docs: document all env vars and remove SMTP/webhook from docker config
SMTP and webhook settings are configured via Admin UI only. Made-with: Cursor
This commit is contained in:
Andrei Brebene
37
README.md
37
README.md
@@ -120,23 +120,44 @@ services:
|
||||
app:
|
||||
image: mauriceboe/trek:latest
|
||||
container_name: trek
|
||||
read_only: true
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- CHOWN
|
||||
- SETUID
|
||||
- SETGID
|
||||
tmpfs:
|
||||
- /tmp:noexec,nosuid,size=64m
|
||||
ports:
|
||||
- "3000:3000"
|
||||
environment:
|
||||
- NODE_ENV=production
|
||||
- PORT=3000
|
||||
- TZ=UTC
|
||||
- LOG_LEVEL=info
|
||||
# - ALLOWED_ORIGINS=https://trek.example.com
|
||||
# - OIDC_ISSUER=https://auth.example.com
|
||||
# - OIDC_CLIENT_ID=trek
|
||||
# - OIDC_CLIENT_SECRET=supersecret
|
||||
# - OIDC_DISPLAY_NAME=SSO
|
||||
# - OIDC_ONLY=false
|
||||
- JWT_SECRET=${JWT_SECRET:-} # Auto-generated if not set; persist across restarts for stable sessions
|
||||
- TZ=${TZ:-UTC} # Timezone for logs, reminders and scheduled tasks (e.g. Europe/Berlin)
|
||||
- LOG_LEVEL=${LOG_LEVEL:-info} # info = concise user actions; debug = verbose admin-level details
|
||||
- ALLOWED_ORIGINS=${ALLOWED_ORIGINS:-} # Comma-separated origins for CORS and email notification links
|
||||
- FORCE_HTTPS=true # Redirect HTTP to HTTPS when behind a TLS-terminating proxy
|
||||
- TRUST_PROXY=1 # Number of trusted proxies (for X-Forwarded-For / real client IP)
|
||||
- OIDC_ISSUER=https://auth.example.com # OpenID Connect provider URL
|
||||
- OIDC_CLIENT_ID=trek # OpenID Connect client ID
|
||||
- OIDC_CLIENT_SECRET=supersecret # OpenID Connect client secret
|
||||
- OIDC_DISPLAY_NAME=SSO # Label shown on the SSO login button
|
||||
- OIDC_ONLY=false # Set true to disable local password auth entirely (SSO only)
|
||||
volumes:
|
||||
- ./data:/app/data
|
||||
- ./uploads:/app/uploads
|
||||
restart: unless-stopped
|
||||
healthcheck:
|
||||
test: ["CMD", "wget", "-qO-", "http://localhost:3000/api/health"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
start_period: 15s
|
||||
|
||||
```
|
||||
|
||||
```bash
|
||||
|
||||
@@ -18,31 +18,17 @@ services:
|
||||
environment:
|
||||
- NODE_ENV=production
|
||||
- PORT=3000
|
||||
# Auto-generated if not set; persist across restarts for stable sessions
|
||||
- JWT_SECRET=${JWT_SECRET:-}
|
||||
# Timezone for logs, reminders and scheduled tasks (e.g. Europe/Berlin)
|
||||
- TZ=${TZ:-UTC}
|
||||
# info = concise user actions; debug = verbose admin-level details
|
||||
- LOG_LEVEL=${LOG_LEVEL:-info}
|
||||
# Comma-separated origins for CORS and email notification links
|
||||
- ALLOWED_ORIGINS=${ALLOWED_ORIGINS:-}
|
||||
# Redirect HTTP to HTTPS when behind a TLS-terminating proxy
|
||||
# - FORCE_HTTPS=true
|
||||
# Number of trusted proxies (for X-Forwarded-For / real client IP)
|
||||
# - TRUST_PROXY=1
|
||||
|
||||
## ── OIDC / SSO ──────────────────────────────────────────────
|
||||
# OpenID Connect provider URL
|
||||
# - OIDC_ISSUER=https://auth.example.com
|
||||
# - OIDC_CLIENT_ID=trek
|
||||
# - OIDC_CLIENT_SECRET=supersecret
|
||||
# Label shown on the SSO login button
|
||||
# - OIDC_DISPLAY_NAME=SSO
|
||||
# Set true to disable local password auth entirely (SSO only)
|
||||
# - OIDC_ONLY=false
|
||||
|
||||
## ── Demo mode (resets data hourly) ──────────────────────────
|
||||
# - DEMO_MODE=false
|
||||
