-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
80 lines (67 loc) · 3.36 KB
/
.env.example
File metadata and controls
80 lines (67 loc) · 3.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# JSON:API Frontend - Next.js Starter Environment Variables
# Copy this file to .env.local and configure for your environment.
# =============================================================================
# REQUIRED
# =============================================================================
# The base URL of your Drupal site (used for API calls)
DRUPAL_BASE_URL=https://your-drupal-site.com
# =============================================================================
# DEPLOYMENT MODE
# =============================================================================
# Deployment mode determines how traffic flows between Next.js and Drupal.
#
# 'split_routing' (default)
# - Drupal stays on main domain
# - External router (Cloudflare, nginx) directs specific paths to Next.js
# - No DNS change required
# - Proxy is disabled
#
# 'nextjs_first'
# - Next.js on main domain, handles all traffic
# - Non-headless content is proxied to Drupal origin
# - Best performance, requires DNS change
# - Proxy is enabled
#
DEPLOYMENT_MODE=split_routing
# =============================================================================
# NEXT.JS FIRST MODE (only needed if DEPLOYMENT_MODE=nextjs_first)
# =============================================================================
# Drupal origin URL (where Drupal is accessible after DNS change)
# This is where the proxy sends non-headless requests.
# Often a subdomain like cms.example.com or the server's direct IP.
# DRUPAL_ORIGIN_URL=https://cms.example.com
# Proxy secret for origin protection (REQUIRED for production)
# Get this from your Drupal admin: /admin/config/services/jsonapi-frontend
# Drupal will reject direct requests that don't include this secret.
# DRUPAL_PROXY_SECRET=your-secret-from-drupal-admin
# =============================================================================
# CACHE REVALIDATION
# =============================================================================
# Secret for webhook-based cache revalidation (REQUIRED for production)
# Must match the "Revalidation secret" in Drupal admin at
# /admin/config/services/jsonapi-frontend
# When Drupal content changes, it sends a webhook to /api/revalidate
# which invalidates Next.js cache tags for instant content updates.
REVALIDATION_SECRET=your-secret-from-drupal-admin
# =============================================================================
# IMAGE SECURITY
# =============================================================================
# Restrict which domains can serve images (RECOMMENDED for production)
# Without this, any domain can be used for image sources.
# Set to your Drupal domain for security.
# If omitted, Next will derive it from DRUPAL_BASE_URL (same host).
# You can pass multiple hosts as a comma-separated list.
# DRUPAL_IMAGE_DOMAIN=cms.example.com,assets.example.com
# =============================================================================
# AUTHENTICATION (optional)
# =============================================================================
# If your Drupal JSON:API requires auth, set ONE of these (server-side only).
# When auth is configured, this starter disables Next.js fetch caching to avoid
# leaking access-controlled content across users.
#
# JWT (via Drupal's auth stack; requires a JWT/auth module in Drupal):
# DRUPAL_JWT_TOKEN=abc123
#
# Basic auth:
# DRUPAL_BASIC_USERNAME=editor
# DRUPAL_BASIC_PASSWORD=editor