# Database POSTGRES_PASSWORD=your_secure_password_here # JWT JWT_SECRET=your_jwt_secret_key_min_32_chars JWT_EXPIRES_IN=1h JWT_REFRESH_EXPIRES_IN=7d # Frontend URL (for OAuth redirects) FRONTEND_URL=http://localhost:5173 # LLM Configuration LLM_PROVIDER=openrouter LLM_API_KEY=sk-or-v1-... LLM_MODEL=openai/gpt-4o # Embedding Configuration (Local HuggingFace by default) EMBEDDING_PROVIDER=local EMBEDDING_MODEL=Xenova/all-MiniLM-L6-v2 EMBEDDING_DIMENSION=384 EMBEDDING_DEVICE=cpu # Use quantized model for lower memory usage (~4x smaller, slightly less accurate) # Set to 'true' for low-memory systems (512MB-1GB RAM) EMBEDDING_QUANTIZED=false # Node.js Memory Configuration (increase if embedding causes OOM) # For 512MB RAM VPS: NODE_OPTIONS=--max-old-space-size=384 # For 1GB RAM VPS: NODE_OPTIONS=--max-old-space-size=768 # For 2GB RAM VPS: NODE_OPTIONS=--max-old-space-size=1536 # Default (no env var): Node uses ~4GB or system limit #NODE_OPTIONS=--max-old-space-size=768 # Request Logging Configuration # Enable/disable request logging (default: true) #REQUEST_LOGGER=true # Log level: verbose (detailed), standard (default), minimal (status only) #REQUEST_LOGGER_LEVEL=standard # HuggingFace API (optional - if not using local embeddings) # HUGGINGFACE_API_KEY=hf_... # Keycloak (External) Configuration # Enable Keycloak authentication KEYCLOAK_ENABLED=false KEYCLOAK_URL=http://your-keycloak-server:8080 KEYCLOAK_REALM=dreamchat KEYCLOAK_CLIENT_ID=dreamchat-backend KEYCLOAK_CLIENT_SECRET=your_keycloak_secret # Keycloak OAuth redirect URI (must match Keycloak client configuration) KEYCLOAK_REDIRECT_URI=http://localhost:3000/api/auth/keycloak/callback # Keycloak Authorization Settings # Require specific group/role/attribute for access # Set at least one of these to enforce authorization checks # Required Keycloak group (e.g., "dreamchat-users") KEYCLOAK_REQUIRED_GROUP= # Required Keycloak realm role (e.g., "dreamchat-access") KEYCLOAK_REQUIRED_ROLE= # Required Keycloak client role (e.g., "user") KEYCLOAK_REQUIRED_CLIENT_ROLE= # Required Keycloak user attribute (format: "attribute_name:attribute_value") # Examples: # KEYCLOAK_REQUIRED_ATTRIBUTE=department:engineering # KEYCLOAK_REQUIRED_ATTRIBUTE=approved:true KEYCLOAK_REQUIRED_ATTRIBUTE= # Auto-create users on first Keycloak login # If true, users will be automatically created in the database # If false, only existing users can log in via Keycloak KEYCLOAK_AUTO_CREATE_USER=true # Default role for auto-created Keycloak users KEYCLOAK_DEFAULT_USER_ROLE=USER