# Production Environment Configuration Template
# Copy to .env.production and update with real values

# Project Configuration
COMPOSE_PROJECT_NAME=michaelschiemer
DOMAIN_NAME=michaelschiemer.de

# Environment
APP_ENV=production
APP_DEBUG=false
APP_TIMEZONE=Europe/Berlin
APP_LOCALE=de

# SSL/HTTPS Configuration
APP_SSL_ENABLED=true
SSL_CERT_PATH=/etc/letsencrypt/live/michaelschiemer.de
FORCE_HTTPS=true

# Database Configuration (Production)
DB_DRIVER=mysql
DB_HOST=db
DB_PORT=3306
DB_DATABASE=*** REQUIRED ***
DB_USERNAME=*** REQUIRED ***
DB_PASSWORD=*** REQUIRED ***
DB_ROOT_PASSWORD=*** REQUIRED ***
DB_CHARSET=utf8mb4
DB_COLLATION=utf8mb4_unicode_ci

# Redis Configuration
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=*** REQUIRED ***
REDIS_DATABASE=0
REDIS_PREFIX=michaelschiemer_prod_

# Session Configuration (Production Security)
SESSION_DRIVER=redis
SESSION_LIFETIME=120
SESSION_ENCRYPT=true
SESSION_SECURE_COOKIE=true
SESSION_HTTP_ONLY=true
SESSION_SAME_SITE=strict

# Session Fingerprinting (Production Security)
SESSION_FINGERPRINT_STRICT=true
SESSION_FINGERPRINT_USER_AGENT=true
SESSION_FINGERPRINT_ACCEPT_LANGUAGE=true
SESSION_FINGERPRINT_IP_PREFIX=true
SESSION_FINGERPRINT_THRESHOLD=0.8

# Cache Configuration
CACHE_DRIVER=redis
CACHE_TTL=3600
CACHE_PREFIX=michaelschiemer_cache_prod_

# Queue Configuration
QUEUE_DRIVER=redis
QUEUE_CONNECTION=redis
QUEUE_PREFIX=michaelschiemer_queue_prod_
WORKER_QUEUE=production
WORKER_TIMEOUT=300
WORKER_MEMORY_LIMIT=512
WORKER_SLEEP=1
WORKER_TRIES=5
WORKER_BATCH_SIZE=10

# Mail Configuration (Production)
MAIL_DRIVER=*** REQUIRED ***
MAIL_HOST=*** REQUIRED ***
MAIL_PORT=*** REQUIRED ***
MAIL_USERNAME=*** REQUIRED ***
MAIL_PASSWORD=*** REQUIRED ***
MAIL_ENCRYPTION=tls
MAIL_FROM_ADDRESS=kontakt@michaelschiemer.de
MAIL_FROM_NAME="Michael Schiemer"

# Logging Configuration (Production)
LOG_CHANNEL=stack
LOG_LEVEL=warning
LOG_STACK_CHANNELS=single,syslog
LOG_ROTATE_DAYS=30
LOG_MAX_FILES=10

# External APIs (Production)
SHOPIFY_WEBHOOK_SECRET=*** REQUIRED ***
RAPIDMAIL_USERNAME=*** REQUIRED ***
RAPIDMAIL_PASSWORD=*** REQUIRED ***
RAPIDMAIL_TEST_MODE=false

# Analytics Configuration (Production)
ANALYTICS_ENABLED=true
ANALYTICS_TRACK_PAGE_VIEWS=true
ANALYTICS_TRACK_API_CALLS=true
ANALYTICS_TRACK_USER_ACTIONS=true
ANALYTICS_TRACK_ERRORS=true
ANALYTICS_TRACK_PERFORMANCE=true

# Monitoring & Health Checks
PROMETHEUS_ENABLED=true
PROMETHEUS_PORT=9090
GRAFANA_ADMIN_PASSWORD=*** REQUIRED ***

# Security Configuration
APP_KEY=*** REQUIRED - Generate with: openssl rand -base64 32 ***
CSRF_TOKEN_LIFETIME=7200
RATE_LIMIT_PER_MINUTE=60
MAX_LOGIN_ATTEMPTS=5
LOGIN_LOCKOUT_DURATION=900

# Performance Configuration (Production)
PHP_MEMORY_LIMIT=512M
PHP_MAX_EXECUTION_TIME=30
PHP_OPCACHE_ENABLE=1
PHP_OPCACHE_MEMORY_CONSUMPTION=256
PHP_OPCACHE_MAX_ACCELERATED_FILES=20000
PHP_OPCACHE_REVALIDATE_FREQ=0
PHP_OPCACHE_VALIDATE_TIMESTAMPS=0
PHP_REALPATH_CACHE_SIZE=4M
PHP_REALPATH_CACHE_TTL=3600

# Nginx Configuration (Production)
NGINX_WORKER_PROCESSES=4
NGINX_WORKER_CONNECTIONS=2048
NGINX_KEEPALIVE_TIMEOUT=65
NGINX_CLIENT_MAX_BODY_SIZE=50m

# Database Performance (Production)
MYSQL_INNODB_BUFFER_POOL_SIZE=1G
MYSQL_INNODB_LOG_FILE_SIZE=256M
MYSQL_MAX_CONNECTIONS=100
MYSQL_QUERY_CACHE_SIZE=0

# Backup Configuration
BACKUP_ENABLED=true
BACKUP_SCHEDULE=0 2 * * *
BACKUP_RETENTION_DAYS=30
BACKUP_S3_BUCKET=*** REQUIRED IF USING S3 ***
BACKUP_S3_ACCESS_KEY=*** REQUIRED IF USING S3 ***
BACKUP_S3_SECRET_KEY=*** REQUIRED IF USING S3 ***

# SSL/TLS Configuration
SSL_PROTOCOLS=TLSv1.2 TLSv1.3
SSL_CIPHERS=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
SSL_PREFER_SERVER_CIPHERS=off
SSL_SESSION_CACHE_SIZE=10m
SSL_SESSION_TIMEOUT=10m

# Container User IDs (Production)
UID=33
GID=33

# Restart Policy
RESTART_POLICY=always

# Resource Limits (Production)
PHP_MEMORY_LIMIT_DOCKER=2G
PHP_CPU_LIMIT=2.0
NGINX_MEMORY_LIMIT_DOCKER=256M
NGINX_CPU_LIMIT=0.5
DB_MEMORY_LIMIT_DOCKER=2G
DB_CPU_LIMIT=2.0
REDIS_MEMORY_LIMIT_DOCKER=1G
REDIS_CPU_LIMIT=0.5