marco/buildmymcpserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8a7ffe673d
buildmymcpserver/.env.production.example
Marco Sadjadi 8a7ffe673d feat(deploy): production Dockerfiles, compose stack, and runbook 
- Multi-stage Dockerfiles for web/api/generator (pnpm workspace install,
  tsx runtime — workspace packages are raw TS, same model as runner-template).
- docker-compose.prod.yml: postgres + redis + the three app services.
  api/generator/web use host networking so the generator's host-port probe
  is correct and every service shares one address space; api + generator
  mount the Docker socket. Binds nothing on 80/443 — safe beside other apps.
- Optional Traefik reverse proxy in infra/traefik/ (heavily gated — only if
  the box has no existing proxy).
- .env.production.example, .dockerignore, DEPLOY.md (Cloudflare zone, GoDaddy
  nameserver switch, server deploy, Google Cloud Console OAuth app).
- api/generator `start` now runs via tsx; `node dist/index.js` could never
  resolve the raw-TS workspace imports.

All three images verified building clean; the API container boots under tsx.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-21 00:37:02 +02:00

76 lines
2.8 KiB
Plaintext
Raw Blame History

# ============================================================================
# Production environment for buildmymcp.com
# Copy to .env.production on the server and fill every value marked CHANGE-ME.
# Never commit the filled file — .env.production is gitignored.
#
# Used two ways by docker-compose.prod.yml:
# 1. compose interpolation -> docker compose --env-file .env.production ...
# 2. container env -> env_file: .env.production
# ============================================================================
# ---- Core ----
NODE_ENV=production
# ---- Postgres (the compose file owns the container) ----
POSTGRES_USER=bmm
POSTGRES_PASSWORD=CHANGE-ME-strong-db-password
POSTGRES_DB=bmm
POSTGRES_PORT=5440
# ---- Redis ----
REDIS_PORT=6390
# ---- Connection strings (host-networked services reach the DBs on loopback) ----
DATABASE_URL=postgresql://bmm:CHANGE-ME-strong-db-password@127.0.0.1:5440/bmm
REDIS_URL=redis://127.0.0.1:6390
# ---- API ----
PORT=4000
# ---- Public URLs (must match the Cloudflare DNS records) ----
NEXT_PUBLIC_APP_URL=https://buildmymcp.com
NEXT_PUBLIC_API_URL=https://api.buildmymcp.com
# Used to build the Google OAuth redirect URI and as the JWKS origin.
CONTROL_PLANE_PUBLIC_URL=https://api.buildmymcp.com
# Reachable by generated MCP containers — must be public so they can resolve it.
CONTROL_PLANE_URL=https://api.buildmymcp.com
OAUTH_ISSUER=https://api.buildmymcp.com
# ---- Crypto ----
# REQUIRED in production. The API refuses to boot on the all-zero placeholder.
# Generate with: openssl rand -hex 32
SECRETS_ENCRYPTION_KEY=CHANGE-ME-run-openssl-rand-hex-32
# ---- Admin bootstrap (upserted idempotently on API boot) ----
ADMIN_EMAIL=marco.frangiskatos@gmail.com
ADMIN_PASSWORD=CHANGE-ME-strong-admin-password
ADMIN_NAME=Marco Frangiskatos
# ---- Anthropic (empty = mock generation; set for real Claude generation) ----
ANTHROPIC_API_KEY=
# ---- Google OAuth ("Continue with Google") ----
# Google Cloud Console -> APIs & Services -> Credentials -> OAuth client (Web).
# Authorized redirect URI must be EXACTLY:
# https://api.buildmymcp.com/v1/auth/google/callback
GOOGLE_OAUTH_ID=
GOOGLE_OAUTH_SECRET=
# ---- OAuth signing keys (RS256 JWKS) ----
# Auto-generated on first boot into this dir; persisted in the bmm_keys volume.
OAUTH_KEY_DIR=./keys
# ---- Runner / Generator ----
# Host used in a generated server's public URL (http://RUNNER_HOST:<port>).
# Generated MCP containers bind host ports in RUNNER_PORT_RANGE_*.
# NOTE: per-server subdomain routing through the proxy is not wired yet — a
# generated server is currently reachable at the host port directly. Treat
# public exposure of generated servers as a follow-up before GA. See DEPLOY.md.
RUNNER_HOST=buildmymcp.com
RUNNER_PORT_RANGE_START=4100
RUNNER_PORT_RANGE_END=4999
# ---- Observability (optional) ----
SENTRY_DSN=
OTEL_EXPORTER_OTLP_ENDPOINT=
Reference in New Issue View Git Blame Copy Permalink