mirror of
https://github.com/jeffcaldwellca/mkcertWeb.git
synced 2026-01-12 23:59:51 -06:00
128 lines
5.4 KiB
Plaintext
128 lines
5.4 KiB
Plaintext
# Server Configuration
|
|
PORT=3000 # HTTP server port
|
|
HTTPS_PORT=3443 # HTTPS server port
|
|
|
|
# SSL/HTTPS Configuration
|
|
ENABLE_HTTPS=true # Enable HTTPS server (true/false)
|
|
SSL_DOMAIN=localhost # Domain name for SSL certificate
|
|
FORCE_HTTPS=false # Redirect HTTP to HTTPS (true/false)
|
|
|
|
# Application Configuration
|
|
NODE_ENV=development # Environment mode (development/production)
|
|
CERT_DIR= # Custom certificate storage directory (optional)
|
|
DEFAULT_THEME=dark # Default theme mode (dark/light)
|
|
|
|
# Rate Limiting Configuration
|
|
CLI_RATE_LIMIT_WINDOW=900000 # CLI rate limit window in ms (default: 15 minutes)
|
|
CLI_RATE_LIMIT_MAX=10 # Max CLI operations per window (default: 10)
|
|
API_RATE_LIMIT_WINDOW=900000 # API rate limit window in ms (default: 15 minutes)
|
|
API_RATE_LIMIT_MAX=100 # Max API requests per window (default: 100)
|
|
|
|
# Authentication Configuration
|
|
ENABLE_AUTH=false # Enable user authentication (true/false)
|
|
AUTH_USERNAME=admin # Username for authentication (when ENABLE_AUTH=true)
|
|
AUTH_PASSWORD=admin # Password for authentication (when ENABLE_AUTH=true)
|
|
SESSION_SECRET=mkcert-web-ui-secret-key-change-in-production # Session secret - CHANGE IN PRODUCTION!
|
|
|
|
# OpenID Connect (OIDC) SSO Authentication Configuration
|
|
ENABLE_OIDC=false # Enable OIDC SSO authentication alongside basic auth (true/false)
|
|
OIDC_ISSUER= # OIDC provider issuer URL (e.g., https://login.microsoftonline.com/tenant-id/v2.0)
|
|
OIDC_CLIENT_ID= # OIDC client application ID
|
|
OIDC_CLIENT_SECRET= # OIDC client secret
|
|
OIDC_CALLBACK_URL=http://localhost:3000/auth/oidc/callback # OIDC callback URL
|
|
OIDC_SCOPE=openid profile email # OIDC scopes to request
|
|
|
|
# Examples:
|
|
# For development with HTTPS:
|
|
# ENABLE_HTTPS=true
|
|
# SSL_DOMAIN=myapp.local
|
|
# FORCE_HTTPS=false
|
|
|
|
# For production with HTTPS only:
|
|
# ENABLE_HTTPS=true
|
|
# SSL_DOMAIN=your-domain.com
|
|
# FORCE_HTTPS=true
|
|
# NODE_ENV=production
|
|
|
|
# For production with authentication:
|
|
# ENABLE_AUTH=true
|
|
# AUTH_USERNAME=your-username
|
|
# AUTH_PASSWORD=your-secure-password
|
|
# SESSION_SECRET=your-very-long-random-secret-key
|
|
|
|
# For OIDC SSO authentication (Azure AD example):
|
|
# ENABLE_OIDC=true
|
|
# OIDC_ISSUER=https://login.microsoftonline.com/your-tenant-id/v2.0
|
|
# OIDC_CLIENT_ID=your-azure-app-id
|
|
# OIDC_CLIENT_SECRET=your-azure-app-secret
|
|
# OIDC_CALLBACK_URL=https://your-domain.com/auth/oidc/callback
|
|
|
|
# For OIDC SSO authentication (Google example):
|
|
# ENABLE_OIDC=true
|
|
# OIDC_ISSUER=https://accounts.google.com
|
|
# OIDC_CLIENT_ID=your-google-client-id.apps.googleusercontent.com
|
