Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
132 changes: 132 additions & 0 deletions .env.example
Original file line number Diff line number Diff line change
@@ -0,0 +1,132 @@
# =============================================================================
# OpenTracker Environment Configuration
# =============================================================================
# This file works for both development and production.
# Copy to .env and adjust values as needed.
#
# DEVELOPMENT: Use defaults as-is with `docker compose up -d`
# PRODUCTION: Use docker-compose.prod.yml and generate all secrets below

# -----------------------------------------------------------------------------
# Environment Mode
# -----------------------------------------------------------------------------
NODE_ENV=development

# -----------------------------------------------------------------------------
# Domain Configuration (Production only)
# -----------------------------------------------------------------------------
# DOMAIN=your-tracker.com
# TRACKER_DOMAIN=tracker.your-tracker.com
# MONITORING_DOMAIN=monitoring.your-tracker.com
# ACME_EMAIL=admin@your-tracker.com

# -----------------------------------------------------------------------------
# Database (PostgreSQL)
# -----------------------------------------------------------------------------
# Development (SSL disabled)
DATABASE_URL=postgres://tracker:tracker@localhost:5432/opentracker

# Production (SSL enforced - sslmode=require automatically added in nuxt.config.ts)
# DATABASE_URL=postgres://tracker:STRONG_PASSWORD@pgbouncer:6432/opentracker

# Production database settings
DB_USER=tracker
# ⚠️ PRODUCTION: Generate with: openssl rand -base64 32
DB_PASSWORD=tracker
DB_NAME=opentracker
DB_PORT=5432

# Database connection pool
DB_POOL_MAX=20

# SSL/TLS for database connections
# Development: SSL disabled for local testing
# Production: SSL automatically enforced (see documentation/ssl-setup.md)
# Generate certificates with: ./scripts/generate-ssl-certs.sh

# Debug mode (never enable in production)
DB_DEBUG=false

# -----------------------------------------------------------------------------
# Redis
# -----------------------------------------------------------------------------
REDIS_URL=redis://localhost:6379

# Redis authentication (REQUIRED for production)
REDIS_PASSWORD=

# Redis key prefix (namespace isolation)
REDIS_KEY_PREFIX=ot:

# Redis port (for docker-compose)
REDIS_PORT=6379

# SSL/TLS for Redis connections
REDIS_TLS=false
REDIS_TLS_REJECT_UNAUTHORIZED=true
# REDIS_TLS_CA=/path/to/ca-certificate.crt

# -----------------------------------------------------------------------------
# Tracker Ports
# -----------------------------------------------------------------------------
TRACKER_PORT=8000
TRACKER_HTTP_PORT=8080
TRACKER_UDP_PORT=8081
TRACKER_WS_PORT=8082

# Debug mode for verbose tracker logging (logs raw announce params)
TRACKER_DEBUG=false

# Tracker announce URLs (displayed in admin dashboard for .torrent files)
# ⚠️ PRODUCTION: Configure these with your actual domain
TRACKER_HTTP_URL=https://tracker.your-domain.com/announce
TRACKER_UDP_URL=udp://tracker.your-domain.com:8081/announce
TRACKER_WS_URL=wss://tracker.your-domain.com/ws

# -----------------------------------------------------------------------------
# Security
# -----------------------------------------------------------------------------

# Session encryption (REQUIRED for production - generate with: openssl rand -hex 32)
NUXT_SESSION_SECRET=

# Admin API key (REQUIRED for production - generate with: openssl rand -hex 32)
ADMIN_API_KEY=

# IP hashing secret (REQUIRED for production - generate with: openssl rand -hex 32)
IP_HASH_SECRET=opentracker-default-secret-change-me

# -----------------------------------------------------------------------------
# Monitoring (Production only - Grafana)
# -----------------------------------------------------------------------------
# GRAFANA_ADMIN_USER=admin
# GRAFANA_ADMIN_PASSWORD=CHANGE_THIS_SECURE_PASSWORD

