-
Notifications
You must be signed in to change notification settings - Fork 8
/
.env-dist
47 lines (42 loc) · 2.2 KB
/
.env-dist
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# The (default) root domain for all projects:
ROOT_DOMAIN=d.example.com
# The default answer for the question as to whether or not to store cleartext credentials in passwords.json
# This does not automatically choose one or the other, you must still choose during `make config`,
# but this will affect the questions default answer: Y/n vs y/N
# only setting this "true" will cause the default answer to be Y/n, otherwise it will be y/N.
DEFAULT_SAVE_CLEARTEXT_PASSWORDS_JSON=false
# For servers that are behind a proxy, set these to true to set the
# default to use proxy protocol for new routes:
DEFAULT_CLI_ROUTE_LAYER_7_PROXY_PROTOCOL=0
DEFAULT_CLI_ROUTE_LAYER_4_PROXY_PROTOCOL=0
## These PUBLIC ports should never influence which ports a service actually uses.
## Instead, they are only used when generating a URL, like with `make open`.
## If set to their default (80 and 443), `make open` will generate a url like `https://service`,
## whereas if PUBLIC_HTTP_PORT=8443, it will make the URL like `https://service:8443`.
## This can be useful even when Traefik is configured to use the default port,
## for example, when a NAT gateway in front of Traefik is translating the port,
## like in the case of user-space KVM, which cannot bind to ports
## <1024, forcing the end user to use a non-standard port.
PUBLIC_HTTP_PORT=80
PUBLIC_HTTPS_PORT=443
# When you work with instances, d.rymcg.tech can open a subshell for you
# to more easily focus on your current instance. If you want to extend your
# shell environment to your subshell, whatever file you add to
# MAKE_INSTANCE_SOURCE_RCFILE (e.g., `~/.bashrc`) will be `source`ed
# before creating the subshell.
MAKE_INSTANCE_SOURCE_RCFILE=
# Fail2Ban bans IP addresses from accessing your server
# after the configured number of failed authentication attempts:
FAIL2BAN_ENABLED=false
FAIL2BAN_IGNORE_IP=
FAIL2BAN_SSHD_ENABLED=true
FAIL2BAN_SSHD_MAX_RETRY=2
FAIL2BAN_SSHD_BAN_TIME=10m
FAIL2BAN_SSHD_FIND_TIME=10m
FAIL2BAN_SSHD_ALLOW_IPV6=true
FAIL2BAN_TRAEFIK_ACCESS_ENABLED=true
FAIL2BAN_TRAEFIK_ACCESS_ERROR_LIST=400,403,405,407,429,431
FAIL2BAN_TRAEFIK_ACCESS_MAX_RETRY=5
FAIL2BAN_TRAEFIK_ACCESS_BAN_TIME=10m
FAIL2BAN_TRAEFIK_ACCESS_FIND_TIME=10m
FAIL2BAN_TRAEFIK_ACCESS_ALLOW_IPV6=true