-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path.env.example
More file actions
88 lines (71 loc) · 2.18 KB
/
.env.example
File metadata and controls
88 lines (71 loc) · 2.18 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
APP_NAME=Laravel
APP_ENV=local
APP_KEY=
APP_DEBUG=false # SECURITY: false by default, only set true for local debugging
APP_URL=http://localhost
APP_LOCALE=en
APP_FALLBACK_LOCALE=en
APP_FAKER_LOCALE=en_US
APP_MAINTENANCE_DRIVER=file
# APP_MAINTENANCE_STORE=database
PHP_CLI_SERVER_WORKERS=4
BCRYPT_ROUNDS=12
LOG_CHANNEL=stack
LOG_STACK=single
LOG_DEPRECATIONS_CHANNEL=null
LOG_LEVEL=error # SECURITY: error by default, use debug only in local development
DB_CONNECTION=sqlite
# DB_HOST=127.0.0.1
# DB_PORT=3306
# DB_DATABASE=laravel
# DB_USERNAME=root
# DB_PASSWORD=
# Session Security Settings
# IMPORTANT: These are secure defaults for production
SESSION_DRIVER=database
SESSION_LIFETIME=30 # SECURITY: 30 minutes instead of 120
SESSION_ENCRYPT=true # SECURITY: Encrypt session data
SESSION_PATH=/
SESSION_DOMAIN=null
SESSION_EXPIRE_ON_CLOSE=true # SECURITY: Sessions expire when browser closes
SESSION_SECURE_COOKIE=false # SECURITY: Set to true in production with HTTPS
# Authentication Security
AUTH_PASSWORD_TIMEOUT=900 # SECURITY: Password confirmation expires after 15 minutes (900 seconds)
BROADCAST_CONNECTION=log
FILESYSTEM_DISK=local
QUEUE_CONNECTION=database
CACHE_STORE=database
# CACHE_PREFIX=
MEMCACHED_HOST=127.0.0.1
REDIS_CLIENT=phpredis
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379
MAIL_MAILER=log
MAIL_SCHEME=null
MAIL_HOST=127.0.0.1
MAIL_PORT=2525
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_FROM_ADDRESS="hello@example.com"
MAIL_FROM_NAME="${APP_NAME}"
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_DEFAULT_REGION=us-east-1
AWS_BUCKET=
AWS_USE_PATH_STYLE_ENDPOINT=false
VITE_APP_NAME="${APP_NAME}"
# Seeder Security Settings
# REQUIRED: Set a strong admin password for database seeding
# Generate one with: php artisan tinker --execute="echo Str::random(24);"
# Or use: openssl rand -base64 24
ADMIN_DEFAULT_PASSWORD=passwordnyainiya11!!
# Production Deployment Checklist:
# When deploying to production, ensure these are set:
# - APP_ENV=production
# - APP_DEBUG=false (already set above)
# - APP_URL=https://yourdomain.com
# - SESSION_SECURE_COOKIE=true
# - ADMIN_DEFAULT_PASSWORD=<strong-unique-password>
# - LOG_LEVEL=error
# Run security audit: composer audit && npm audit