata and controls
64 lines (50 loc) · 3.88 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# ── Server ────────────────────────────────────────────────────────────────────
HOST=0.0.0.0
PORT=3030
# ── Authentication ────────────────────────────────────────────────────────────
# Plain-text username used for login (case-insensitive, trimmed).
AUTH_USERNAME=admin
# To generate a password hash and salt, run:
# node -e "const crypto = require('crypto'); const salt = crypto.randomBytes(16).toString('hex'); const hash = crypto.scryptSync('YOUR_PASSWORD', Buffer.from(salt,'hex'), 64).toString('hex'); console.log('AUTH_PASSWORD_SALT=' + salt); console.log('AUTH_PASSWORD_HASH=' + hash);"
AUTH_PASSWORD_SALT=MUST_BE_SET
AUTH_PASSWORD_HASH=MUST_BE_SET
# ── Session ───────────────────────────────────────────────────────────────────
# Session lifetime in milliseconds (default: 8 hours).
SESSION_TTL_MS=28800000
# ── Rate Limiting ─────────────────────────────────────────────────────────────
# Minimum response time for login requests (timing-attack mitigation).
AUTH_MIN_RESPONSE_MS=900
# Sliding window for counting login attempts per identity.
LOGIN_WINDOW_MS=600000
LOGIN_MAX_REQUESTS=12
# Failure-based lockout: 3 consecutive failed logins within
# LOGIN_FAILURE_WINDOW_MS lock the client out for LOGIN_MAX_LOCKOUT_MS.
LOGIN_FAILURE_WINDOW_MS=1800000
LOGIN_MAX_LOCKOUT_MS=43200000
# Unauthenticated access rate limiting (applies to all protected routes).
# After UNAUTH_MAX_REQUESTS unauthenticated hits within UNAUTH_WINDOW_MS,
# subsequent requests are delayed by UNAUTH_PENALTY_MS and receive 429.
UNAUTH_WINDOW_MS=60000
UNAUTH_MAX_REQUESTS=2
UNAUTH_PENALTY_MS=5000
# ── Cookies / Proxy ──────────────────────────────────────────────────────────
# "auto" (default) | "always" | "never"
COOKIE_SECURE=auto
# Set to "1" if behind a reverse proxy that sets X-Forwarded-For / X-Forwarded-Proto.
TRUST_PROXY=0
# ── Logs ──────────────────────────────────────────────────────────────────────
# Maximum bytes to read from each PM2 log file (default: 5 MB).
MAX_LOG_BYTES_PER_FILE=5242880
# ── Monitoring Retention ───────────────────────────────────────────────────────
# How long CPU/memory metric samples are kept (default: 24 hours = 86400000 ms).
METRICS_RETENTION_MS=86400000
# How long stored log entries are kept (default: 14 days = 1209600000 ms).
LOGS_RETENTION_MS=1209600000
# ── Database ──────────────────────────────────────────────────────────────────
# Directory where the SQLite database is stored. The file pm2-hawkeye.db is
# created automatically inside this directory. Defaults to ./data.
SQLITE_DB_PATH=./data
# ── Deployments ───────────────────────────────────────────────────────────────
# Base directory where deployed apps are cloned. Each app gets its own
# subdirectory named after the PM2 process name. Defaults to ./apps.
DEPLOY_BASE_DIR=./apps