Updates

.env.production.example

@@ -1,26 +1,37 @@
 APP_NAME=Lean 101 Clients API
+APP_ENV=production
 CLIENT_NAME=Hunter Premium Produce
 CLIENT_EMAIL=operator@example.com
 CLIENT_PASSWORD=replace-with-strong-password
 CLIENT_TENANT_ID=hunter-premium-produce
 ADMIN_NAME=Lean 101
-ADMIN_EMAIL=admin@lean101.local
+ADMIN_EMAIL=admin@example.com
 ADMIN_PASSWORD=replace-with-strong-password
-AUTH_SECRET=replace-with-a-long-random-secret
+AUTH_SECRET=replace-with-a-32-character-or-longer-random-secret
 
 # Postgres credentials. The compose file builds DATABASE_URL from these
 # so you do not need to set DATABASE_URL explicitly. Override DATABASE_URL
 # only if you want to point at a managed Postgres outside the compose stack.
-POSTGRES_USER=lean101
+POSTGRES_USER=lean101_app
 POSTGRES_PASSWORD=replace-with-a-long-random-password
 POSTGRES_DB=lean101
 # DATABASE_URL=postgresql+psycopg://USER:PASS@HOST:5432/DBNAME
 
-ORIGIN=https://clients.lean-101.com.au
-PUBLIC_API_BASE_URL=https://clients.lean-101.com.au
+ORIGIN=https://clients.example.com
+PUBLIC_API_BASE_URL=https://clients.example.com
 INTERNAL_API_BASE_URL=http://backend:8000
-CORS_ALLOW_ORIGINS=https://clients.lean-101.com.au
+CORS_ALLOW_ORIGINS=https://clients.example.com
+CORS_ALLOW_ORIGIN_REGEX=
+TRUSTED_HOSTS=clients.example.com
 CLIENTS_APP_PORT=8081
+SESSION_COOKIE_SECURE=true
+SESSION_COOKIE_SAMESITE=lax
+SESSION_COOKIE_DOMAIN=
+SESSION_TTL_SECONDS=43200
+REQUEST_BODY_MAX_BYTES=1048576
+LOGIN_RATE_LIMIT_ATTEMPTS=8
+LOGIN_RATE_LIMIT_WINDOW_SECONDS=300
+DOCS_ENABLED=false
 
 PUBLIC_MIX_CALCULATOR_SESSION_HISTORY=false
 PUBLIC_MIX_CALCULATOR_SESSION_SAVE=false