.env.example

# Cameleer SaaS — Environment Configuration
# Copy to .env and fill in values for production

# Image version
VERSION=latest

# Public access
PUBLIC_HOST=localhost
PUBLIC_PROTOCOL=https
# Auth domain (Logto). Defaults to PUBLIC_HOST for single-domain setups.
# Set to a separate subdomain (e.g. auth.cameleer.io) to split auth from the app.
# AUTH_HOST=localhost

# Ports
HTTP_PORT=80
HTTPS_PORT=443
LOGTO_CONSOLE_PORT=3002

# PostgreSQL
POSTGRES_USER=cameleer
POSTGRES_PASSWORD=change_me_in_production
POSTGRES_DB=cameleer_saas

# ClickHouse
CLICKHOUSE_PASSWORD=change_me_in_production

# Admin user (created by bootstrap)
SAAS_ADMIN_USER=admin
SAAS_ADMIN_PASS=change_me_in_production

# SMTP (for email verification during registration)
# Required for self-service sign-up. Without SMTP, only admin-created users can sign in.
SMTP_HOST=
SMTP_PORT=587
SMTP_USER=
SMTP_PASS=
SMTP_FROM_EMAIL=noreply@cameleer.io

# TLS (leave empty for self-signed)
# NODE_TLS_REJECT=0  # Set to 1 when using real certificates
# CERT_FILE=
# KEY_FILE=
# CA_FILE=

# Vendor account (optional)
VENDOR_SEED_ENABLED=false
# VENDOR_USER=vendor
# VENDOR_PASS=change_me

# Docker socket GID (run: stat -c '%g' /var/run/docker.sock)
# DOCKER_GID=0

# Docker images (override for custom registries)
# TRAEFIK_IMAGE=gitea.siegeln.net/cameleer/cameleer-traefik
# POSTGRES_IMAGE=gitea.siegeln.net/cameleer/cameleer-postgres
# CLICKHOUSE_IMAGE=gitea.siegeln.net/cameleer/cameleer-clickhouse
# LOGTO_IMAGE=gitea.siegeln.net/cameleer/cameleer-logto
# CAMELEER_IMAGE=gitea.siegeln.net/cameleer/cameleer-saas
feat: consolidate docker-compose.yml for baked-in images Remove all bind-mounted config files and init containers. Services reduced from 7 to 5. All configuration via environment variables. 2026-04-13 16:19:29 +02:00			`# Cameleer SaaS — Environment Configuration`
			`# Copy to .env and fill in values for production`
feat: add Docker Compose production stack with Traefik + Logto 7-service stack: Traefik (reverse proxy), PostgreSQL (shared), Logto (identity), cameleer-saas (control plane), cameleer3-server (observability), ClickHouse (traces). ForwardAuth middleware for tenant-aware routing to cameleer3-server. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-04 15:09:49 +02:00
feat: consolidate docker-compose.yml for baked-in images Remove all bind-mounted config files and init containers. Services reduced from 7 to 5. All configuration via environment variables. 2026-04-13 16:19:29 +02:00			`# Image version`
feat: add Docker Compose production stack with Traefik + Logto 7-service stack: Traefik (reverse proxy), PostgreSQL (shared), Logto (identity), cameleer-saas (control plane), cameleer3-server (observability), ClickHouse (traces). ForwardAuth middleware for tenant-aware routing to cameleer3-server. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-04 15:09:49 +02:00			`VERSION=latest`

