# ============================================================================
# EasyStream - Production Environment Configuration
# ============================================================================
# SECURITY WARNING: This file contains sensitive credentials
# - Never commit this file to version control
# - Use Docker secrets or environment variable injection in production
# - Generate all secrets using: openssl rand -hex 32
# ============================================================================

# Database Configuration
# IMPORTANT: Change these from defaults!
DB_HOST=db
DB_NAME=easystream
DB_USER=easystream
DB_PASS=CHANGE_THIS_DB_PASSWORD_IN_PRODUCTION

# Redis Configuration
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_DB=0
REDIS_PASSWORD=

# Application Configuration
MAIN_URL=https://your-domain.com
DEBUG=false
APP_ENV=production

# Security Keys
# Generate with: openssl rand -hex 32
# Or: docker run --rm alpine sh -c "head -c 32 /dev/urandom | base64"
API_KEY=GENERATE_SECURE_API_KEY_HERE
JWT_SECRET=GENERATE_SECURE_JWT_SECRET_HERE
ENCRYPTION_KEY=GENERATE_SECURE_ENCRYPTION_KEY_HERE

# Session Security
SESSION_SECURE=true
SESSION_HTTPONLY=true
SESSION_SAMESITE=Strict
SESSION_LIFETIME=3600

# CORS Settings
CORS_ORIGIN=https://your-domain.com
CORS_CREDENTIALS=true

# Email Configuration (for production notifications)
MAIL_DRIVER=smtp
MAIL_HOST=smtp.your-provider.com
MAIL_PORT=587
MAIL_USERNAME=noreply@your-domain.com
MAIL_PASSWORD=your-email-password
MAIL_ENCRYPTION=tls
MAIL_FROM_ADDRESS=noreply@your-domain.com
MAIL_FROM_NAME="EasyStream"

# Storage Configuration
STORAGE_DRIVER=s3
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_DEFAULT_REGION=us-east-1
AWS_BUCKET=easystream-media

# CDN Configuration
CDN_ENABLED=true
CDN_URL=https://cdn.your-domain.com

# Streaming Configuration
RTMP_URL=rtmp://your-domain.com:1935/live
HLS_URL=https://your-domain.com/hls

# Analytics
ANALYTICS_ENABLED=true
GOOGLE_ANALYTICS_ID=

# Rate Limiting
RATE_LIMIT_ENABLED=true
RATE_LIMIT_MAX_REQUESTS=100
RATE_LIMIT_WINDOW=60

# Queue Configuration
QUEUE_DRIVER=redis
WORKER_QUEUES=default,video,email,notifications
WORKER_SLEEP=3
WORKER_TIMEOUT=300

# Cron Configuration
CRON_BASE_URL=https://your-domain.com
CRON_SSK=GENERATE_SECURE_CRON_SECRET_HERE
VOD_REC_PATH=/mnt/rec

# Monitoring & Logging
LOG_LEVEL=warning
LOG_DRIVER=file
SENTRY_DSN=

# Feature Flags
FEATURE_REGISTRATION=true
FEATURE_SOCIAL_LOGIN=true
FEATURE_MONETIZATION=true
FEATURE_LIVE_STREAMING=true
FEATURE_TEMPLATE_BUILDER=true

# ============================================================================
# PRODUCTION DEPLOYMENT CHECKLIST:
# ============================================================================
# [ ] Changed all default passwords
# [ ] Generated secure random keys (API_KEY, JWT_SECRET, ENCRYPTION_KEY)
# [ ] Configured production database credentials
# [ ] Set up SSL/TLS certificates
# [ ] Configured email server
# [ ] Set up CDN and storage (S3/CloudFront)
# [ ] Enabled monitoring and logging
# [ ] Configured backups
# [ ] Set proper file permissions (chmod 600 .env.production)
# [ ] Tested all services
# ============================================================================