- JWT_SECRET=${JWT_SECRET:-} # Auto-generated if not set; persist across restarts for stable sessions
|
||||
- TZ=${TZ:-UTC} # Timezone for logs, reminders and scheduled tasks (e.g. Europe/Berlin)
|
||||
- LOG_LEVEL=${LOG_LEVEL:-info} # info = concise user actions; debug = verbose admin-level details
|
||||
- ALLOWED_ORIGINS=${ALLOWED_ORIGINS:-} # Comma-separated origins for CORS and email notification links
|
||||
- FORCE_HTTPS=true # Redirect HTTP to HTTPS when behind a TLS-terminating proxy
|
||||
- TRUST_PROXY=1 # Number of trusted proxies (for X-Forwarded-For / real client IP)
|
||||
- OIDC_ISSUER=https://auth.example.com # OpenID Connect provider URL
|
||||
- OIDC_CLIENT_ID=trek # OpenID Connect client ID
|
||||
- OIDC_CLIENT_SECRET=supersecret # OpenID Connect client secret
|
||||
- OIDC_DISPLAY_NAME=SSO # Label shown on the SSO login button
|
||||
- OIDC_ONLY=false # Set true to disable local password auth entirely (SSO only)
|
||||
volumes:
|
||||
- ./data:/app/data
|
||||
- ./uploads:/app/uploads
|
||||
|
||||
@@ -1,28 +1,19 @@
|
||||
# ── Core ───────────────────────────────────────────────────────
|
||||
PORT=3001
|
||||
NODE_ENV=development
|
||||
JWT_SECRET=your-super-secret-jwt-key-change-in-production
|
||||
TZ=UTC
|
||||
# info = concise user actions; debug = verbose admin-level details
|
||||
LOG_LEVEL=info
|
||||
PORT=3001 # Port to run the server on
|
||||
NODE_ENV=development # development = development mode; production = production mode
|
||||
JWT_SECRET=your-super-secret-jwt-key-change-in-production # Auto-generated if not set; persist across restarts for stable sessions
|
||||
TZ=UTC # Timezone for logs, reminders and scheduled tasks (e.g. Europe/Berlin)
|
||||
LOG_LEVEL=info # info = concise user actions; debug = verbose admin-level details
|
||||
|
||||
# ── Networking ─────────────────────────────────────────────────
|
||||
# Comma-separated origins for CORS and email links
|
||||
# ALLOWED_ORIGINS=https://trek.example.com
|
||||
# Redirect HTTP → HTTPS behind a TLS proxy
|
||||
# FORCE_HTTPS=false
|
||||
# Number of trusted proxies for X-Forwarded-For
|
||||
# TRUST_PROXY=1
|
||||
ALLOWED_ORIGINS=https://trek.example.com # Comma-separated origins for CORS and email links
|
||||
FORCE_HTTPS=false # Redirect HTTP → HTTPS behind a TLS proxy
|
||||
TRUST_PROXY=1 # Number of trusted proxies for X-Forwarded-For
|
||||
|
||||
# ── OIDC / SSO ─────────────────────────────────────────────────
|
||||
# OIDC_ISSUER=https://auth.example.com
|
||||
# OIDC_CLIENT_ID=trek
|
||||
# OIDC_CLIENT_SECRET=supersecret
|
||||
# OIDC_DISPLAY_NAME=SSO
|
||||
# Disable local password auth entirely (SSO only)
|
||||
# OIDC_ONLY=false
|
||||
# OIDC_ADMIN_CLAIM=groups
|
||||
# OIDC_ADMIN_VALUE=app-trek-admins
|
||||
OIDC_ISSUER=https://auth.example.com # OpenID Connect provider URL
|
||||
OIDC_CLIENT_ID=trek # OpenID Connect client ID
|
||||
OIDC_CLIENT_SECRET=supersecret # OpenID Connect client secret
|
||||
OIDC_DISPLAY_NAME=SSO # Label shown on the SSO login button
|
||||
OIDC_ONLY=true # Disable local password auth entirely (SSO only)
|
||||
OIDC_ADMIN_CLAIM=groups # OIDC claim used to identify admin users
|
||||
OIDC_ADMIN_VALUE=app-trek-admins # Value of the OIDC claim that grants admin role
|
||||
|
||||
# ── Demo ───────────────────────────────────────────────────────
|
||||
# DEMO_MODE=false
|
||||
DEMO_MODE=false # Demo mode - resets data hourly
|
||||
|
||||
Reference in New Issue
Block a user