CS-OnlineAssetsShare/.env.example at main · bauer-group/CS-OnlineAssetsShare · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
# =============================================================================
# OnlineAssetsShare — Environment Configuration
# =============================================================================
# Centralized S3-compatible object storage for BAUER GROUP applications.
#
# S3 API:  https://assets.bauer-group.com
# Console: https://console.assets.bauer-group.com
#
# Setup: cp .env.example .env && edit .env (fill in REQUIRED values)
# =============================================================================


# =============================================================================
# Stack Configuration
# =============================================================================

# Container name prefix (used for container names, volumes, networks)
STACK_NAME=online-assets

# Container timezone
# Default: Etc/UTC
TIME_ZONE=Etc/UTC


# =============================================================================
# Image Configuration
# =============================================================================
# Pre-built images from BAUER GROUP Container Solution

# MinIO server image
MINIO_IMAGE=ghcr.io/bauer-group/cs-minio/minio
MINIO_VERSION=latest

# Init container image (bucket/user initialization)
MINIO_INIT_IMAGE=ghcr.io/bauer-group/cs-minio/minio-init
MINIO_INIT_VERSION=latest

# Admin console image (web-based management UI)
CONSOLE_IMAGE=ghcr.io/bauer-group/cs-minio/minio-console
CONSOLE_VERSION=latest


# =============================================================================
# MinIO Server Configuration
# =============================================================================

# Root credentials (REQUIRED — change these!)
# Generate password: openssl rand -hex 32
MINIO_ROOT_USER=admin
MINIO_ROOT_PASSWORD=

# Default region for bucket creation
# Common values: eu-central-1, eu-west-1, us-east-1
MINIO_REGION=eu-central1


# =============================================================================
# Console Configuration
# =============================================================================
# The admin console provides a full management UI (users, policies, buckets,
# monitoring). MinIO's built-in browser is disabled.

# Console credentials (created by init container with full admin privileges)
# Generate password: openssl rand -hex 32
CONSOLE_USER=console-admin
CONSOLE_PASSWORD=


# =============================================================================
# Traefik Configuration (docker-compose.yml)
# =============================================================================
# DNS records must resolve to these hostnames before starting.

# S3 API endpoint hostname
# Path-style access: https://{S3_HOSTNAME}/{bucket}/{key}
S3_HOSTNAME=assets.bauer-group.com

# Console hostname (admin management UI)
S3_CONSOLE_HOSTNAME=console.assets.bauer-group.com

# External Traefik network name (must already exist)
PROXY_NETWORK=EDGEPROXY

# DNS-style bucket access (optional)
# Requires wildcard certificate or explicit SANs for each bucket.
# Uncomment and add bucket hostnames if needed:
# S3_BUCKET_SANS=mail-signatures.assets.bauer-group.com


# =============================================================================
# Port Settings (docker-compose.direct.yml)
# =============================================================================
# Direct port binding when NOT using Traefik reverse proxy.

# S3 API port
EXPOSED_API_PORT=9000

# Console port (admin console)
EXPOSED_CONSOLE_PORT=9001


# =============================================================================
# Init Container Configuration
# =============================================================================
# The init container runs two config files in order:
#   1. Built-in default (baked into image) — creates pAdministrators policy,
#      gAdministrators group, and console user from CONSOLE_USER/PASSWORD
#   2. User config (mounted) — merged tenant configs from config/init.json
#
# Supported resources: Buckets, IAM Policies, Users, Groups, Service Accounts
# JSON values support ${ENV_VAR} syntax for environment variable resolution.
#
# Service account credentials are generated dynamically by MinIO and written
# to the minio-credentials volume at /data/credentials/*.json.

# Timeout in seconds to wait for MinIO server to become healthy
MINIO_WAIT_TIMEOUT=60


# =============================================================================
# Tenant Credentials
# =============================================================================
# Each tenant application references its own env vars in config/tenants/*.json.
# These credentials are passed through to the init container for resolution.

# ── Tenant: Mail Signatures ────────────────────────────────────────────────
# Used in: config/tenants/mail-signatures.json
MAIL_SIGNATURE_USER=
MAIL_SIGNATURE_PASSWORD=


# =============================================================================
# Deployment
# =============================================================================
#
# Production + Traefik (HTTPS):
#   docker compose up -d
#   S3 API:  https://assets.bauer-group.com
#   Console: https://console.assets.bauer-group.com
#
# Production + Coolify:
#   Deploy via Coolify UI with docker-compose.coolify.yml
#   Set environment variables in Coolify dashboard
#
# Testing (direct port access):
#   docker compose -f docker-compose.direct.yml up -d
#   S3 API:  http://localhost:${EXPOSED_API_PORT}
#   Console: http://localhost:${EXPOSED_CONSOLE_PORT}
#