thegrind/authentikate
4
0
Fork 0
generated from thegrind/laravel-dockerized
Code Issues Pull Requests Actions Packages Projects Releases 5 Wiki Activity
authentikate/docs/config/environment.md
Javier Feliz 9db9b0f6b3
All checks were successful
linter / quality (push) Successful in 3m34s
Details
tests / ci (push) Successful in 7m10s
Details
Got claude started on the docs. Will have to update them heavily
2025-08-03 00:23:06 -04:00

402 lines
6.7 KiB
Markdown
Raw Blame History

# Environment Variables
AuthentiKate is configured through environment variables. This page covers all available configuration options.
## Core Application Settings
### APP_URL
**Required** - The URL where AuthentiKate is accessible.
```bash
APP_URL=https://auth.yourdomain.com
```
::: warning
This URL must match exactly how users access AuthentiKate. OAuth redirects and JWT tokens depend on this value.
:::
### APP_ENV
**Default**: `production`
```bash
APP_ENV=production # or 'local' for development
```
### APP_DEBUG
**Default**: `false`
```bash
APP_DEBUG=false # Set to 'true' only for debugging
```
::: danger
Never set `APP_DEBUG=true` in production as it exposes sensitive information.
:::
### APP_KEY
**Auto-generated** - Laravel application key for encryption.
```bash
APP_KEY=base64:generated-key-here
```
The key is automatically generated on first run. Do not change this after deployment as it will invalidate existing sessions and tokens.
## Database Configuration
### SQLite (Default)
```bash
DB_CONNECTION=sqlite
DB_DATABASE=/var/www/html/storage/database/database.sqlite
```
### PostgreSQL
```bash
DB_CONNECTION=pgsql
DB_HOST=postgres
DB_PORT=5432
DB_DATABASE=authentikate
DB_USERNAME=authentikate
DB_PASSWORD=secure_password
```
### MySQL/MariaDB
```bash
DB_CONNECTION=mysql
DB_HOST=mysql
DB_PORT=3306
DB_DATABASE=authentikate
DB_USERNAME=authentikate
DB_PASSWORD=secure_password
```
## Email Configuration
Email is used for user invitations, password resets, and verification.
### SMTP
```bash
MAIL_MAILER=smtp
MAIL_HOST=smtp.gmail.com
MAIL_PORT=587
MAIL_USERNAME=your-email@gmail.com
MAIL_PASSWORD=your-app-password
MAIL_ENCRYPTION=tls
MAIL_FROM_ADDRESS=auth@yourdomain.com
MAIL_FROM_NAME="AuthentiKate"
```
### Common SMTP Providers
#### Gmail
```bash
MAIL_MAILER=smtp
MAIL_HOST=smtp.gmail.com
MAIL_PORT=587
MAIL_USERNAME=your-email@gmail.com
MAIL_PASSWORD=your-app-password # Use App Password, not regular password
MAIL_ENCRYPTION=tls
```
#### Outlook/Hotmail
```bash
MAIL_MAILER=smtp
MAIL_HOST=smtp-mail.outlook.com
MAIL_PORT=587
MAIL_USERNAME=your-email@outlook.com
MAIL_PASSWORD=your-password
MAIL_ENCRYPTION=tls
```
#### SendGrid
```bash
MAIL_MAILER=smtp
MAIL_HOST=smtp.sendgrid.net
MAIL_PORT=587
MAIL_USERNAME=apikey
MAIL_PASSWORD=your-sendgrid-api-key
MAIL_ENCRYPTION=tls
```
#### Mailgun
```bash
MAIL_MAILER=smtp
MAIL_HOST=smtp.mailgun.org
MAIL_PORT=587
MAIL_USERNAME=your-mailgun-username
MAIL_PASSWORD=your-mailgun-password
MAIL_ENCRYPTION=tls
```
### Disable Email
```bash
MAIL_MAILER=log # Emails will be written to logs instead of sent
```
## Cache Configuration
### Redis (Recommended for Production)
```bash
CACHE_DRIVER=redis
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=your-redis-password
```
### File Cache (Default)
```bash
CACHE_DRIVER=file
```
### Database Cache
```bash
CACHE_DRIVER=database
```
## Session Configuration
### Redis Sessions (Recommended for Production)
```bash
SESSION_DRIVER=redis
SESSION_LIFETIME=120 # Minutes
```
### File Sessions (Default)
```bash
SESSION_DRIVER=file
SESSION_LIFETIME=120
```
### Database Sessions
```bash
SESSION_DRIVER=database
```
