-
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path.env.example
More file actions
280 lines (233 loc) · 9.67 KB
/
.env.example
File metadata and controls
280 lines (233 loc) · 9.67 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
#--------------------------------------------------------------------------
# Application Settings
#--------------------------------------------------------------------------
APP_NAME="Unblock Firewall Manager"
APP_ENV=production
APP_KEY=
APP_DEBUG=false
APP_TIMEZONE=UTC
APP_URL=http://localhost
APP_LOCALE=en
APP_FALLBACK_LOCALE=en
APP_FAKER_LOCALE=en_US
APP_MAINTENANCE_DRIVER=file
APP_MAINTENANCE_STORE=database
#--------------------------------------------------------------------------
# Company Information (Configure for legal compliance and branding)
#--------------------------------------------------------------------------
COMPANY_NAME="Your Company Name"
SUPPORT_EMAIL=support@example.com
SUPPORT_URL=https://support.example.com
SUPPORT_TICKET_URL=https://support.example.com/tickets
SUPPORT_HOURS="Monday to Friday, 9:00 - 18:00"
# Legal URLs (Required for GDPR and data protection compliance)
LEGAL_PRIVACY_URL=https://example.com/privacy
LEGAL_TERMS_URL=https://example.com/terms
LEGAL_DATA_PROTECTION_URL=https://example.com/data-protection
# Documentation Wiki URLs (Optional - leave empty if not available)
WIKI_BASE_URL=https://wiki.example.com
WIKI_CSF_URL=
WIKI_BFM_URL=
WIKI_EXIM_URL=
WIKI_DOVECOT_URL=
WIKI_MODSECURITY_URL=
WIKI_UNBLOCK_GUIDE_URL=
#--------------------------------------------------------------------------
# Database
#--------------------------------------------------------------------------
DB_CONNECTION=sqlite
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=database/database.sqlite
DB_USERNAME=root
DB_PASSWORD=
#--------------------------------------------------------------------------
# Session & Cache
#--------------------------------------------------------------------------
SESSION_DRIVER=database
SESSION_LIFETIME=240
SESSION_ENCRYPT=false
SESSION_PATH=/
SESSION_DOMAIN=null
BROADCAST_CONNECTION=log
FILESYSTEM_DISK=local
QUEUE_CONNECTION=database
CACHE_STORE=database
CACHE_PREFIX=
#--------------------------------------------------------------------------
# Mail Configuration
#--------------------------------------------------------------------------
MAIL_MAILER=log
MAIL_HOST=127.0.0.1
MAIL_PORT=2525
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
MAIL_FROM_ADDRESS="hello@example.com"
MAIL_FROM_NAME="${APP_NAME}"
#--------------------------------------------------------------------------
# Logging
#--------------------------------------------------------------------------
LOG_CHANNEL=stack
LOG_STACK=single
LOG_DEPRECATIONS_CHANNEL=null
LOG_LEVEL=debug
#--------------------------------------------------------------------------
# Unblock Application Settings
#--------------------------------------------------------------------------
# Admin email for notifications and seeding
ADMIN_EMAIL=admin@example.com
# Send admin report emails
SEND_ADMIN_REPORT_EMAIL=true
# Maximum attempts before blocking
ATTEMPTS=10
# Report expiration time in seconds (default: 604800 = 7 days)
REPORT_EXPIRATION=604800
# Enable/disable cron jobs
CRON_ACTIVE=false
# Notification settings
NOTIFY_CONNECTION_FAILURES=true
NOTIFY_CRITICAL_ERRORS=true
# Critical hosts (comma-separated IDs or FQDNs) for immediate notifications
CRITICAL_HOSTS=
# Error retry settings
MAX_RETRY_ATTEMPTS=3
RETRY_DELAY=5
#--------------------------------------------------------------------------
# MaxMind GeoIP Configuration
#--------------------------------------------------------------------------
# Get your free MaxMind license key:
# 1. Sign up at https://www.maxmind.com/en/geolite2/signup
# 2. Generate license key in account settings
# 3. Copy Account ID and License Key below
# 4. Run: php artisan geoip:update (downloads database automatically)
# 5. Run: php artisan geoip:status (check configuration and database)
# MaxMind account ID (required for automatic database downloads)
MAXMIND_ACCOUNT_ID=
# MaxMind license key (required for automatic database downloads)
MAXMIND_LICENSE_KEY=
# Path to GeoLite2-City database (auto-managed by geoip:update command)
GEOIP_DATABASE_PATH=storage/app/geoip/GeoLite2-City.mmdb
# Enable GeoIP enrichment (set to false to disable geographic tracking)
GEOIP_ENABLED=true
# Database auto-updates weekly (Sundays at 2am) when credentials configured
# Manual update: php artisan geoip:update
# Force update: php artisan geoip:update --force
# Check status: php artisan geoip:status
#--------------------------------------------------------------------------
# WHMCS Integration (Optional)
#--------------------------------------------------------------------------
#WHMCS_SYNC_ENABLED=
#WHMCS_SYNC_SCHEDULE="02:03"
