docs: document all env vars and remove SMTP/webhook from docker config
SMTP and webhook settings are configured via Admin UI only. Made-with: Cursor
This commit is contained in:
Andrei Brebene
37
README.md
37
README.md
@@ -120,23 +120,44 @@ services:
|
|||||||
app:
|
app:
|
||||||
image: mauriceboe/trek:latest
|
image: mauriceboe/trek:latest
|
||||||
container_name: trek
|
container_name: trek
|
||||||
|
read_only: true
|
||||||
|
security_opt:
|
||||||
|
- no-new-privileges:true
|
||||||
|
cap_drop:
|
||||||
|
- ALL
|
||||||
|
cap_add:
|
||||||
|
- CHOWN
|
||||||
|
- SETUID
|
||||||
|
- SETGID
|
||||||
|
tmpfs:
|
||||||
|
- /tmp:noexec,nosuid,size=64m
|
||||||
ports:
|
ports:
|
||||||
- "3000:3000"
|
- "3000:3000"
|
||||||
environment:
|
environment:
|
||||||
- NODE_ENV=production
|
- NODE_ENV=production
|
||||||
- PORT=3000
|
- PORT=3000
|
||||||
- TZ=UTC
|
- JWT_SECRET=${JWT_SECRET:-} # Auto-generated if not set; persist across restarts for stable sessions
|
||||||
- LOG_LEVEL=info
|
- TZ=${TZ:-UTC} # Timezone for logs, reminders and scheduled tasks (e.g. Europe/Berlin)
|
||||||
# - ALLOWED_ORIGINS=https://trek.example.com
|
- LOG_LEVEL=${LOG_LEVEL:-info} # info = concise user actions; debug = verbose admin-level details
|
||||||
# - OIDC_ISSUER=https://auth.example.com
|
- ALLOWED_ORIGINS=${ALLOWED_ORIGINS:-} # Comma-separated origins for CORS and email notification links
|
||||||
# - OIDC_CLIENT_ID=trek
|
- FORCE_HTTPS=true # Redirect HTTP to HTTPS when behind a TLS-terminating proxy
|
||||||
# - OIDC_CLIENT_SECRET=supersecret
|
- TRUST_PROXY=1 # Number of trusted proxies (for X-Forwarded-For / real client IP)
|
||||||
# - OIDC_DISPLAY_NAME=SSO
|
- OIDC_ISSUER=https://auth.example.com # OpenID Connect provider URL
|
||||||
# - OIDC_ONLY=false
|
- OIDC_CLIENT_ID=trek # OpenID Connect client ID
|
||||||
|
- OIDC_CLIENT_SECRET=supersecret # OpenID Connect client secret
|
||||||
|
- OIDC_DISPLAY_NAME=SSO # Label shown on the SSO login button
|
||||||
|
- OIDC_ONLY=false # Set true to disable local password auth entirely (SSO only)
|
||||||
volumes:
|
volumes:
|
||||||
- ./data:/app/data
|
- ./data:/app/data
|
||||||
- ./uploads:/app/uploads
|
- ./uploads:/app/uploads
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "wget", "-qO-", "http://localhost:3000/api/health"]
|
||||||
|
interval: 30s
|
||||||
|
timeout: 10s
|
||||||
|
retries: 3
|
||||||
|
start_period: 15s
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
|
|||||||
@@ -18,31 +18,17 @@ services:
|
|||||||
environment:
|
environment:
|
||||||
- NODE_ENV=production
|
- NODE_ENV=production
|
||||||
- PORT=3000
|
- PORT=3000
|
||||||
# Auto-generated if not set; persist across restarts for stable sessions
|
- JWT_SECRET=${JWT_SECRET:-} # Auto-generated if not set; persist across restarts for stable sessions
|
||||||
- JWT_SECRET=${JWT_SECRET:-}
|
- TZ=${TZ:-UTC} # Timezone for logs, reminders and scheduled tasks (e.g. Europe/Berlin)
|
||||||
# Timezone for logs, reminders and scheduled tasks (e.g. Europe/Berlin)
|
- LOG_LEVEL=${LOG_LEVEL:-info} # info = concise user actions; debug = verbose admin-level details
|
||||||
- TZ=${TZ:-UTC}
|
- ALLOWED_ORIGINS=${ALLOWED_ORIGINS:-} # Comma-separated origins for CORS and email notification links
|
||||||
# info = concise user actions; debug = verbose admin-level details
|
- FORCE_HTTPS=true # Redirect HTTP to HTTPS when behind a TLS-terminating proxy
|
||||||
- LOG_LEVEL=${LOG_LEVEL:-info}
|
- TRUST_PROXY=1 # Number of trusted proxies (for X-Forwarded-For / real client IP)
|
||||||
# Comma-separated origins for CORS and email notification links
|
- OIDC_ISSUER=https://auth.example.com # OpenID Connect provider URL
