Files
Momento/.env.docker.example
Sepehr Ramezani 97163bfb89
Some checks failed
Deploy to Production / Deploy to 192.168.1.190 (push) Has been cancelled
fix: production deployment hardening
Docker:
- Restrict PostgreSQL port to 127.0.0.1 only (not exposed to LAN)
- Add APP_BASE_URL for MCP server to reach Next.js via Docker network
- Fix MCP healthcheck (remove always-passing fallback)
- Add resource limits to mcp-server container

Dockerfile:
- Remove full node_modules copy (standalone already includes deps)
  Reduces image size by ~500MB+

Config:
- Add MCP_SERVER_MODE and MCP_SERVER_URL to deploy.sh and .env.docker.example
- Deploy script now auto-sets MCP_SERVER_URL based on NEXTAUTH_URL

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-04-21 23:09:22 +02:00

105 lines
4.5 KiB
Plaintext

# =============================================================================
# Memento - Docker Environment Configuration
# =============================================================================
# Copy this file to .env.docker and update with your values.
# This file is read by docker-compose.yml via env_file directive.
# cp .env.docker.example .env.docker
# =============================================================================
# APPLICATION URL (REQUIRED)
# =============================================================================
# Change to your server IP or domain
# Examples:
# IP: http://192.168.1.190:3000
# Domain: http://notes.yourdomain.com
# HTTPS: https://notes.yourdomain.com
NEXTAUTH_URL="http://localhost:3000"
# =============================================================================
# AUTHENTICATION SECRET (REQUIRED)
# =============================================================================
# Generate with: openssl rand -base64 32
NEXTAUTH_SECRET="changethisinproduction"
# =============================================================================
# REGISTRATION
# =============================================================================
# Set to "false" to disable public registration (default: true)
# ALLOW_REGISTRATION=true
# =============================================================================
# POSTGRESQL CONFIGURATION
# =============================================================================
POSTGRES_PORT=5432
POSTGRES_DB=memento
POSTGRES_USER=memento
POSTGRES_PASSWORD=memento
# =============================================================================
# MCP SERVER CONFIGURATION
# =============================================================================
# Mode: 'stdio' (Claude Desktop, Cline) or 'sse' (N8N, HTTP)
MCP_MODE="stdio"
MCP_PORT="3001"
# Frontend MCP settings (for the MCP settings panel in the web UI)
# MCP_SERVER_MODE="sse"
# MCP_SERVER_URL="http://YOUR_IP:3001"
# =============================================================================
# AI PROVIDER - TAGS GENERATION
# =============================================================================
# Options: ollama, openai, custom
AI_PROVIDER_TAGS=ollama
AI_MODEL_TAGS="granite4:latest"
# =============================================================================
# AI PROVIDER - EMBEDDINGS
# =============================================================================
# Options: ollama, openai, custom
AI_PROVIDER_EMBEDDING=ollama
AI_MODEL_EMBEDDING="embeddinggemma:latest"
# =============================================================================
# AI PROVIDER - CHAT (optional, falls back to AI_PROVIDER_TAGS)
# =============================================================================
# AI_PROVIDER_CHAT=ollama
# AI_MODEL_CHAT="granite4:latest"
# =============================================================================
# OLLAMA CONFIGURATION (if provider = ollama)
# =============================================================================
# Docker service: http://ollama:11434
# Host machine: http://host.docker.internal:11434
# Remote server: http://YOUR_SERVER_IP:11434
OLLAMA_BASE_URL="http://ollama:11434"
# =============================================================================
# OPENAI CONFIGURATION (if provider = openai)
# =============================================================================
# OPENAI_API_KEY="sk-..."
# =============================================================================
# CUSTOM OPENAI-COMPATIBLE PROVIDER (if provider = custom)
# =============================================================================
# Compatible with: OpenRouter, Groq, Together AI, Mistral, etc.
# OpenRouter: https://openrouter.ai/api/v1
# Groq: https://api.groq.com/openai/v1
# Together: https://api.together.xyz/v1
# Mistral: https://api.mistral.ai/v1
# CUSTOM_OPENAI_API_KEY="your-api-key"
# CUSTOM_OPENAI_BASE_URL="https://openrouter.ai/api/v1"
# =============================================================================
# EMAIL / SMTP (optional, required for password reset)
# =============================================================================
# SMTP_HOST="smtp.gmail.com"
# SMTP_PORT="587"
# SMTP_USER="your-email@gmail.com"
# SMTP_PASS="your-app-password"
# SMTP_FROM="noreply@memento.app"
# =============================================================================
# RESEND EMAIL (alternative to SMTP, optional)
# =============================================================================
# RESEND_API_KEY="re_..."