feat: consolidate docker-compose.yml for baked-in images Remove all bind-mounted config files and init containers. Services reduced from 7 to 5. All configuration via environment variables. 2026-04-13 16:19:29 +02:00			`# Public access`
			`PUBLIC_HOST=localhost`
			`PUBLIC_PROTOCOL=https`
feat: split auth domain — Logto gets dedicated AUTH_HOST Support separate auth domain (e.g. auth.cameleer.io) for Logto while keeping the SaaS app on PUBLIC_HOST (e.g. app.cameleer.io). AUTH_HOST defaults to PUBLIC_HOST for backward-compatible single-domain setups. - Logto routing: Host(AUTH_HOST) replaces PathPrefix('/') catch-all - Root redirect moved from traefik-dynamic.yml to Docker labels with Host(PUBLIC_HOST) scope so it doesn't intercept auth domain - Self-signed cert generates SANs for both domains - Bootstrap Host header uses AUTH_HOST for Logto endpoint validation - Spring issuer-uri and oidcissueruri use new authhost property - Both installers (sh + ps1) prompt for AUTH_HOST in expert mode Local dev: AUTH_HOST=auth.localhost (resolves to 127.0.0.1, no hosts file) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-24 18:11:47 +02:00			`# Auth domain (Logto). Defaults to PUBLIC_HOST for single-domain setups.`
			`# Set to a separate subdomain (e.g. auth.cameleer.io) to split auth from the app.`
			`# AUTH_HOST=localhost`
feat: consolidate docker-compose.yml for baked-in images Remove all bind-mounted config files and init containers. Services reduced from 7 to 5. All configuration via environment variables. 2026-04-13 16:19:29 +02:00
			`# Ports`
			`HTTP_PORT=80`
			`HTTPS_PORT=443`
			`LOGTO_CONSOLE_PORT=3002`

feat: add Docker Compose production stack with Traefik + Logto 7-service stack: Traefik (reverse proxy), PostgreSQL (shared), Logto (identity), cameleer-saas (control plane), cameleer3-server (observability), ClickHouse (traces). ForwardAuth middleware for tenant-aware routing to cameleer3-server. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-04 15:09:49 +02:00			`# PostgreSQL`
			`POSTGRES_USER=cameleer`
			`POSTGRES_PASSWORD=change_me_in_production`
			`POSTGRES_DB=cameleer_saas`

fix: add ClickHouse password authentication ClickHouse default user had no password, causing auth failures on recent CH versions. Set password via from_env in clickhouse-users.xml, pass credentials in JDBC URLs to SaaS services and tenant server containers. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-12 13:59:59 +02:00			`# ClickHouse`
			`CLICKHOUSE_PASSWORD=change_me_in_production`

feat: consolidate docker-compose.yml for baked-in images Remove all bind-mounted config files and init containers. Services reduced from 7 to 5. All configuration via environment variables. 2026-04-13 16:19:29 +02:00			`# Admin user (created by bootstrap)`
			`SAAS_ADMIN_USER=admin`
			`SAAS_ADMIN_PASS=change_me_in_production`
Migrate config to cameleer.saas.* naming convention Move all SaaS configuration properties under the cameleer.saas.* namespace with all-lowercase dot-separated names and mechanical env var mapping. Aligns with the server (cameleer.server.) and agent (cameleer.agent.) conventions. Changes: - Move cameleer.identity.* → cameleer.saas.identity.* - Move cameleer.provisioning.* → cameleer.saas.provisioning.* - Move cameleer.certs.* → cameleer.saas.certs.* - Rename kebab-case properties to concatenated lowercase - Update all env vars to CAMELEER_SAAS_* mechanical mapping - Update DockerTenantProvisioner to pass CAMELEER_SERVER_* env vars to provisioned server containers (matching server's new convention) - Spring JWT config now derives from SaaS properties via cross-reference - Clean up orphaned properties in application-local.yml - Update docker-compose.yml, docker-compose.dev.yml, .env.example - Update CLAUDE.md, HOWTO.md, architecture.md, user-manual.md Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-11 18:11:21 +02:00
feat: self-service sign-up with email verification and onboarding Complete sign-up pipeline: email registration via Logto Experience API, SMTP email verification, and self-service trial tenant creation. Layer 1 — Logto config: - Bootstrap Phase 8b: SMTP email connector with branded HTML templates - Bootstrap Phase 8c: enable SignInAndRegister (email+password sign-up) - Dockerfile installs official Logto connectors (ensures SMTP available) - SMTP env vars in docker-compose, installer templates, .env.example Layer 2 — Experience API (ui/sign-in/experience-api.ts): - Registration flow: initRegistration → sendVerificationCode → verifyCode → addProfile (password) → identifyUser → submit - Sign-in auto-detects email vs username identifier Layer 3 — Custom sign-in UI (ui/sign-in/SignInPage.tsx): - Three-mode state machine: signIn / register / verifyCode - Reads first_screen=register from URL query params - Toggle links between sign-in and register views Layer 4 — Post-registration onboarding: - OnboardingService: reuses VendorTenantService.createAndProvision(), adds calling user to Logto org as owner, enforces one trial per user - OnboardingController: POST /api/onboarding/tenant (authenticated only) - OnboardingPage.tsx: org name + auto-slug form - LandingRedirect: detects zero orgs → redirects to /onboarding - RegisterPage.tsx: /platform/register initiates OIDC with firstScreen Installers (install.sh + install.ps1): - Both prompt for SMTP config in SaaS mode - CLI args, env var capture, cameleer.conf persistence Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-25 00:21:07 +02:00			`# SMTP (for email verification during registration)`
			`# Required for self-service sign-up. Without SMTP, only admin-created users can sign in.`
			`SMTP_HOST=`
			`SMTP_PORT=587`
			`SMTP_USER=`
			`SMTP_PASS=`
			`SMTP_FROM_EMAIL=noreply@cameleer.io`

