-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
282 lines (232 loc) · 10.2 KB
/
.env.example
File metadata and controls
282 lines (232 loc) · 10.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
# =============================================================================
# Screen Recorder - Self-Hosted [BAUER GROUP Edition]
# =============================================================================
# Documentation: https://cap.so/docs/self-hosting
# Repository: https://github.com/CapSoftware/Cap
#
# This file contains all configuration options for Cap self-hosted deployment.
# Copy this file to .env and adjust values as needed.
#
# IMPORTANT: Run ./scripts/generate-secrets.sh to generate secure passwords!
# =============================================================================
# -----------------------------------------------------------------------------
# STACK IDENTIFICATION
# -----------------------------------------------------------------------------
# Unique name for this deployment (used in container names, volumes, networks)
# Use lowercase, alphanumeric with underscores only
STACK_NAME=screenrecorder_app_bauer-group_com
# Timezone for all services
TIME_ZONE=Etc/UTC
# -----------------------------------------------------------------------------
# VERSION CONFIGURATION
# -----------------------------------------------------------------------------
# Cap Web application version (Git tag from https://github.com/CapSoftware/Cap)
# Available tags: https://github.com/CapSoftware/Cap/tags
# Format: cap-vX.Y.Z (e.g., cap-v0.4.0, cap-v0.3.0)
CAP_VERSION=cap-v0.4.82
# MySQL version (8.4 LTS recommended)
MYSQL_VERSION=8.4
# MinIO version
MINIO_VERSION=latest
# -----------------------------------------------------------------------------
# NETWORK CONFIGURATION
# -----------------------------------------------------------------------------
# -- Development Mode --
# Direct port exposure (no reverse proxy)
EXPOSED_APP_PORT=3000
EXPOSED_MYSQL_PORT=3306
EXPOSED_MINIO_API_PORT=9000
EXPOSED_MINIO_CONSOLE_PORT=9001
# -- Production Mode (Traefik) --
# DNS must resolve to these hostnames
SERVICE_HOSTNAME=screenrecorder.app.bauer-group.com
S3_HOSTNAME=assets.screenrecorder.app.bauer-group.com
S3_CONSOLE_HOSTNAME=assets-console.screenrecorder.app.bauer-group.com
# External Traefik network name
PROXY_NETWORK=EDGEPROXY
# -----------------------------------------------------------------------------
# CAP APPLICATION SETTINGS
# -----------------------------------------------------------------------------
# Public URL of the Cap server (REQUIRED)
# This is used for generating share links and OAuth callbacks
# Development: http://localhost:3000
# Production: https://screenrecorder.app.bauer-group.com
WEB_URL=https://screenrecorder.app.bauer-group.com
# Node environment
NODE_ENV=production
# Default visibility for new videos
# true = public by default, false = private by default
CAP_VIDEOS_DEFAULT_PUBLIC=false
# Restrict signups to specific email domains (comma-separated)
# Leave empty to allow all domains
# Example: bauer-group.com,example.com
CAP_ALLOWED_SIGNUP_DOMAINS=
# Client download URL (for /download redirect)
# Default: https://cap.so/download (official Cap download page)
# Self-hosted: Point to your own S3 bucket with client installers including index.html
# Example: https://assets.screenrecorder.app.bauer-group.com/downloads/index.html
# Setup: Run scripts/setup-client-bucket.py and scripts/sync-clients.py
CAP_CLIENT_DOWNLOAD_URL=https://cap.so/download
# -----------------------------------------------------------------------------
# AUTHENTICATION SECRETS (REQUIRED)
# -----------------------------------------------------------------------------
# Run ./scripts/generate-secrets.sh to generate these values!
# NextAuth secret (REQUIRED)
# Used for encrypting session tokens
# Note: generate-secrets.sh creates shell-safe alphanumeric secrets
NEXTAUTH_SECRET=
# Database encryption key (32 byte hex string)
# Used for encrypting sensitive data like AWS access keys stored in database
# Note: Hex format is inherently shell-safe (0-9, a-f only)
DATABASE_ENCRYPTION_KEY=
# -----------------------------------------------------------------------------
# DATABASE CONFIGURATION (MySQL)
# -----------------------------------------------------------------------------
# Note: Database name and user are static in compose files (cap/cap)
# Database password (REQUIRED)
# Note: generate-secrets.sh creates shell-safe alphanumeric passwords
DATABASE_PASSWORD=
# Database connection pool size
DATABASE_POOL_SIZE=20
# -----------------------------------------------------------------------------
# S3 STORAGE CONFIGURATION (MinIO)
# -----------------------------------------------------------------------------
# Note: Bucket name (media) and service user (cap) are static in compose files.
# S3 region (used for bucket creation and API requests)
# Default: global (works for most S3-compatible services)
# AWS: us-east-1, eu-central-1, etc.
AWS_S3_REGION=global
# MinIO root credentials (admin access)
# Note: generate-secrets.sh creates shell-safe alphanumeric passwords
MINIO_ROOT_USER=admin
MINIO_ROOT_PASSWORD=
