# Dograh — Hostinger VPS (managed Traefik) environment # Copy to .env (in this directory) and fill in. See README.md for bring-up. # --------------------------------------------------------------------------- # Public identity # --------------------------------------------------------------------------- # The domain users hit in the browser. Must already point (DNS A record) at # this VPS, and be a router rule Traefik will issue a Let's Encrypt cert for. PUBLIC_HOST=app.example.com # --------------------------------------------------------------------------- # Managed Traefik wiring (confirm these three with Hostinger) # --------------------------------------------------------------------------- # Name of the existing Docker network Traefik watches/attaches to. TRAEFIK_NETWORK=traefik # Name of Traefik's HTTPS entrypoint (often "websecure" or "https"). TRAEFIK_ENTRYPOINT=websecure # Name of Traefik's Let's Encrypt certificate resolver. TRAEFIK_CERTRESOLVER=letsencrypt # --------------------------------------------------------------------------- # WebRTC media (coturn) — REQUIRED for voice. NOT proxied by Traefik. # --------------------------------------------------------------------------- # Public IP of this VPS (or a domain that resolves to it). coturn advertises # this as its external relay address. TURN_HOST=203.0.113.10 # Shared secret for time-limited TURN credentials. Generate a strong random # value, e.g.: openssl rand -hex 32 TURN_SECRET=change-me-to-a-long-random-secret # Set true only to *force* relay-only ICE for debugging TURN reachability. FORCE_TURN_RELAY=false # --------------------------------------------------------------------------- # Secrets # --------------------------------------------------------------------------- # JWT signing secret. Generate, e.g.: openssl rand -hex 32 OSS_JWT_SECRET=change-me-to-a-long-random-secret # Postgres password (baked into the volume on first init; changing later does # NOT re-key an existing volume). POSTGRES_PASSWORD=postgres # Internal datastore credentials. Redis and MinIO are NOT published to the host # (reachable only on the internal Docker network), but set strong values anyway # on a public box — the compose falls back to weak well-known defaults # (redissecret / minioadmin) if these are unset. Generate with: openssl rand -hex 32 REDIS_PASSWORD=change-me-to-a-long-random-secret MINIO_ROOT_USER=dograh MINIO_ROOT_PASSWORD=change-me-to-a-long-random-secret # --------------------------------------------------------------------------- # Images — pin to a GitHub release tag for predictable upgrades/rollback. # Leave at "latest" only for evaluation. # --------------------------------------------------------------------------- REGISTRY=dograhai DOGRAH_VERSION=latest # --------------------------------------------------------------------------- # Optional # --------------------------------------------------------------------------- ENABLE_TELEMETRY=true # Only needed if you run the bundled docker-compose.traefik.yaml to self-host a # stand-in Traefik for testing (NOT on Hostinger — their Traefik provides this). # Email Let's Encrypt uses for expiry notices. ACME_EMAIL=admin@example.com