# Monitoring Basic Auth (generate hash with: caddy hash-password)
# MONITORING_USER=admin
# MONITORING_PASSWORD_HASH=

# -----------------------------------------------------------------------------
# Quick Start
# -----------------------------------------------------------------------------
#
# DEVELOPMENT:
# cp .env.example .env
# docker compose up -d
# npm run dev
#
# PRODUCTION:
# cp .env.example .env
# # Generate all secrets:
# echo "NODE_ENV=production" >> .env
# echo "NUXT_SESSION_SECRET=$(openssl rand -hex 32)" >> .env
# echo "ADMIN_API_KEY=$(openssl rand -hex 32)" >> .env
# echo "IP_HASH_SECRET=$(openssl rand -hex 32)" >> .env
# echo "DB_PASSWORD=$(openssl rand -base64 24)" >> .env
# echo "REDIS_PASSWORD=$(openssl rand -base64 24)" >> .env
# echo "GRAFANA_ADMIN_PASSWORD=$(openssl rand -base64 16)" >> .env
# # Configure domains
# echo "DOMAIN=your-tracker.com" >> .env
# # Start
# docker compose -f docker-compose.prod.yml up -d

70 changes: 43 additions & 27 deletions doc/guide/configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,43 +6,59 @@ OpenTracker is configured primarily through environment variables. This page cov

### Core Settings

| Variable | Description | Default |
|----------|-------------|---------|
| `NUXT_PUBLIC_SITE_NAME` | Your tracker's display name | `OpenTracker` |
| `NUXT_PUBLIC_SITE_URL` | Public URL of your tracker | — |
| `NUXT_SESSION_PASSWORD` | Session encryption key (32+ chars) | — |
| Variable | Description | Default |
| ----------------------- | ---------------------------------- | ------------- |
| `NUXT_PUBLIC_SITE_NAME` | Your tracker's display name | `OpenTracker` |
| `NUXT_PUBLIC_SITE_URL` | Public URL of your tracker | — |
| `NUXT_SESSION_PASSWORD` | Session encryption key (32+ chars) | — |

### Database

| Variable | Description | Default |
|----------|-------------|---------|
| `DATABASE_URL` | PostgreSQL connection string | — |
| `POSTGRES_USER` | Database username | `opentracker` |
| `POSTGRES_PASSWORD` | Database password | — |
| `POSTGRES_DB` | Database name | `opentracker` |
| Variable | Description | Default |
| ------------------- | ---------------------------- | ------------- |
| `DATABASE_URL` | PostgreSQL connection string | — |
| `POSTGRES_USER` | Database username | `opentracker` |
| `POSTGRES_PASSWORD` | Database password | — |
| `POSTGRES_DB` | Database name | `opentracker` |

### Redis

| Variable | Description | Default |
|----------|-------------|---------|
| `REDIS_URL` | Redis connection string | `redis://localhost:6379` |
| `REDIS_PASSWORD` | Redis password | — |
| Variable | Description | Default |
| ---------------- | ----------------------- | ------------------------ |
| `REDIS_URL` | Redis connection string | `redis://localhost:6379` |
| `REDIS_PASSWORD` | Redis password | — |

### Tracker

| Variable | Description | Default |
|----------|-------------|---------|
| `TRACKER_SECRET` | Secret for generating passkeys | — |
| `IP_HASH_SECRET` | Secret for hashing peer IPs | — |
| `NUXT_PUBLIC_ANNOUNCE_URL` | Public announce URL | — |
| Variable | Description | Default |
| ------------------ | ------------------------------------------- | -------------------------------- |
| `TRACKER_SECRET` | Secret for generating passkeys | — |
| `IP_HASH_SECRET` | Secret for hashing peer IPs | — |
| `TRACKER_HTTP_URL` | HTTP announce URL (shown in .torrent files) | `http://localhost:8080/announce` |
| `TRACKER_UDP_URL` | UDP announce URL | `udp://localhost:8081/announce` |
| `TRACKER_WS_URL` | WebSocket URL | `ws://localhost:8082` |
| `TRACKER_DEBUG` | Enable verbose tracker logging | `false` |