## Security Settings
### SSL/HTTPS
```bash
# Force HTTPS redirects
FORCE_HTTPS=true
# Set secure cookie settings
SESSION_SECURE_COOKIE=true
SANCTUM_STATEFUL_DOMAINS=auth.yourdomain.com
```
### CORS Configuration
```bash
# Allow CORS for your domains
CORS_ALLOWED_ORIGINS=https://yourdomain.com,https://app.yourdomain.com
```
## Logging
### Log Level
```bash
LOG_LEVEL=info # debug, info, notice, warning, error, critical, alert, emergency
```
### Log Channel
```bash
LOG_CHANNEL=stack # single, daily, slack, syslog, errorlog
```
### Daily Log Rotation
```bash
LOG_CHANNEL=daily
LOG_DAILY_DAYS=14 # Keep logs for 14 days
```
## Queue Configuration
For background job processing:
### Redis Queue
```bash
QUEUE_CONNECTION=redis
```
### Database Queue
```bash
QUEUE_CONNECTION=database
```
### Sync Queue (Default)
```bash
QUEUE_CONNECTION=sync # Process jobs immediately
```
## OAuth/OIDC Settings
### Token Lifetimes
```bash
# Access token lifetime (in minutes)
OAUTH_ACCESS_TOKEN_LIFETIME=60
# Refresh token lifetime (in days)
OAUTH_REFRESH_TOKEN_LIFETIME=30
# Authorization code lifetime (in minutes)
OAUTH_AUTHORIZATION_CODE_LIFETIME=10
```
### JWT Configuration
```bash
# JWT algorithm (default: RS256)
JWT_ALGORITHM=RS256
# Key paths (automatically set)
OAUTH_PRIVATE_KEY_PATH=storage/oauth/private.pem
OAUTH_PUBLIC_KEY_PATH=storage/oauth/public.pem
```
## Performance Settings
### PHP Configuration
```bash
# Memory limit
PHP_MEMORY_LIMIT=256M
# Upload limits
PHP_UPLOAD_MAX_FILESIZE=10M
PHP_POST_MAX_SIZE=10M
# Execution time
PHP_MAX_EXECUTION_TIME=300
```
### Application Optimization
```bash
# Enable optimizations for production
APP_OPTIMIZE=true
# Cache configuration
CONFIG_CACHE=true
ROUTE_CACHE=true
VIEW_CACHE=true
```
## Development Settings
These should only be used in development environments:
```bash
APP_ENV=local
APP_DEBUG=true
LOG_LEVEL=debug
# Disable HTTPS for local development
FORCE_HTTPS=false
SESSION_SECURE_COOKIE=false
```
## Complete Production Example
Here's a complete environment configuration for production:
```bash
# Application
APP_ENV=production
APP_DEBUG=false
APP_URL=https://auth.yourdomain.com
FORCE_HTTPS=true
# Database
DB_CONNECTION=pgsql
DB_HOST=postgres
DB_DATABASE=authentikate
DB_USERNAME=authentikate
DB_PASSWORD=secure_database_password
# Email
MAIL_MAILER=smtp
MAIL_HOST=smtp.gmail.com
MAIL_PORT=587
MAIL_USERNAME=auth@yourdomain.com
MAIL_PASSWORD=gmail_app_password
MAIL_ENCRYPTION=tls
MAIL_FROM_ADDRESS=auth@yourdomain.com
MAIL_FROM_NAME="Your Company Auth"
# Cache & Sessions
CACHE_DRIVER=redis
SESSION_DRIVER=redis
REDIS_HOST=redis
REDIS_PASSWORD=secure_redis_password
# Security
SESSION_SECURE_COOKIE=true
SESSION_LIFETIME=120
SANCTUM_STATEFUL_DOMAINS=yourdomain.com
# Performance
LOG_LEVEL=warning
LOG_CHANNEL=daily
LOG_DAILY_DAYS=30
```
## Docker Compose Integration
Add environment variables to your `docker-compose.yml`:
```yaml
services:
authentikate:
image: authentikate/authentikate:latest
environment:
- APP_URL=https://auth.yourdomain.com
- APP_ENV=production
- DB_CONNECTION=pgsql
- DB_HOST=postgres
- MAIL_MAILER=smtp
- MAIL_HOST=smtp.gmail.com
# ... other variables
env_file:
- .env # Or load from file
```
## Environment File
Create a `.env` file for easier management:
```bash
# Create environment file
cat > .env << 'EOF'
APP_URL=https://auth.yourdomain.com
APP_ENV=production
DB_CONNECTION=pgsql
# ... other settings
EOF
# Reference in docker-compose.yml
services:
authentikate:
env_file: .env
```
::: tip
Keep your `.env` file secure and never commit it to version control.
:::
Reference in New Issue View Git Blame Copy Permalink