Configuration

Comprehensive guide to configuring Staque IO for different environments and use cases.

Environment Variables

Staque IO uses environment variables for configuration. Create a .env.local file in the project root:

Database Configuration

# PostgreSQL Connection
DATABASE_URL=postgresql://username:password@localhost:5432/staque_io

# For production, use connection pooling
# DATABASE_URL=postgresql://username:password@host:5432/staque_io?sslmode=require&pool_timeout=10&pool_max=20

Authentication Configuration

# JWT Secret (REQUIRED - use a strong random string)
JWT_SECRET=your-very-long-and-secure-secret-key-here-min-256-bits

# Generate secure secret:
# node -e "console.log(require('crypto').randomBytes(64).toString('hex'))"

AWS Configuration

# AWS Region (default for deployments)
STAQUE_AWS_REGION=eu-north-1

# AWS Credentials
STAQUE_AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
STAQUE_AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

# SageMaker Configuration (Optional - for SageMaker deployments)
SAGEMAKER_SUBNET_IDS=subnet-12345678,subnet-87654321
SAGEMAKER_SECURITY_GROUP_IDS=sg-12345678
SAGEMAKER_EXECUTION_ROLE_ARN=arn:aws:iam::123456789012:role/SageMakerExecutionRole

OpenAI Configuration

# OpenAI API Key (for AI recommendations feature)
OPENAI_API_KEY=sk-proj-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

NVIDIA Configuration

# NVIDIA API Key (Optional - for NVIDIA NIM models)
NVIDIA_API_KEY=nvapi-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

# NVIDIA Base URL (Optional - defaults to NVIDIA hosted API)
NIM_BASE_URL=https://integrate.api.nvidia.com

Next.js Configuration

The next.config.js file contains Next.js-specific configuration:

/** @type {import('next').NextConfig} */
const nextConfig = {
  reactStrictMode: true,
  swcMinify: true,
  
  // Environment variables exposed to the browser
  env: {
    NEXT_PUBLIC_APP_VERSION: '1.0.0',
  },
  
  // Image optimization
  images: {
    domains: ['yourdomain.com'],
  },
  
  // Headers for security
  async headers() {
    return [
      {
        source: '/:path*',
        headers: [
          {
            key: 'X-DNS-Prefetch-Control',
            value: 'on'
          },
          {
            key: 'X-Frame-Options',
            value: 'SAMEORIGIN'
          },
          {
            key: 'X-Content-Type-Options',
            value: 'nosniff'
          },
        ],
      },
    ]
  },
}

module.exports = nextConfig

Database Configuration

Connection Pool Settings

// src/lib/db.ts
import { Pool } from 'pg'

const pool = new Pool({
  connectionString: process.env.DATABASE_URL,
  max: 20,                  // Maximum pool size
  idleTimeoutMillis: 30000, // Close idle connections after 30s
  connectionTimeoutMillis: 2000, // Connection timeout
  ssl: process.env.NODE_ENV === 'production' ? {
    rejectUnauthorized: false
  } : false
})

AWS IAM Configuration

Minimal IAM Policy

Create an IAM user or role with the following policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "BedrockAccess",
      "Effect": "Allow",
      "Action": [
        "bedrock:ListFoundationModels",
        "bedrock:GetFoundationModel",
        "bedrock:InvokeModel",
        "bedrock-runtime:InvokeModel"
      ],
      "Resource": "*"
    },
    {
      "Sid": "SageMakerAccess",
      "Effect": "Allow",
      "Action": [
        "sagemaker:ListModelPackages",
        "sagemaker:DescribeModelPackage",
        "sagemaker:CreateModel",
        "sagemaker:CreateEndpointConfig",
        "sagemaker:CreateEndpoint",
        "sagemaker:DescribeEndpoint",
        "sagemaker:UpdateEndpoint",
        "sagemaker:DeleteEndpoint",
        "sagemaker:InvokeEndpoint"
      ],
      "Resource": "*"
    },
    {
      "Sid": "PricingAccess",
      "Effect": "Allow",
      "Action": [
        "pricing:GetProducts"
      ],
      "Resource": "*"
    }
  ]
}

Region Configuration

Different AWS regions support different Bedrock models:

RegionCodeBedrock Models
US East (N. Virginia)us-east-1Most models available
US West (Oregon)us-west-2Most models available
Europe (Stockholm)eu-north-1Limited models
Europe (Frankfurt)eu-central-1Most EU models

Production Configuration

Security Checklist

  • ✅ Use strong, unique JWT_SECRET (minimum 256 bits)
  • ✅ Enable SSL/TLS for all connections
  • ✅ Use environment-specific .env files
  • ✅ Never commit .env files to version control
  • ✅ Use IAM roles instead of access keys when possible
  • ✅ Enable database SSL connections
  • ✅ Set up database backups
  • ✅ Configure rate limiting
  • ✅ Enable CloudWatch logging
  • ✅ Use VPC for SageMaker endpoints

Performance Optimization

  • Database: Configure connection pooling (max 20-50 connections)
  • Caching: Implement Redis for session and query caching
  • CDN: Use CloudFront or similar for static assets
  • Monitoring: Set up APM tools (DataDog, New Relic)

Environment-Specific Configuration

# .env.local (Development)
NODE_ENV=development
DATABASE_URL=postgresql://localhost:5432/staque_io_dev
JWT_SECRET=dev-secret-only-for-local

# .env.production (Production)
NODE_ENV=production
DATABASE_URL=postgresql://prod-host:5432/staque_io?ssl=true
JWT_SECRET=<strong-random-secret>
STAQUE_AWS_REGION=eu-central-1

# .env.test (Testing)
NODE_ENV=test
DATABASE_URL=postgresql://localhost:5432/staque_io_test
JWT_SECRET=test-secret

Logging Configuration

Console Logging

// Example logging in API routes
console.log('🔍 Processing request:', { userId, resourceId })
console.log('✅ Success:', result)
console.error('❌ Error:', error)
console.warn('⚠️ Warning:', warning)

CloudWatch Integration (Production)

// Install winston-cloudwatch
npm install winston winston-cloudwatch

// Configure logger
import winston from 'winston'
import CloudWatchTransport from 'winston-cloudwatch'

const logger = winston.createLogger({
  transports: [
    new CloudWatchTransport({
      logGroupName: '/staque-io/api',
      logStreamName: 'production',
      awsRegion: process.env.STAQUE_AWS_REGION
    })
  ]
})

Monitoring and Alerts

Health Check Endpoint

GET /api/health

Response:
{
  "status": "healthy",
  "timestamp": "2024-01-10T12:00:00Z",
  "database": "connected",
  "aws": "configured"
}

Recommended Alerts

  • Database connection failures
  • API error rate > 5%
  • Response time > 3 seconds
  • SageMaker endpoint failures
  • High AWS costs (set budget alerts)

Backup Configuration

Database Backups

# Automated daily backups (add to crontab)
0 2 * * * pg_dump -U postgres staque_io | gzip > /backups/staque_io_$(date +%Y%m%d).sql.gz

# Retain backups for 30 days
0 3 * * * find /backups -name "staque_io_*.sql.gz" -mtime +30 -delete

Configuration Backup

  • Store environment variables in secure vault (AWS Secrets Manager, HashiCorp Vault)
  • Version control infrastructure as code (Terraform, CloudFormation)
  • Document manual configuration steps

🔒 Security Warning

  • Never commit secrets: Add .env* to .gitignore
  • Rotate credentials: Change AWS keys and JWT secrets regularly
  • Use secrets manager: Store production secrets in AWS Secrets Manager
  • Limit access: Use IAM roles with least privilege principle