# Configuration Guide This document explains all configuration files and environment variables for the Normogen project. ## Backend Configuration ### Environment Files #### 1. backend/.env.example (Primary Configuration Template) This is the main environment configuration template for the backend service. ```bash # MongoDB Configuration MONGODB_URI=mongodb://localhost:27017 DATABASE_NAME=normogen # JWT Configuration JWT_SECRET=your-secret-key-here-change-in-production JWT_ACCESS_TOKEN_EXPIRY_MINUTES=15 JWT_REFRESH_TOKEN_EXPIRY_DAYS=30 # Server Configuration SERVER_HOST=127.0.0.1 SERVER_PORT=8000 ``` **How to use:** ```bash cd backend cp .env.example .env # Edit .env with your values ``` #### 2. backend/defaults.env This file contains default values for development. It's sourced by docker-compose files. ```bash MONGODB_URI=mongodb://localhost:27017 DATABASE_NAME=normogen JWT_SECRET=change-this-secret-in-production SERVER_HOST=0.0.0.0 SERVER_PORT=8000 ``` #### 3. thoughts/env.example This is a reference copy in the thoughts directory for documentation purposes. ## Environment Variables ### Required Variables | Variable | Description | Example | Default | |----------|-------------|---------|---------| | `MONGODB_URI` | MongoDB connection string | `mongodb://localhost:27017` | - | | `DATABASE_NAME` | MongoDB database name | `normogen` | - | | `JWT_SECRET` | Secret key for JWT signing | Minimum 32 characters | - | ### Optional Variables | Variable | Description | Example | Default | |----------|-------------|---------|---------| | `SERVER_HOST` | Server bind address | `0.0.0.0` | `127.0.0.1` | | `SERVER_PORT` | Server port | `8000` | `8000` | | `JWT_ACCESS_TOKEN_EXPIRY_MINUTES` | Access token lifetime | `15` | `15` | | `JWT_REFRESH_TOKEN_EXPIRY_DAYS` | Refresh token lifetime | `30` | `30` | ## Docker Configuration ### docker-compose.yml (Production) Standard production deployment with MongoDB. ```bash cd backend docker compose up -d ``` **Services:** - `backend` - Axum server on port 6000 (host) - `mongodb` - MongoDB on port 27017 **Resource Limits:** - CPU: 1000m (1 core) - Memory: 1000Mi (1GB) ### docker-compose.dev.yml (Development) Development mode with hot reload and volume mounts. ```bash cd backend docker compose -f docker-compose.dev.yml up -d ``` **Features:** - Hot reload on code changes - Source code mounted as volume - Exposes server on port 8000 ## Local Development ### Quick Start ```bash # Clone repository git clone normogen cd normogen/backend # Setup environment cp .env.example .env # Edit .env with your configuration # Install dependencies cargo build # Run server cargo run # Test curl http://localhost:8000/health ``` ### Testing ```bash # Unit tests cargo test # Integration tests cargo test --test auth_tests # Manual testing script cd .. ./thoughts/test_auth.sh ``` ## Configuration Best Practices ### JWT Secret ```bash # Generate a secure JWT secret (minimum 32 characters) openssl rand -base64 32 # Or use a passphrase-based secret echo "your-secure-passphrase-32-chars-minimum" | base64 ``` **Security Requirements:** - Minimum 32 characters - Use random, high-entropy values - Never commit to git - Rotate periodically in production - Use different secrets for dev/staging/production ### MongoDB Connection ```bash # Local development MONGODB_URI=mongodb://localhost:27017 # With authentication MONGODB_URI=mongodb://username:password@localhost:27017 # Replica set MONGODB_URI=mongodb://host1:27017,host2:27017,host3:27017/?replicaSet=myReplicaSet # MongoDB Atlas (cloud) MONGODB_URI=mongodb+srv://username:password@cluster.mongodb.net/mydb ``` ### Server Configuration ```bash # Local development (localhost only) SERVER_HOST=127.0.0.1 SERVER_PORT=8000 # Docker/Docker Compose (all interfaces) SERVER_HOST=0.0.0.0 SERVER_PORT=8000 # Production (behind reverse proxy) SERVER_HOST=127.0.0.1 SERVER_PORT=8000 ``` ## Deployment Environments ### Development ```bash MONGODB_URI=mongodb://localhost:27017 DATABASE_NAME=normogen_dev JWT_SECRET=dev-secret-key-32-chars-minimum SERVER_HOST=127.0.0.1 SERVER_PORT=8000 ``` ### Staging ```bash MONGODB_URI=mongodb://staging-mongo.internal:27017 DATABASE_NAME=normogen_staging JWT_SECRET= SERVER_HOST=0.0.0.0 SERVER_PORT=8000 ``` ### Production ```bash MONGODB_URI=mongodb+srv://:@prod-cluster.mongodb.net/normogen DATABASE_NAME=normogen JWT_SECRET= SERVER_HOST=127.0.0.1 SERVER_PORT=8000 ``` ## Troubleshooting ### MongoDB Connection Issues ```bash # Check if MongoDB is running docker ps | grep mongo # or systemctl status mongod # Test connection mongosh "mongodb://localhost:27017" ``` ### JWT Errors ```bash # Verify JWT_SECRET is set echo $JWT_SECRET | wc -c # Should be >= 32 # Check for special characters # Some shells may require quotes export JWT_SECRET="your-secret-with-special-chars-!@#$%" ``` ### Port Already in Use ```bash # Check what's using port 8000 lsof -i :8000 # or netstat -tulpn | grep 8000 # Kill the process kill -9 ``` ## Security Checklist Before deploying to production: - [ ] Change `JWT_SECRET` to a strong, randomly generated value - [ ] Enable MongoDB authentication - [ ] Use TLS/SSL for MongoDB connections - [ ] Set up firewall rules - [ ] Configure reverse proxy (nginx/caddy) - [ ] Enable HTTPS - [ ] Set up log aggregation - [ ] Configure monitoring and alerts - [ ] Implement rate limiting - [ ] Regular security updates ## Additional Resources - [README.md](../README.md) - Project overview - [STATUS.md](./STATUS.md) - Development progress - [encryption.md](../encryption.md) - Encryption implementation guide - [introduction.md](../introduction.md) - Project vision