# S3 service account secret key (for Cap application)
# Note: generate-secrets.sh creates shell-safe alphanumeric keys
CAP_AWS_SECRET_KEY=
# -----------------------------------------------------------------------------
# MEDIA SERVER CONFIGURATION
# -----------------------------------------------------------------------------
# Shared secret between cap-web and media-server for webhook authentication
# IMPORTANT: Change from default! Run: openssl rand -hex 32
MEDIA_SERVER_WEBHOOK_SECRET=
# -----------------------------------------------------------------------------
# EMAIL CONFIGURATION (Optional)
# -----------------------------------------------------------------------------
# If not configured, login links will be written to server logs.
#
# Priority: SMTP > Resend > Console Log
# Configure either SMTP or Resend, not both.
# -- SMTP Settings (Recommended for self-hosted) --
# Standard SMTP server configuration
SMTP_HOST=
SMTP_PORT=587
SMTP_TLS=false
SMTP_USER=
SMTP_PASSWORD=
SMTP_FROM=no-reply@message.bauer-group.com
SMTP_FROM_NAME=Screen Recorder [BAUER GROUP]
# -- Resend.com (Cloud alternative) --
# Only used if SMTP_HOST is not set
# Sign up at https://resend.com and create an API key
RESEND_API_KEY=
# Domain for sending emails (must be verified in Resend)
RESEND_FROM_DOMAIN=
# -----------------------------------------------------------------------------
# OAUTH PROVIDERS (Optional)
# -----------------------------------------------------------------------------
# -- Microsoft Entra ID (Azure AD) --
# Portal: https://entra.microsoft.com/#view/Microsoft_AAD_RegisteredApps/ApplicationsListBlade
#
# Setup:
# 1. Click "New registration"
# 2. Name: "Screen Recorder" (or your preferred name)
# 3. Supported account types:
# - Single tenant: "Accounts in this organizational directory only"
# - Multi-tenant: "Accounts in any organizational directory"
# 4. Redirect URI (Web): https://${SERVICE_HOSTNAME}/api/auth/callback/azure-ad
# 5. Click "Register"
#
# After registration:
# 6. Overview > Copy "Application (client) ID" → AZURE_AD_CLIENT_ID
# 7. Overview > Copy "Directory (tenant) ID" → AZURE_AD_TENANT_ID (single-tenant only)
# 8. Certificates & secrets > New client secret > Copy "Value" → AZURE_AD_CLIENT_SECRET
#
# API Permissions (already granted by default):
# - openid, email, profile, User.Read (delegated)
#
# Tenant configuration:
# - Single-tenant: Set AZURE_AD_TENANT_ID to your Directory ID
# - Multi-tenant: Leave AZURE_AD_TENANT_ID empty (uses "common")
#
AZURE_AD_TENANT_ID=
AZURE_AD_CLIENT_ID=
AZURE_AD_CLIENT_SECRET=
# -- Google OAuth --
# Setup: https://console.cloud.google.com/apis/credentials
# Redirect URI: https://${SERVICE_HOSTNAME}/api/auth/callback/google
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
# -- WorkOS (Enterprise SSO) --
# Sign up at https://workos.com
WORKOS_CLIENT_ID=
WORKOS_API_KEY=
# -----------------------------------------------------------------------------
# AI FEATURES (Optional)
# -----------------------------------------------------------------------------
# Audio transcription (Deepgram)
# Sign up at https://deepgram.com
DEEPGRAM_API_KEY=
# AI summaries - use ONE of the following:
# OpenAI: https://platform.openai.com/api-keys
OPENAI_API_KEY=
# Groq (faster, cheaper alternative): https://console.groq.com
GROQ_API_KEY=
# -----------------------------------------------------------------------------
# PAYMENTS (Optional)
# -----------------------------------------------------------------------------
# Stripe integration
# Get keys at https://dashboard.stripe.com/apikeys
STRIPE_SECRET_KEY=
STRIPE_WEBHOOK_SECRET=
# -----------------------------------------------------------------------------
# INTEGRATIONS (Optional)
# -----------------------------------------------------------------------------
# Discord webhooks for notifications
DISCORD_FEEDBACK_WEBHOOK_URL=
DISCORD_LOGS_WEBHOOK_URL=
# Analytics
TINYBIRD_HOST=
TINYBIRD_TOKEN=
# URL shortener
DUB_API_KEY=
# Customer communication
INTERCOM_SECRET=
# PostHog product analytics
POSTHOG_PERSONAL_API_KEY=
# -----------------------------------------------------------------------------
# CLOUDFRONT CDN (Optional)
# -----------------------------------------------------------------------------
# For production deployments with high traffic.
#
# IMPORTANT: Keep these variables commented out if not using CloudFront!
# Setting empty values will cause "DECODER routines::unsupported" errors.
# Only uncomment and configure if you have a valid CloudFront distribution.
#
# CAP_CLOUDFRONT_DISTRIBUTION_ID=your-distribution-id
# CLOUDFRONT_KEYPAIR_ID=your-keypair-id
# CLOUDFRONT_KEYPAIR_PRIVATE_KEY=-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----
# -----------------------------------------------------------------------------
# ACCESS POINTS
# -----------------------------------------------------------------------------
#
# Development:
# App: http://localhost:3000
# MinIO API: http://localhost:9000
# MinIO Console: http://localhost:9001
#
# Production:
# App: https://screenrecorder.app.bauer-group.com
# S3 API: https://assets.screenrecorder.app.bauer-group.com
# MinIO Console: https://assets-console.screenrecorder.app.bauer-group.com
# Client Downloads URL: https://assets.screenrecorder.app.bauer-group.com/downloads/index.html
#