.env.appview.example at vulnerability-scans · evan.jarrett.net/at-container-registry

evan.jarrett.net / at-container-registry
fork
A container registry that uses the AT Protocol for manifest storage and S3 for blob storage. atcr.io
docker container atproto go
fork
at-container-registry / .env.appview.example
at vulnerability-scans 122 lines 4.9 kB view raw
wrap content
Evan Jarrett use confidential oauth in production 6mo ago
6793ba6a
  1# ATCR AppView Configuration
  2# Copy this file to .env.appview and fill in your values
  3# Load with: source .env.appview && ./bin/atcr-appview serve
  4
  5# ==============================================================================
  6# Server Configuration
  7# ==============================================================================
  8
  9# HTTP listen address (default: :5000)
 10ATCR_HTTP_ADDR=:5000
 11
 12# Debug listen address (default: :5001)
 13# ATCR_DEBUG_ADDR=:5001
 14
 15# Base URL for the AppView service (REQUIRED for production)
 16# Used to generate OAuth redirect URIs and JWT realms
 17# Development: Auto-detected from ATCR_HTTP_ADDR (e.g., http://127.0.0.1:5000)
 18# Production: Set to your public URL (e.g., https://atcr.io)
 19# ATCR_BASE_URL=http://127.0.0.1:5000
 20
 21# Service name (used for JWT service/issuer fields)
 22# Default: Derived from base URL hostname, or "atcr.io"
 23# ATCR_SERVICE_NAME=atcr.io
 24
 25# ==============================================================================
 26# Storage Configuration
 27# ==============================================================================
 28
 29# Default hold service DID for users without their own storage (REQUIRED)
 30# Users with a sailor profile defaultHold setting will override this
 31# Format: did:web:hostname[:port]
 32# Docker: did:web:atcr-hold:8080
 33# Local dev: did:web:127.0.0.1:8080
 34# Production: did:web:hold01.atcr.io
 35ATCR_DEFAULT_HOLD_DID=did:web:127.0.0.1:8080
 36
 37# ==============================================================================
 38# Authentication Configuration
 39# ==============================================================================
 40
 41# Path to JWT signing private key (auto-generated if missing)
 42# Default: /var/lib/atcr/auth/private-key.pem
 43# ATCR_AUTH_KEY_PATH=/var/lib/atcr/auth/private-key.pem
 44
 45# Path to JWT signing certificate (auto-generated if missing)
 46# Default: /var/lib/atcr/auth/private-key.crt
 47# ATCR_AUTH_CERT_PATH=/var/lib/atcr/auth/private-key.crt
 48
 49# JWT token expiration in seconds (default: 300 = 5 minutes)
 50# ATCR_TOKEN_EXPIRATION=300
 51
 52# Path to OAuth client P-256 signing key (auto-generated on first run)
 53# Used for confidential OAuth client authentication (production only)
 54# Localhost deployments always use public OAuth clients (no key needed)
 55# Default: /var/lib/atcr/oauth/client.key
 56# ATCR_OAUTH_KEY_PATH=/var/lib/atcr/oauth/client.key
 57
 58# OAuth client display name (shown in authorization screens)
 59# Default: AT Container Registry
 60# ATCR_CLIENT_NAME=AT Container Registry
 61
 62# ==============================================================================
 63# UI Configuration
 64# ==============================================================================
 65
 66# Enable web UI (default: true)
 67# Set to "false" to disable web interface and run registry-only
 68ATCR_UI_ENABLED=true
 69
 70# SQLite database path for UI data (sessions, stars, pull counts, etc.)
 71# Default: /var/lib/atcr/ui.db
 72# ATCR_UI_DATABASE_PATH=/var/lib/atcr/ui.db
 73
 74# Skip database migrations on startup (default: false)
 75# Set to "true" to skip running migrations (useful for tests or fresh databases)
 76# Production: Keep as "false" to ensure migrations are applied
 77SKIP_DB_MIGRATIONS=false
 78
 79# ==============================================================================
 80# Logging Configuration
 81# ==============================================================================
 82
 83# Log level: debug, info, warn, error (default: info)
 84ATCR_LOG_LEVEL=debug
 85
 86# Log formatter: text, json (default: text)
 87# ATCR_LOG_FORMATTER=text
 88
 89# ==============================================================================
 90# Hold Health Check Configuration
 91# ==============================================================================
 92
 93# How often to check health of hold endpoints in the background (default: 15m)
 94# Queries database for unique hold endpoints and checks if they're reachable
 95# Examples: 5m, 15m, 30m, 1h
 96# ATCR_HEALTH_CHECK_INTERVAL=15m
 97
 98# How long to cache health check results (default: 15m)
 99# Cached results avoid redundant health checks on page renders
100# Should be >= ATCR_HEALTH_CHECK_INTERVAL for efficiency
101# Examples: 15m, 30m, 1h
102# ATCR_HEALTH_CACHE_TTL=15m
103
104# ==============================================================================
105# Jetstream Configuration (ATProto event streaming)
106# ==============================================================================
107
108# Jetstream WebSocket URL for real-time ATProto events
109# Default: wss://jetstream2.us-west.bsky.network/subscribe
110# JETSTREAM_URL=wss://jetstream2.us-west.bsky.network/subscribe
111
112# Enable backfill worker to sync historical records (default: false)
113# Set to "true" to enable periodic syncing of ATProto records
114# ATCR_BACKFILL_ENABLED=true
115
116# ATProto relay endpoint for backfill sync API
117# Default: https://relay1.us-east.bsky.network
118# ATCR_RELAY_ENDPOINT=https://relay1.us-east.bsky.network
119
120# Backfill interval (default: 1h)
121# Examples: 30m, 1h, 2h, 24h
122# ATCR_BACKFILL_INTERVAL=1h
Configure Feed

Configure Feed