|
||||||
- ALLOWED_ORIGINS=${ALLOWED_ORIGINS:-}
|
- OIDC_CLIENT_ID=trek # OpenID Connect client ID
|
||||||
# Redirect HTTP to HTTPS when behind a TLS-terminating proxy
|
- OIDC_CLIENT_SECRET=supersecret # OpenID Connect client secret
|
||||||
# - FORCE_HTTPS=true
|
- OIDC_DISPLAY_NAME=SSO # Label shown on the SSO login button
|
||||||
# Number of trusted proxies (for X-Forwarded-For / real client IP)
|
- OIDC_ONLY=false # Set true to disable local password auth entirely (SSO only)
|
||||||
# - TRUST_PROXY=1
|
|
||||||
|
|
||||||
## ── OIDC / SSO ──────────────────────────────────────────────
|
|
||||||
# OpenID Connect provider URL
|
|
||||||
# - OIDC_ISSUER=https://auth.example.com
|
|
||||||
# - OIDC_CLIENT_ID=trek
|
|
||||||
# - OIDC_CLIENT_SECRET=supersecret
|
|
||||||
# Label shown on the SSO login button
|
|
||||||
# - OIDC_DISPLAY_NAME=SSO
|
|
||||||
# Set true to disable local password auth entirely (SSO only)
|
|
||||||
# - OIDC_ONLY=false
|
|
||||||
|
|
||||||
## ── Demo mode (resets data hourly) ──────────────────────────
|
|
||||||
# - DEMO_MODE=false
|
|
||||||
volumes:
|
volumes:
|
||||||
- ./data:/app/data
|
- ./data:/app/data
|
||||||
- ./uploads:/app/uploads
|
- ./uploads:/app/uploads
|
||||||
|
|||||||
@@ -1,28 +1,19 @@
|
|||||||
# ── Core ───────────────────────────────────────────────────────
|
PORT=3001 # Port to run the server on
|
||||||
PORT=3001
|
NODE_ENV=development # development = development mode; production = production mode
|
||||||
NODE_ENV=development
|
JWT_SECRET=your-super-secret-jwt-key-change-in-production # Auto-generated if not set; persist across restarts for stable sessions
|
||||||
JWT_SECRET=your-super-secret-jwt-key-change-in-production
|
TZ=UTC # Timezone for logs, reminders and scheduled tasks (e.g. Europe/Berlin)
|
||||||
TZ=UTC
|
LOG_LEVEL=info # info = concise user actions; debug = verbose admin-level details
|
||||||
# info = concise user actions; debug = verbose admin-level details
|
|
||||||
LOG_LEVEL=info
|
|
||||||
|
|
||||||
# ── Networking ─────────────────────────────────────────────────
|
ALLOWED_ORIGINS=https://trek.example.com # Comma-separated origins for CORS and email links
|
||||||
# Comma-separated origins for CORS and email links
|
FORCE_HTTPS=false # Redirect HTTP → HTTPS behind a TLS proxy
|
||||||
# ALLOWED_ORIGINS=https://trek.example.com
|
TRUST_PROXY=1 # Number of trusted proxies for X-Forwarded-For
|
||||||
# Redirect HTTP → HTTPS behind a TLS proxy
|
|
||||||
# FORCE_HTTPS=false
|
|
||||||
# Number of trusted proxies for X-Forwarded-For
|
|
||||||
# TRUST_PROXY=1
|
|
||||||
|
|
||||||
# ── OIDC / SSO ─────────────────────────────────────────────────
|
OIDC_ISSUER=https://auth.example.com # OpenID Connect provider URL
|
||||||
# OIDC_ISSUER=https://auth.example.com
|
OIDC_CLIENT_ID=trek # OpenID Connect client ID
|
||||||
# OIDC_CLIENT_ID=trek
|
OIDC_CLIENT_SECRET=supersecret # OpenID Connect client secret
|
||||||
# OIDC_CLIENT_SECRET=supersecret
|
OIDC_DISPLAY_NAME=SSO # Label shown on the SSO login button
|
||||||
# OIDC_DISPLAY_NAME=SSO
|
OIDC_ONLY=true # Disable local password auth entirely (SSO only)
|
||||||
# Disable local password auth entirely (SSO only)
|
OIDC_ADMIN_CLAIM=groups # OIDC claim used to identify admin users
|
||||||
# OIDC_ONLY=false
|
OIDC_ADMIN_VALUE=app-trek-admins # Value of the OIDC claim that grants admin role
|
||||||
# OIDC_ADMIN_CLAIM=groups
|
|
||||||
# OIDC_ADMIN_VALUE=app-trek-admins
|
|
||||||
|
|
||||||
# ── Demo ───────────────────────────────────────────────────────
|
DEMO_MODE=false # Demo mode - resets data hourly
|
||||||
# DEMO_MODE=false
|
|
||||||
|
|||||||
Reference in New Issue
Block a user