Production Configuration

Security checklist

Do not run in production without completing this checklist.

SECRET_KEY is ≥32 random characters
ENCRYPTION_KEY is a fresh Fernet key (not from the example file)
POSTGRES_PASSWORD is strong and unique
REDIS_PASSWORD is strong and unique
ENVIRONMENT=production is set
.env is not committed to version control
SSL/TLS is configured on nginx (see Nginx & SSL)
Firewall allows only ports 80 and 443 externally
REQUIRE_INVITE=true if you want closed registration

CORS


CORS_ORIGINS=https://your-nexora-domain.com

Do not use * in production.

Invite-only registration


REQUIRE_INVITE=true

Admin generates invite tokens in Settings → Invites.

SMTP (email)

Required for password reset and notifications:


SMTP_HOST=smtp.yourmailserver.com
SMTP_PORT=587
SMTP_USER=nexora@yourdomain.com
SMTP_PASSWORD=yourpassword
SMTP_FROM=nexora@yourdomain.com
SMTP_TLS=true

Scaling

Nexora is stateless at the FastAPI layer — scale horizontally with multiple backend containers behind a load balancer. Redis pub/sub handles cross-worker message broadcast.

Health check


GET /api/health

Returns 200 OK:


{ "status": "ok", "version": "x.y.z" }

Log levels


LOG_LEVEL=info   # debug | info | warning | error