NODE_ENV=production PORT=3010 API_UPSTREAM=http://127.0.0.1:6000 PUBLIC_ORIGIN=https://example.com UPTIME_STORAGE_DIR=~/tsswebstorage UPTIME_DATABASE_FILE=uptime.sqlite UPTIME_SAMPLE_INTERVAL_MS=1800000 UPTIME_HISTORY_LIMIT=336 ANALYTICS_DATABASE_FILE=viewers.sqlite ANALYTICS_RETENTION_DAYS=30 ANALYTICS_ACTIVE_WINDOW_SECONDS=75 API_CACHE_TTL_MS=15000 API_RATE_LIMIT_WINDOW_MS=60000 API_RATE_LIMIT_MAX=120 # Proxy trust. Set to "cloudflare" when the app is fronted by Cloudflare (possibly via nginx). # "generic" trusts X-Forwarded-* without CF-specific headers. "none" ignores all proxy headers. # Only honors trusted headers when the immediate TCP peer is in TRUSTED_UPSTREAM_IPS. TRUST_PROXY=cloudflare TRUSTED_UPSTREAM_IPS=127.0.0.1,::1,::ffff:127.0.0.1 WEBHOOK_PORT=3011 GITHUB_WEBHOOK_SECRET=change-me # Comma-separated refs allowed to trigger a deploy. Defaults to refs/heads/main. GITHUB_WEBHOOK_REFS=refs/heads/main # Optional: refuse pushes whose repository.full_name does not match (e.g. "owner/repo"). GITHUB_WEBHOOK_REPOSITORY= PM2_RESTART_TARGETS=tssbot-web DISCORD_WEBHOOK_URL=https://discord.com/api/webhooks/... # Set to "true" only if the Discord channel is private. Default omits the patch preview # from Discord notifications to avoid leaking diffs (including any inline secrets). DISCORD_INCLUDE_PATCH=true # Cloudflare Turnstile. VITE_TURNSTILE_SITE_KEY is the public site key baked into the client bundle by Vite. # TURNSTILE_SECRET_KEY is the server-only secret used to call the Siteverify endpoint. # If left blank, the gated deletion endpoint is open (no challenge enforced). Set both to enforce. VITE_TURNSTILE_SITE_KEY= TURNSTILE_SECRET_KEY=