::: tip Configuring Tracker URLs
These URLs are embedded in `.torrent` files and displayed in the admin dashboard. Configure them with your actual domain:

```bash
# In your .env file
TRACKER_HTTP_URL=https://tracker.your-domain.com/announce
TRACKER_UDP_URL=udp://tracker.your-domain.com:8081/announce
TRACKER_WS_URL=wss://tracker.your-domain.com/ws
```

Replace `your-domain.com` with your actual tracker domain.
:::

### Security

| Variable | Description | Default |
|----------|-------------|---------|
| `POW_DIFFICULTY` | Proof of Work difficulty (1-10) | `5` |
| `RATE_LIMIT_WINDOW` | Rate limit window in seconds | `60` |
| `RATE_LIMIT_MAX` | Max requests per window | `100` |
| Variable | Description | Default |
| ------------------- | ------------------------------- | ------- |
| `POW_DIFFICULTY` | Proof of Work difficulty (1-10) | `5` |
| `RATE_LIMIT_WINDOW` | Rate limit window in seconds | `60` |
| `RATE_LIMIT_MAX` | Max requests per window | `100` |

## Docker Compose Configuration

Expand All @@ -66,7 +82,7 @@ services:
app:
build: .
ports:
- "3000:3000"
- '3000:3000'
environment:
- DATABASE_URL=postgresql://opentracker:opentracker@db:5432/opentracker
- REDIS_URL=redis://redis:6379
Expand Down Expand Up @@ -121,7 +137,7 @@ Always use the `install.sh` script for production deployments. It handles:
- Configuring TLS for all connections
- Setting up firewall rules
- Network isolation for databases
:::
:::

For manual deployments, ensure:

Expand Down
38 changes: 26 additions & 12 deletions doc/guide/getting-started.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,11 @@ You must configure your DNS records to point to your VPS IP address before runni

Create the following **A records** pointing to your server's IP:

| Subdomain | Record Type | Value |
|-----------|-------------|-------|
| `tracker.your-domain.com` | A | Your VPS IP |
| `announce.your-domain.com` | A | Your VPS IP |
| `monitoring.your-domain.com` | A | Your VPS IP |
| Subdomain | Record Type | Value |
| ---------------------------- | ----------- | ----------- |
| `tracker.your-domain.com` | A | Your VPS IP |
| `announce.your-domain.com` | A | Your VPS IP |
| `monitoring.your-domain.com` | A | Your VPS IP |

::: tip
DNS propagation usually completes within a few minutes, but can take up to 24-48 hours. The installer will fail to obtain SSL certificates if DNS is not properly configured.
Expand Down Expand Up @@ -53,23 +53,37 @@ The installer will automatically:

After installation, Grafana is accessible at `https://monitoring.your-domain.com/grafana` with default credentials `admin` / `admin`.

### Option 2: Development with Docker
### Option 2: Docker Setup (Interactive)

For local development and testing:
For local development or manual production deployment:

```bash
# Clone repository
git clone https://github.com/florianjs/opentracker.git && cd opentracker
cp .env.example .env

# Start all services (app + postgres + redis)
# Run interactive setup
./scripts/setup.sh
```

The setup script will:

- Ask if you want **development** or **production** mode
- For production: prompt for domain names and email
- Generate all cryptographic secrets automatically
- Configure tracker announce URLs
- Create a ready-to-use `.env` file

Then start the services:

```bash
# Development
docker compose up -d

# View logs
docker compose logs -f app
# Production (with SSL, Caddy, monitoring)
docker compose -f docker-compose.prod.yml up -d --build
```

Open [http://localhost:3000](http://localhost:3000) to access your tracker.
Open [http://localhost:3000](http://localhost:3000) (dev) or `https://your-domain.com` (prod) to access your tracker.

## First Steps After Installation

Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "opentracker",
"version": "0.3.1",
"version": "0.3.2",
"type": "module",
"private": true,
"scripts": {
Expand Down
Loading