Skip to content

Configuration

This guide covers all configuration options for the Freeze Design webshop.

Environment Variables

Backend (.env)

# Django Settings
DEBUG=True
SECRET_KEY=your-secret-key-here
ALLOWED_HOSTS=localhost,127.0.0.1

# Database
DB_NAME=webshop_dev
DB_USER=webshop
DB_PASSWORD=your_password
DB_HOST=localhost
DB_PORT=5432

# Redis
REDIS_URL=redis://localhost:6379/1

# Celery
CELERY_BROKER_URL=redis://localhost:6379/0
CELERY_RESULT_BACKEND=redis://localhost:6379/0

# CORS
CORS_ALLOWED_ORIGINS=http://localhost:3000
CSRF_TRUSTED_ORIGINS=http://localhost:3000

# Sentry (optional)
SENTRY_DSN=
SENTRY_ENVIRONMENT=development

# Email (Resend - magic link and transactional emails)
RESEND_API_KEY=
DEFAULT_FROM_EMAIL=noreply@notification.freezedesign.eu

# Frontend URL (for links in emails)
FRONTEND_URL=http://localhost:3000

# Mollie Payments
MOLLIE_API_KEY=test_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# Base URL only, no /api suffix (used to build Mollie webhook URLs)
BACKEND_URL=http://localhost:8000

# Media Storage (DigitalOcean Spaces, S3-compatible)
USE_SPACES=False
DO_SPACES_BUCKET_NAME=
DO_SPACES_ACCESS_KEY=
DO_SPACES_SECRET_KEY=
DO_SPACES_REGION=ams3

# AWS credentials (database backups, not media)
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_STORAGE_BUCKET_NAME=

See backend/.env.example for the full annotated list (Discord webhooks, backup configuration, etc.).

Frontend (.env.local)

# API
NEXT_PUBLIC_API_URL=http://localhost:8000/api

# Sentry
NEXT_PUBLIC_SENTRY_DSN=

# PostHog Analytics
NEXT_PUBLIC_POSTHOG_KEY=
NEXT_PUBLIC_POSTHOG_HOST=https://eu.i.posthog.com

Note

PostHog instrumentation currently delivers no events; Sentry is the operational error tracker.

Django Settings

Key settings in backend/config/settings.py:

REST Framework

REST_FRAMEWORK = {
    'DEFAULT_PAGINATION_CLASS': 'config.pagination.StandardPagination',
    'PAGE_SIZE': 20,
    'DEFAULT_THROTTLE_RATES': {
        'anon': '100/hour',
        'user': '1000/hour',
        'uploads': '20/hour',
        'checkout': '5/minute',
        'payment_retry': '3/minute',
    },
}

Throttling is disabled entirely when running tests or when E2E_TESTING=True.

Security Settings (Production)

SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SECURE_HSTS_SECONDS = 31536000

Feature Flags

Control features via environment variables:

Variable Default Description
DEBUG True Enable debug mode
E2E_TESTING False Disable rate limiting for E2E tests
CSP_REPORT_ONLY False CSP in report-only mode (production/DEBUG=False only)

Logging

Configure logging levels in settings.py:

LOGGING = {
    'loggers': {
        'django': {'level': 'INFO'},
        'apps': {'level': 'INFO'},
    },
}

Log files are stored in backend/logs/: - django.log - General application logs - security.log - Security-related events