jocke/bilhej
1
0
Fork 0
Code Issues Pull requests 2 Projects Releases 1 Packages Wiki Activity Actions
bilhej/docs/production-email-checklist.md
Joakim Mörling ad195fd890
All checks were successful
CI / Lint, type check, unit tests, coverage (push) Successful in 2m2s
Details
CI / E2E browser tests (push) Successful in 1m16s
Details
Wire production email secrets through Forgejo deploy. 
Deploy workflow now writes MAIL_* and APP_PUBLIC_BASE_URL from Actions
secrets into the server .env so Resend SMTP works after domain verify.
Document Resend-only setup, Forgejo secret names, and prod expose-token off.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-21 18:39:00 +02:00

56 lines
1.8 KiB
Markdown
Raw Blame History

# Production email with Resend (operator)
BilHej sends password-reset mail via **SMTP** (Spring `JavaMailSender`). You do **not** need the
Resend Java SDK from their onboarding snippet—only env vars on the server.
## Security
- Never commit `re_...` keys to git. Put them only in the server `.env`.
- If an API key was pasted in chat or logs, **revoke it** in Resend → API Keys and create a new one.
## 1. Verify bilhej.se in Resend
1. [Resend](https://resend.com) → **Domains** → add `bilhej.se`
2. Add the DNS records Resend shows (SPF, DKIM; DMARC optional) at your domain registrar
3. Wait until status is **Verified**
Until the domain is verified, `MAIL_FROM=noreply@bilhej.se` will fail. For a quick API test only,
Resend allows `onboarding@resend.dev` → your own inbox—not for production.
## 2. Production `.env` (SMTP, not SDK)
On the server (file used by `docker-compose.prod.yml`):
```bash
APP_PUBLIC_BASE_URL=https://bilhej.se
MAIL_HOST=smtp.resend.com
MAIL_PORT=587
MAIL_USERNAME=resend
MAIL_PASSWORD=re_your_new_api_key_here
MAIL_FROM=noreply@bilhej.se
```
| Variable | Resend value |
|----------|----------------|
| `MAIL_USERNAME` | Always the literal string `resend` |
| `MAIL_PASSWORD` | Your API key (`re_...`) |
| `MAIL_FROM` | Any address on **verified** domain, e.g. `noreply@bilhej.se` |
## 3. Deploy
Run **Deploy to Production** in Forgejo (pipeline only—no manual rsync).
## 4. Smoke test
1. https://bilhej.se/logga-in → **Glömt lösenord?**
2. Email that exists in `users`
3. Check inbox and spam
4. Resend dashboard → **Emails** should show the send
5. On failure: `docker logs bilhej-backend-prod 2>&1 | grep -i mail`
Fallback: reset links still log when `MAIL_HOST` is empty.
## Local dev
Keep using Mailpit (`docker compose up`, http://localhost:8025). Do not point local Docker at
Resend unless you intend to send real mail.
Reference in a new issue View git blame Copy permalink