feat: consolidate docker-compose.yml for baked-in images Remove all bind-mounted config files and init containers. Services reduced from 7 to 5. All configuration via environment variables. 2026-04-13 16:19:29 +02:00			`# TLS (leave empty for self-signed)`
			`# NODE_TLS_REJECT=0 # Set to 1 when using real certificates`
			`# CERT_FILE=`
			`# KEY_FILE=`
			`# CA_FILE=`
feat: add Docker Compose production stack with Traefik + Logto 7-service stack: Traefik (reverse proxy), PostgreSQL (shared), Logto (identity), cameleer-saas (control plane), cameleer3-server (observability), ClickHouse (traces). ForwardAuth middleware for tenant-aware routing to cameleer3-server. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-04 15:09:49 +02:00
feat: consolidate docker-compose.yml for baked-in images Remove all bind-mounted config files and init containers. Services reduced from 7 to 5. All configuration via environment variables. 2026-04-13 16:19:29 +02:00			`# Vendor account (optional)`
			`VENDOR_SEED_ENABLED=false`
			`# VENDOR_USER=vendor`
			`# VENDOR_PASS=change_me`
feat: update Docker Compose, CI, and add runtime-base Dockerfile Add jardata volume, CAMELEER_AUTH_TOKEN/CAMELEER3_SERVER_ENDPOINT/CLICKHOUSE_URL env vars to cameleer-saas, CAMELEER_AUTH_TOKEN to cameleer3-server, runtime-base Dockerfile for agent-instrumented customer apps, and expand CI surefire excludes for new integration test classes. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-04-04 18:04:42 +02:00
fix: detect Docker socket GID for container permissions The Docker socket group varies by host (e.g., GID 1001 on WSL2). Hardcoding group_add: ["0"] doesn't work when the socket is owned by a different group. The installer now detects the socket GID at install time via stat. The main docker-compose.yml uses a configurable DOCKER_GID env var (defaults to 0). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-13 18:39:20 +02:00			`# Docker socket GID (run: stat -c '%g' /var/run/docker.sock)`
			`# DOCKER_GID=0`

feat: consolidate docker-compose.yml for baked-in images Remove all bind-mounted config files and init containers. Services reduced from 7 to 5. All configuration via environment variables. 2026-04-13 16:19:29 +02:00			`# Docker images (override for custom registries)`
			`# TRAEFIK_IMAGE=gitea.siegeln.net/cameleer/cameleer-traefik`
			`# POSTGRES_IMAGE=gitea.siegeln.net/cameleer/cameleer-postgres`
			`# CLICKHOUSE_IMAGE=gitea.siegeln.net/cameleer/cameleer-clickhouse`
			`# LOGTO_IMAGE=gitea.siegeln.net/cameleer/cameleer-logto`
			`# CAMELEER_IMAGE=gitea.siegeln.net/cameleer/cameleer-saas`