# TankStopp Production Configuration # This file contains production-specific settings with security and performance optimizations # Server Configuration server: host: "0.0.0.0" port: 8080 read_timeout: 10s write_timeout: 10s idle_timeout: 60s shutdown_timeout: 30s # Database Configuration database: # Production database file path: "/var/lib/tankstopp/fuel_stops.db" # Connection Pool Settings (optimized for production load) connection_pool: max_idle_connections: 25 max_open_connections: 200 connection_max_lifetime: "2h" connection_max_idle_time: "1h" # Logging Settings (minimal for production) logging: # Only log errors and warnings in production level: "error" # Higher threshold for production slow_query_threshold: "500ms" # Disable debug mode debug: false # Migration Settings migration: # Disable auto-migration in production for safety auto_migrate: false # Never drop tables in production drop_tables_first: false # Larger batch size for production efficiency create_batch_size: 5000 # Performance Settings (optimized for production) performance: # Enable prepared statements for performance prepare_statements: true # Don't disable foreign key checks in production disable_foreign_key_check: false # Don't ignore relationships in production ignore_relationships_when_migrating: false # Enable field querying for efficiency query_fields: true # Never enable dry run in production dry_run: false # Larger batch size for production create_in_batches: 500 # Application Settings app: name: "TankStopp" version: "1.0.0" environment: "production" # Disable debug mode in production debug: false # Security Settings (strict for production) security: session: # Longer timeout for production users timeout: "24h" cookie_name: "tankstopp_session" # Require HTTPS in production secure_cookies: true # Keep HTTP only for security http_only: true # Strong password requirements for production password: min_length: 12 require_uppercase: true require_lowercase: true require_numbers: true require_special_chars: true # Logging Configuration (structured for production) logging: # Info level for production monitoring level: "info" # JSON format for log aggregation format: "json" # Output to file for persistence output: "file" # Production log file path file_path: "/var/log/tankstopp/application.log" # Enable log rotation for production rotation: enabled: true max_size: "500MB" max_age: "90d" max_backups: 10 # External Services (production-optimized timeouts) external_services: overpass_api: url: "https://overpass-api.de/api/interpreter" # Conservative timeout for production timeout: "30s" max_retries: 3 # Standard search radius search_radius: 5000 # Production-specific settings production: # Disable hot reload in production hot_reload: false # Disable request logging for performance request_logging: false # Disable profiling endpoints for security profiling: false # Static file serving with long cache static_files: directory: "/var/www/tankstopp/static" cache_duration: "24h" # Enable compression for better performance compression: enabled: true level: 6 # Feature Flags (selectively enabled for production) features: fuel_station_search: true vehicle_management: true statistics_dashboard: true data_export: true api_endpoints: true # Default User Settings defaults: currency: "EUR" fuel_type: "Super E5" distance_unit: "km" volume_unit: "liters" # Production-specific overrides prod_overrides: # Disable CORS in production (handle via reverse proxy) enable_cors: false # Require secure connections require_https: true # Disable detailed error messages for security detailed_errors: false # Disable request/response logging for performance log_requests: false # Disable SQL query logging for performance log_sql_queries: false # Enable rate limiting rate_limiting: enabled: true requests_per_minute: 60 burst_size: 10 # Enable security headers security_headers: enabled: true hsts_max_age: "31536000" content_type_nosniff: true frame_deny: true xss_protection: true # Health check settings health_check: enabled: true endpoint: "/health" timeout: "5s" # Monitoring settings monitoring: enabled: true metrics_endpoint: "/metrics" enable_pprof: false