stage-28: wire LETSENCRYPT_HOST + LETSENCRYPT_EMAIL on the cockpit service

Adds the two env vars nginxproxy/acme-companion looks for to issue + auto-renew the TLS cert for psyc.neuronetz.ai. LETSENCRYPT_EMAIL is interpolated from the prod .env (LETSENCRYPT_EMAIL=...) with a sensible fallback so dev / local deploys don't fail on the variable being unset. .env.example documents the var. Requires the proxy stack to (a) have acme-companion alongside nginx-proxy with shared certs/vhost.d/html volumes and (b) publish :443. psyc-side change only — no app code touched. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-25 16:42:46 +02:00
parent 9c3447723a
commit 92f754e012
2 changed files with 12 additions and 0 deletions
--- a/.env.example
+++ b/.env.example
@@ -14,6 +14,12 @@ OTX_API_KEY=
 # (raises throttling from ~5 to ~50 requests / 30s)
 NVD_API_KEY=

+# --- Production-only: Let's Encrypt email for the acme-companion sidecar ---
+# Used as the contact address for the TLS cert acme-companion issues for
+# psyc.neuronetz.ai. Safe to leave the default in dev (cert isn't issued
+# without a reachable acme-companion + public DNS + :443).
+# LETSENCRYPT_EMAIL=admin@neuronetz.ai
+
 # --- Internal service URLs — overridden in docker compose; defaults for venv CLI ---
 # PSYC_MOCK_CERT_URL=http://127.0.0.1:8770
 # PSYC_INFERENCE_URL=http://127.0.0.1:8771