Joakim Mörling
ad195fd890
Deploy workflow now writes MAIL_* and APP_PUBLIC_BASE_URL from Actions secrets into the server .env so Resend SMTP works after domain verify. Document Resend-only setup, Forgejo secret names, and prod expose-token off. Co-authored-by: Cursor <cursoragent@cursor.com>
1.8 KiB
1.8 KiB
Production email with Resend (operator)
BilHej sends password-reset mail via SMTP (Spring JavaMailSender). You do not need the
Resend Java SDK from their onboarding snippet—only env vars on the server.
Security
- Never commit
re_...keys to git. Put them only in the server.env. - If an API key was pasted in chat or logs, revoke it in Resend → API Keys and create a new one.
1. Verify bilhej.se in Resend
- Resend → Domains → add
bilhej.se - Add the DNS records Resend shows (SPF, DKIM; DMARC optional) at your domain registrar
- Wait until status is Verified
Until the domain is verified, MAIL_FROM=noreply@bilhej.se will fail. For a quick API test only,
Resend allows onboarding@resend.dev → your own inbox—not for production.
2. Production .env (SMTP, not SDK)
On the server (file used by docker-compose.prod.yml):
APP_PUBLIC_BASE_URL=https://bilhej.se
MAIL_HOST=smtp.resend.com
MAIL_PORT=587
MAIL_USERNAME=resend
MAIL_PASSWORD=re_your_new_api_key_here
MAIL_FROM=noreply@bilhej.se
| Variable | Resend value |
|---|---|
MAIL_USERNAME |
Always the literal string resend |
MAIL_PASSWORD |
Your API key (re_...) |
MAIL_FROM |
Any address on verified domain, e.g. noreply@bilhej.se |
3. Deploy
Run Deploy to Production in Forgejo (pipeline only—no manual rsync).
4. Smoke test
- https://bilhej.se/logga-in → Glömt lösenord?
- Email that exists in
users - Check inbox and spam
- Resend dashboard → Emails should show the send
- On failure:
docker logs bilhej-backend-prod 2>&1 | grep -i mail
Fallback: reset links still log when MAIL_HOST is empty.
Local dev
Keep using Mailpit (docker compose up, http://localhost:8025). Do not point local Docker at
Resend unless you intend to send real mail.