# IMPORTANT: must match the FunZone backend SECRET_KEY so admin JWTs validate here. SECRET_KEY=your-super-secret-key-change-in-production DEBUG=True ALLOWED_HOSTS=localhost,127.0.0.1,0.0.0.0,testserver # Database: leave unset to use the bundled SQLite file (zero setup). # To use PostgreSQL instead, set e.g.: # DATABASE_URL=postgresql://postgres:postgres@localhost:5432/funzone_accounting # CORS (the accounting frontend dev server runs on port 5176) # Production: set CORS_ALLOW_ALL_ORIGINS=False and include https://admin.zoneco.org CORS_ALLOW_ALL_ORIGINS=True CORS_ALLOWED_ORIGINS=http://localhost:5176,http://127.0.0.1:5176,http://localhost:3006,http://127.0.0.1:3006,https://admin.zoneco.org # Production (behind nginx / CDN) # ALLOWED_HOSTS=acc.zoneco.org,localhost,127.0.0.1,accounting-backend # USE_X_FORWARDED_HOST=True # SECURE_PROXY_SSL_HEADER=True # Docker: persist SQLite in a named volume # SQLITE_PATH=/data/db.sqlite3