|
# OIDC_CLIENT_SECRET=your-google-client-secret
|
|
|
|
# For OIDC SSO authentication (Okta example):
|
|
# ENABLE_OIDC=true
|
|
# OIDC_ISSUER=https://your-domain.okta.com/oauth2/default
|
|
# OIDC_CLIENT_ID=your-okta-client-id
|
|
# OIDC_CLIENT_SECRET=your-okta-client-secret
|
|
|
|
# Theme configuration:
|
|
# DEFAULT_THEME=light # Start with light mode by default
|
|
# DEFAULT_THEME=dark # Start with dark mode by default (default)
|
|
|
|
# Email Notification Configuration
|
|
EMAIL_NOTIFICATIONS_ENABLED=false # Enable email notifications for certificate expiry (true/false)
|
|
SMTP_HOST= # SMTP server hostname (e.g., smtp.gmail.com, smtp.outlook.com)
|
|
SMTP_PORT=587 # SMTP server port (587 for TLS, 465 for SSL, 25 for unencrypted)
|
|
SMTP_SECURE=false # Use SSL connection (true for port 465, false for others)
|
|
SMTP_USER= # SMTP username/email address
|
|
SMTP_PASSWORD= # SMTP password or app-specific password
|
|
SMTP_TLS_REJECT_UNAUTHORIZED=true # Reject unauthorized TLS connections (true/false)
|
|
EMAIL_FROM=mkcert-web-ui@localhost # From email address for notifications
|
|
EMAIL_TO= # Comma-separated list of recipient email addresses
|
|
EMAIL_SUBJECT=Certificate Expiry Alert - mkcert Web UI # Subject line for expiry alerts
|
|
|
|
# Certificate Monitoring Configuration
|
|
CERT_MONITORING_ENABLED=false # Enable automatic certificate monitoring (true/false)
|
|
CERT_CHECK_INTERVAL=0 8 * * * # Cron expression for check frequency (default: daily at 8 AM)
|
|
CERT_WARNING_DAYS=30 # Days before expiry to send warning notifications
|
|
CERT_CRITICAL_DAYS=7 # Days before expiry to send critical notifications
|
|
CERT_MONITOR_UPLOADED=true # Monitor uploaded certificates in addition to generated ones (true/false)
|
|
|
|
# Examples for Email Configuration:
|
|
|
|
# Gmail example:
|
|
# EMAIL_NOTIFICATIONS_ENABLED=true
|
|
# SMTP_HOST=smtp.gmail.com
|
|
# SMTP_PORT=587
|
|
# SMTP_SECURE=false
|
|
# SMTP_USER=your-email@gmail.com
|
|
# SMTP_PASSWORD=your-app-password
|
|
# EMAIL_FROM=your-email@gmail.com
|
|
# EMAIL_TO=admin@company.com,ops@company.com
|
|
|
|
# Outlook/Hotmail example:
|
|
# SMTP_HOST=smtp-mail.outlook.com
|
|
# SMTP_PORT=587
|
|
# SMTP_SECURE=false
|
|
# SMTP_USER=your-email@outlook.com
|
|
# SMTP_PASSWORD=your-password
|
|
|
|
# Corporate Exchange example:
|
|
# SMTP_HOST=mail.company.com
|
|
# SMTP_PORT=587
|
|
# SMTP_SECURE=false
|
|
# SMTP_USER=your-username
|
|
# SMTP_PASSWORD=your-password
|
|
|
|
# Monitoring examples:
|
|
# CERT_MONITORING_ENABLED=true
|
|
# CERT_CHECK_INTERVAL=0 8 * * * # Daily at 8 AM
|
|
# CERT_CHECK_INTERVAL=0 */6 * * * # Every 6 hours
|
|
# CERT_CHECK_INTERVAL=0 8 * * 1 # Every Monday at 8 AM
|
|
# CERT_WARNING_DAYS=30 # Warn 30 days before expiry
|
|
# CERT_CRITICAL_DAYS=7 # Critical alert 7 days before expiry
|