QT/sure
1
0
Fork 0
mirror of https://github.com/we-promise/sure.git synced 2026-04-06 22:11:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
sure/.env.local.example
BitToby ba6e286b41 feat: add SSL_CA_FILE and SSL_VERIFY environment variables to support… (#894) 
* feat: add SSL_CA_FILE and SSL_VERIFY environment variables to support self-signed certificates in self-hosted environments

* fix: NoMethodError by defining SSL helper methods before configure block executes

* refactor: Refactor SessionsController to use shared SslConfigurable module and simplify SSL initializer redundant checks

* refactor: improve SSL configuration robustness and error detection accuracy

* fix:HTTParty SSL options, add file validation guards, prevent Tempfile GC, and redact URLs in error logs

* fix:  Fix SSL concern indentation and stub Simplefin POST correctly in tests

* fix: normalize ssl_verify to always return boolean instead of nil

* fix: solve failing SimpleFin test

* refactor:  trim unused error-handling code from SslConfigurable, replace Tempfile with fixed-path CA bundle, fix namespace pollution in initializers, and add unit tests for core SSL configuration and Langfuse CRL callback.

* fix: added require ileutils in the initializer and require ostruct in the test file.

* fix: solve autoload conflict that broke provider loading, validate all certs in PEM bundles, and add missing requires.
2026-02-06 18:04:03 +01:00

84 lines
3.1 KiB
Plaintext
Raw Permalink Blame History

# To enable / disable self-hosting features.
SELF_HOSTED = true
# Custom port config
# For users who have other applications listening at 3000, this allows them to set a value puma will listen to.
PORT=3000
# SimpleFIN runtime flags (default-off)
# Accepted truthy values: 1, true, yes, on
# SIMPLEFIN_DEBUG_RAW: when truthy, logs the raw payload returned by SimpleFIN (debug-only; can be noisy)
SIMPLEFIN_DEBUG_RAW=false
# SIMPLEFIN_INCLUDE_PENDING: when truthy, forces `pending=1` on SimpleFIN fetches when caller doesn't specify `pending:`
SIMPLEFIN_INCLUDE_PENDING=false
# Lunchflow runtime flags (default-off)
# LUNCHFLOW_DEBUG_RAW: when truthy, logs the raw payload returned by Lunchflow (debug-only; can be noisy)
LUNCHFLOW_DEBUG_RAW=false
# LUNCHFLOW_INCLUDE_PENDING: when truthy, adds `include_pending=true` to Lunchflow transaction fetch requests
LUNCHFLOW_INCLUDE_PENDING=false
# Controls onboarding flow (valid: open, closed, invite_only)
ONBOARDING_STATE = open
# Enable Twelve market data (careful, this will use your API credits)
TWELVE_DATA_API_KEY =
# OpenAI-compatible API endpoint config
OPENAI_ACCESS_TOKEN =
OPENAI_URI_BASE =
OPENAI_MODEL =
# OPENAI_REQUEST_TIMEOUT: Request timeout in seconds (default: 60)
# OPENAI_SUPPORTS_PDF_PROCESSING: Set to false for endpoints without vision support (default: true)
# (example: LM Studio/Docker config) OpenAI-compatible API endpoint config
# OPENAI_URI_BASE = http://host.docker.internal:1234/
# OPENAI_MODEL = qwen/qwen3-vl-4b
# OpenID Connect for development
OIDC_CLIENT_ID=
OIDC_CLIENT_SECRET=
OIDC_ISSUER=
OIDC_REDIRECT_URI=http://localhost:3000/auth/openid_connect/callback
# Langfuse config
LANGFUSE_PUBLIC_KEY =
LANGFUSE_SECRET_KEY =
LANGFUSE_HOST = https://cloud.langfuse.com
# Set to `true` to get error messages rendered in the /chats UI
AI_DEBUG_MODE =
# =============================================================================
# SSL/TLS Configuration for Self-Signed Certificates
# =============================================================================
# Use these settings when connecting to services with self-signed or internal
# CA certificates (e.g., self-hosted Keycloak, Authentik, or AI endpoints).
#
# SSL_CA_FILE: Path to custom CA certificate file (PEM format)
# - The certificate that signed your server's SSL certificate
# - Must be readable by the application
# - Will be validated at startup
# SSL_CA_FILE = /certs/my-ca.crt
#
# SSL_VERIFY: Enable/disable SSL certificate verification
# - Default: true (verification enabled)
# - Set to "false" ONLY for development/testing
# - WARNING: Disabling removes protection against man-in-the-middle attacks
# SSL_VERIFY = true
#
# SSL_DEBUG: Enable verbose SSL logging for troubleshooting
# - Default: false
# - When enabled, logs detailed SSL connection information
# - Useful for diagnosing certificate issues
# SSL_DEBUG = false
#
# Example docker-compose.yml configuration:
# services:
# app:
# environment:
# SSL_CA_FILE: /certs/my-ca.crt
# SSL_DEBUG: "true"
# volumes:
# - ./my-ca.crt:/certs/my-ca.crt:ro
Reference in New Issue View Git Blame Copy Permalink