#WHMCS_API_URL=
#WHMCS_API_IDENTIFIER=
#WHMCS_API_SECRET=
#--------------------------------------------------------------------------
# HQ Host Configuration (Headquarters Monitoring)
#--------------------------------------------------------------------------
# Automatic monitoring and whitelisting for your main hosting platform (HQ).
#
# WHAT IT DOES:
# When a user requests an IP unblock, the system AUTOMATICALLY checks your HQ
# host in parallel for ModSecurity blocks. If detected, it temporarily whitelists
# the IP and notifies you via email.
#
# WHY YOU NEED IT:
# Many hosting providers have a central platform (cPanel, DirectAdmin, WHMCS,
# billing portal, etc.) where clients submit tickets. ModSecurity often blocks
# legitimate users trying to report issues, creating a frustrating loop:
# "I'm blocked" → tries to create ticket → gets blocked again → can't report it
#
# HOW TO CONFIGURE:
# 1. Identify your main/HQ server ID from the 'hosts' table
# 2. Set HQ_HOST_ID to that ID (preferred method)
# 3. Alternatively, use HQ_HOST_FQDN with the server's FQDN
# 4. Adjust HQ_WHITELIST_TTL (default: 7200 seconds = 2 hours)
#
# EXAMPLE SCENARIO:
# User: "I'm blocked, can't access my cPanel"
# System: Checks HQ automatically → Finds ModSecurity block → Whitelists IP
# Admin: Receives email: "IP 1.2.3.4 was blocked on HQ, temporarily whitelisted"
# User: Can now access cPanel and create proper support ticket
#
# NOTE: Only checks ModSecurity logs on the HQ host (not CSF/BFM)
# Preferred: Set the Host ID from your 'hosts' table
HQ_HOST_ID=7
# Alternative: Use FQDN if you don't know the ID (less efficient)
HQ_HOST_FQDN=
# Temporary whitelist duration in seconds (default: 7200 = 2 hours)
# Common values: 3600 (1h), 7200 (2h), 14400 (4h), 86400 (24h)
HQ_WHITELIST_TTL=7200
#--------------------------------------------------------------------------
# Special Configuration
#--------------------------------------------------------------------------
# Special access key (if needed)
SPECIAL=
#--------------------------------------------------------------------------
# Development Tools (Optional - only for development environments)
#--------------------------------------------------------------------------
RAY_ENABLED=false
SEND_CACHE_TO_RAY=false
SEND_DUMPS_TO_RAY=false
SEND_JOBS_TO_RAY=false
SEND_LOG_CALLS_TO_RAY=false
SEND_QUERIES_TO_RAY=false
SEND_DUPLICATE_QUERIES_TO_RAY=false
SEND_SLOW_QUERIES_TO_RAY=false
SEND_REQUESTS_TO_RAY=false
SEND_HTTP_CLIENT_REQUESTS_TO_RAY=false
SEND_VIEWS_TO_RAY=false
SEND_EXCEPTIONS_TO_RAY=false
SEND_DEPRECATED_NOTICES_TO_RAY=false
RAY_HOST=localhost
RAY_PORT=23517
#--------------------------------------------------------------------------
# Simple Unblock Mode (No Authentication Required)
#--------------------------------------------------------------------------
# Enable simplified unblock mode for tightly-coupled hosting environments
UNBLOCK_SIMPLE_MODE=false
# Throttling for anonymous access (requests per minute)
UNBLOCK_SIMPLE_THROTTLE_PER_MINUTE=3
# Block duration after exceeding rate limit (minutes)
UNBLOCK_SIMPLE_BLOCK_DURATION=15
# Require exact domain+IP match for unblocking
UNBLOCK_SIMPLE_STRICT_MATCH=true
# Enable silent logging for non-matches
UNBLOCK_SIMPLE_SILENT_LOG=true
#--------------------------------------------------------------------------
# Vite (Frontend Asset Building)
#--------------------------------------------------------------------------
VITE_APP_NAME="${APP_NAME}"
#--------------------------------------------------------------------------
# Filament Admin Panel Access Control
#--------------------------------------------------------------------------
# Control which admin users can access the Filament panel.
# Users must have is_admin = true AND match the whitelist (if configured).
# If both are empty, all admins can access the panel.
# Comma-separated list of allowed admin emails
FILAMENT_ADMIN_WHITELIST_EMAILS=
# Comma-separated list of allowed admin email domains
FILAMENT_ADMIN_WHITELIST_DOMAINS=
# Examples:
# FILAMENT_ADMIN_WHITELIST_EMAILS="admin@company.com,support@company.com"
# FILAMENT_ADMIN_WHITELIST_DOMAINS="company.com,holding.com"
#--------------------------------------------------------------------------
# Admin OTP Two-Factor Authentication
#--------------------------------------------------------------------------
# Enable/disable OTP verification for admin panel access
ADMIN_OTP_ENABLED=true
# OTP code validity in seconds (default: 600 = 10 minutes)
ADMIN_OTP_TTL=600
# Minimum time between OTP resend requests in seconds (default: 60 = 1 minute)
ADMIN_OTP_RESEND_THROTTLE=60
# Maximum OTP verification attempts before lockout (default: 5)
ADMIN_OTP_MAX_ATTEMPTS=5
# Note: Session lifetime is controlled by SESSION_LIFETIME above (in minutes)
# After session expires, admin must re-authenticate with password + OTP
#--------------------------------------------------------------------------
# Laravel Boost Configuration (Development Tools)
#--------------------------------------------------------------------------
# Master switch - automatically disabled in production
BOOST_ENABLED=true
# Browser console logs watcher - disabled by default (causes performance issues)
BOOST_BROWSER_LOGS_WATCHER=false