-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path.env.example
More file actions
78 lines (59 loc) · 2.77 KB
/
.env.example
File metadata and controls
78 lines (59 loc) · 2.77 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# Base URL for the BunkerWeb API (default: http://localhost:8888)
BUNKERWEB_BASE_URL=http://localhost:8888
# Optional static API token (Authorization: Bearer ...)
# SECURITY: This value is masked in logs (Pydantic SecretStr)
# IMPORTANT: Never commit real tokens to version control
BUNKERWEB_API_TOKEN=
# Optional HTTP Basic credentials (Authorization: Basic ...)
# NOTE: Username is not sensitive, but password is masked in logs
BUNKERWEB_BASIC_USERNAME=
# SECURITY: This value is masked in logs (Pydantic SecretStr)
BUNKERWEB_BASIC_PASSWORD=
# HTTP client tuning
BUNKERWEB_REQUEST_TIMEOUT_SECONDS=30
BUNKERWEB_MAX_RETRIES=3
BUNKERWEB_RETRY_BACKOFF_INITIAL=0.5
BUNKERWEB_RETRY_BACKOFF_MAX=5.0
# Shared secret required for WebSocket and HTTP RPC access (leave empty to disable)
# SECURITY: This value is masked in logs (Pydantic SecretStr)
BUNKERWEB_WEBSOCKET_TOKEN=
# Logging level
BUNKERWEB_LOG_LEVEL=INFO
# MCP Transport Security (DNS Rebinding Protection)
# Enable DNS rebinding protection to prevent malicious domains from accessing your MCP server
MCP_ENABLE_DNS_REBINDING_PROTECTION=true
# Comma-separated list of allowed Host header values
# IMPORTANT: Include both hostname and hostname:port variants that will access this server
# Examples for different environments:
# - Development: localhost,localhost:8080,127.0.0.1,127.0.0.1:8080
# - Production: yourdomain.com,yourdomain.com:443,internal-hostname,internal-hostname:8085
# - Docker: container-name,container-name:8080
MCP_ALLOWED_HOSTS=localhost,127.0.0.1
# Comma-separated list of allowed Origin header values for CORS (optional)
# Only needed if browser-based clients will access the MCP server
MCP_ALLOWED_ORIGINS=
# ==========================================
# Performance Configuration
# ==========================================
# Enable rate limiting on endpoints (default: false)
RATE_LIMIT_ENABLED=false
# Rate limit for /tools endpoint (only applies if RATE_LIMIT_ENABLED=true)
RATE_LIMIT_TOOLS=30/minute
# Rate limit for /rpc endpoint (only applies if RATE_LIMIT_ENABLED=true)
RATE_LIMIT_RPC=100/minute
# Rate limit for /ws WebSocket endpoint (only applies if RATE_LIMIT_ENABLED=true)
RATE_LIMIT_WS=500/minute
# Enable caching layer for read-only operations (default: true)
CACHE_ENABLED=true
# Number of Uvicorn workers (set via WORKERS env var in Docker, default: 1)
# Increase for high-traffic deployments (recommended: CPU count × 2)
# WORKERS=1
# ==========================================
# Semantic Search Configuration
# ==========================================
# Search mode: 'remote' to use search API, 'disabled' to disable search
SEARCH_MODE=disabled
# URL of the remote search service API (when SEARCH_MODE=remote)
SEARCH_API_URL=https://search.bunkerweb.io:8000
# Search API request timeout in seconds
SEARCH_TIMEOUT=10.0