-
Notifications
You must be signed in to change notification settings - Fork 27
/
.env
66 lines (52 loc) · 2.05 KB
/
.env
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
# Environment Config
PORT=3000
DATABASE_URL=
REDIS_URL=
AUTO_MIGRATE=1
AUTO_SEED=0
# Backend Config
HOMEPAGE=
BASE_URL=
## Set to true/false to trust proxy according to https://github.com/jshttp/proxy-addr:
## true means taking the leftmost åddress of X-Forwarded-For (XFF);
## false means taking the remote address;
## a string means comma-delimited list of trusted proxy addresses;
## there are 3 pre-configured subnet names:
## - loopback - 127.0.0.1/8, ::1/128
## - linklocal - 169.254.0.0/16, fe80::/10
## - uniquelocal - 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, fc00::/7
TRUST_PROXY=loopback,linklocal,uniquelocal
SESSION_DURATION=9 hours
SESSION_SECRET=
## This is a shorter term rate limit, meant to account for "bursty" request patterns
RATE_LIMIT_SHORT_WINDOW=1 min
RATE_LIMIT_SHORT_MAX=100
## This is the longer term rate limit, meant to generally limit the abuse of authentication and APIs
RATE_LIMIT_LONG_WINDOW=15 min
RATE_LIMIT_LONG_MAX=200
## How long to wait before the backend gives up scraping a link
LINK_TIMEOUT=15 seconds
## How long the cache should last for a redirect/301
CACHE_MAX_AGE=10 years
## OIDC/Session Config - customize this to fit with your identity provider.
OIDC_CLIENT_ID=
OIDC_ISSUER_BASE_URL=
OIDC_HTTP_TIMEOUT=15 seconds
### Optional OIDC Config - the values here will work for most people; however, in some cases, you may need to set the secret.
OIDC_CLIENT_SECRET=
OIDC_TOKEN_ENDPOINT_AUTH_METHOD=none
## OAuth2 Config for API access to Blink; disable if you don't use this
OAUTH2_ENABLED=true
OAUTH2_JWT_ALGORITHMS=RS256
OAUTH2_JWT_AUDIENCE=
OAUTH2_JWT_ISSUER=
OAUTH2_JWT_SECRET=
### You can either specify a static secret or dynamically load the secret to the JWT token using JWKS.
### Setting OAUTH2_JWT_SECRET will use static secret, otherwise it will use dynamic secrets (recommended).
OAUTH2_JWKS_URI=
OAUTH2_JWKS_HTTP_TIMEOUT=15 seconds
OAUTH2_JWKS_REQUESTS_PER_MINUTE=10
## This will determine the default scope assigned to OAuth2 tokens
OAUTH2_DEFAULT_SCOPE=user:create user:read link:*
# Frontend config
REACT_APP_BASE_URL=$BASE_URL