From dcf76a4c5db69b03a8cdf3683abc8f02ce5f8988 Mon Sep 17 00:00:00 2001
From: Joachim Hummel <jh@unixweb.de>
Date: Tue, 27 Jan 2026 12:58:04 +0000
Subject: [PATCH] new env.example

---
 env.example | 74 +++++++++++++++++++++++++++++++++++------------------
 1 file changed, 49 insertions(+), 25 deletions(-)

diff --git a/env.example b/env.example
index 3895391..5a1c345 100644
--- a/env.example
+++ b/env.example
@@ -1,42 +1,66 @@
-# Database
+# ===========================================
+# Secure Portal - Environment Configuration
+# ===========================================
+# Kopieren nach .env und Werte anpassen:
+#   cp .env.example .env
+#
+# Secrets generieren:
+#   openssl rand -base64 32
+# ===========================================
+
+# ----- Datenbank (PostgreSQL) -----
 POSTGRES_USER=portal_user
-POSTGRES_PASSWORD=your_secure_password
+POSTGRES_PASSWORD=change_this_password
 POSTGRES_DB=secure_portal
 
-# Redis
-REDIS_PASSWORD=your_redis_password
+# ----- Redis -----
+REDIS_PASSWORD=change_this_redis_password
 
-# JWT Secrets (generate with: openssl rand -base64 32)
-JWT_ACCESS_SECRET=your_access_secret
-JWT_REFRESH_SECRET=your_refresh_secret
+# ----- JWT Secrets (WICHTIG: ändern!) -----
+# Generieren mit: openssl rand -base64 32
+JWT_ACCESS_SECRET=change_this_secret_key_for_production_32_chars
+JWT_REFRESH_SECRET=change_this_refresh_secret_key_production_32
 
-# Encryption (32 characters)
-ENCRYPTION_KEY=your_32_character_encryption_key
+# ----- Encryption Key (WICHTIG: exakt 32 Zeichen!) -----
+# Generieren mit: openssl rand -base64 32 | cut -c1-32
+ENCRYPTION_KEY=change_this_32_character_key_prod
 
-# URLs
-PASSWORD_RESET_URL=https://yourdomain.com/password-reset
-CORS_ORIGIN=https://yourdomain.com
-FRONTEND_URL=https://yourdomain.com
+# ----- URLs -----
+# Frontend URL (wo die App läuft)
+FRONTEND_URL=https://portal.example.com
+# Password Reset Link in E-Mails
+PASSWORD_RESET_URL=https://portal.example.com/password-reset
+# API URL für Frontend (muss vom Browser erreichbar sein)
+VITE_API_URL=https://portal.example.com/api
+# CORS erlaubte Origins (kommagetrennt für mehrere)
+CORS_ORIGIN=https://portal.example.com
 
-# Mail Provider (brevo, sendgrid, smtp)
-MAIL_PROVIDER=brevo
-MAIL_FROM_EMAIL=noreply@yourdomain.com
+# ----- Email Configuration -----
+# Provider: brevo, sendgrid, smtp
+MAIL_PROVIDER=smtp
+MAIL_FROM_EMAIL=noreply@example.com
 MAIL_FROM_NAME=Secure Portal
 
-# Brevo (if MAIL_PROVIDER=brevo)
-BREVO_API_KEY=your_brevo_api_key
+# Brevo (wenn MAIL_PROVIDER=brevo)
+BREVO_API_KEY=your_brevo_api_key_here
 
-# SMTP (if MAIL_PROVIDER=smtp)
+# SendGrid (wenn MAIL_PROVIDER=sendgrid)
+SENDGRID_API_KEY=your_sendgrid_api_key_here
+
+# SMTP (wenn MAIL_PROVIDER=smtp)
 SMTP_HOST=smtp.example.com
 SMTP_PORT=587
 SMTP_USER=your_smtp_user
 SMTP_PASSWORD=your_smtp_password
 SMTP_SECURE=false
 
-# License
-LICENSE_SERVER_URL=https://license.example.com
-LICENSE_KEY=your_license_key
+# ----- Lizenzierung (optional) -----
+LICENSE_SERVER_URL=https://license.unixweb.de
+LICENSE_KEY=
 
-# Features
-ENABLE_REGISTER=false
-CLAMAV_ENABLED=true
+# ----- Feature Toggles -----
+# Registrierung deaktivieren nach Admin-Erstellung
+ENABLE_REGISTER=true
+
+# ----- Docker Registry Version (für docker-compose.registry.yml) -----
+VERSION=1.0.3