mirror of
https://github.com/doolijb/serene-pub.git
synced 2026-07-19 20:53:27 +00:00
116 lines
No EOL
5.7 KiB
Text
116 lines
No EOL
5.7 KiB
Text
# Serene Pub 0.5.0 - Development Configuration
|
|
# Copy this file to .env to customize development settings
|
|
|
|
# ===========================================
|
|
# APPLICATION DATA DIRECTORY
|
|
# ===========================================
|
|
# Override default data directory for development
|
|
# Default: Uses OS-appropriate directories
|
|
# Example for local development:
|
|
# SERENE_PUB_DATA_DIR=./dev-data
|
|
|
|
# ===========================================
|
|
# WEBSOCKET CONFIGURATION
|
|
# ===========================================
|
|
# By default the socket endpoint the browser connects to is auto-detected
|
|
# per-request from the page's own protocol/host — this is usually all you
|
|
# need, including for a reverse proxy/tunnel, AS LONG AS HOST_HEADER below is
|
|
# set so the app sees the real client-facing hostname.
|
|
|
|
# Hostnames that should always be told to use https for the socket
|
|
# connection, even if the request otherwise looks like plain http (eg.
|
|
# adapter-node doesn't trust PROTOCOL_HEADER, or it isn't set). Comma-
|
|
# separated. This is the recommended fix for "mixed content" socket errors
|
|
# when a domain is only ever reached through a TLS-terminating reverse
|
|
# proxy/tunnel — set it once here and the app will use https for that
|
|
# hostname specifically, while still auto-detecting plain http correctly for
|
|
# direct/local access (eg. http://localhost:3000) without needing to flip
|
|
# any setting between the two.
|
|
# SOCKETS_HTTPS_HOSTS=example.com,tunnel.example.com
|
|
|
|
# Extra hostnames allowed to open a connection to the socket server, on top
|
|
# of the automatic default: any origin whose hostname matches the hostname a
|
|
# request actually arrived on is always allowed (a same-site browser tab is
|
|
# inherently "cross-port, same-hostname" from the socket server's point of
|
|
# view, since it runs on a different port) — this already covers localhost,
|
|
# LAN IPs, and any custom domain with NO configuration needed. You only need
|
|
# this variable for the rarer case where they legitimately differ (eg.
|
|
# PUBLIC_SOCKETS_ENDPOINT pointing at a different hostname than the page
|
|
# itself). Comma-separated, hostname only (no scheme/port).
|
|
# SOCKETS_ALLOWED_ORIGINS=example.com,192.168.1.50
|
|
|
|
# Explicit protocol override, applied to every hostname that ISN'T listed in
|
|
# SOCKETS_HTTPS_HOSTS above. Rarely needed — prefer SOCKETS_HTTPS_HOSTS,
|
|
# since this applies globally regardless of which host the request came in
|
|
# on (eg. would incorrectly force https for local testing too).
|
|
# Default: auto-detected from the request
|
|
# SOCKETS_HTTP_MODE=https
|
|
|
|
# WebSocket server port
|
|
# Default: 3001
|
|
# SOCKETS_PORT=3001
|
|
|
|
# Full override for the URL the browser connects to for the socket server
|
|
# (protocol + host + port — any path is ignored). Takes priority over
|
|
# everything above. Only needed if the socket port genuinely isn't reachable
|
|
# at "<page-host>:<SOCKETS_PORT>" and SOCKETS_HTTPS_HOSTS doesn't cover it.
|
|
# PUBLIC_SOCKETS_ENDPOINT=https://example.com
|
|
|
|
# ===========================================
|
|
# CONTENT SECURITY POLICY
|
|
# ===========================================
|
|
# The app ships a strict-by-default CSP. These let you add extra allowed
|
|
# sources for content injected by your hosting layer that isn't part of the
|
|
# app itself — most commonly Cloudflare's "Browser Insights" beacon
|
|
# (static.cloudflareinsights.com), auto-injected into HTML responses when a
|
|
# zone is proxied through Cloudflare with that feature on. Prefer disabling
|
|
# such features in your CDN/proxy dashboard over widening these, since it's
|
|
# an injected script this app has no control over — but the escape hatch is
|
|
# here for cases where that isn't an option. Comma-separated.
|
|
# CSP_EXTRA_SCRIPT_SRC=https://static.cloudflareinsights.com
|
|
# CSP_EXTRA_STYLE_SRC=
|
|
# CSP_EXTRA_CONNECT_SRC=
|
|
|
|
# ===========================================
|
|
# REVERSE PROXY / TUNNEL (HTTPS termination in front of the app)
|
|
# ===========================================
|
|
# By default adapter-node does NOT trust forwarded headers (Node sees every
|
|
# request as plain HTTP, since that's genuinely how the proxy talks to it).
|
|
# HOST_HEADER lets the app see the real client-facing hostname (needed for
|
|
# SOCKETS_HTTPS_HOSTS above to match correctly, and for the app generally).
|
|
# PROTOCOL_HEADER lets it see the real client-facing protocol too — useful
|
|
# for SvelteKit's own URL/origin handling generally, but NOT required just
|
|
# for the socket endpoint if you're using SOCKETS_HTTPS_HOSTS instead.
|
|
# PROTOCOL_HEADER=x-forwarded-proto
|
|
# HOST_HEADER=x-forwarded-host
|
|
|
|
# ===========================================
|
|
# DEVELOPMENT DATABASE (External PostgreSQL)
|
|
# ===========================================
|
|
# These are only used when connecting to external PostgreSQL for development
|
|
# Production uses embedded PGlite automatically
|
|
|
|
# PostgreSQL connection for development
|
|
# DATABASE_PORT=5432
|
|
# POSTGRES_USER=postgres
|
|
# POSTGRES_PASSWORD=password
|
|
|
|
# ===========================================
|
|
# DEVELOPMENT OPTIONS
|
|
# ===========================================
|
|
# Automatically open browser on startup (default: enabled)
|
|
# Set to 1 to disable automatic browser opening
|
|
# SERENE_AUTO_OPEN=1
|
|
|
|
# ===========================================
|
|
# COMMUNITY LIBRARY / EXTERNAL CARD SOURCES
|
|
# ===========================================
|
|
# Some external character card sources (eg. CharaVault) can optionally
|
|
# include NSFW/adult content in browse results. By default Serene Pub always
|
|
# excludes it and never surfaces the option to include it, regardless of
|
|
# what the connected CharaVault account's own settings allow. Setting this
|
|
# enables the "include NSFW" toggle in Character Library browsing (still off
|
|
# by default even once enabled) and allows outbound search requests to ask
|
|
# for NSFW-inclusive results when a user turns it on.
|
|
# Default: unset (NSFW browsing option is hidden entirely)
|
|
# ENABLE_UNSAFE_CHARACTER_BROWSING=true |