forked from AppFlowy-IO/AppFlowy-Cloud
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdeploy.env
More file actions
346 lines (276 loc) · 15.7 KB
/
deploy.env
File metadata and controls
346 lines (276 loc) · 15.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
# =============================================================================
# AppFlowy Cloud - Production Deployment Configuration
# =============================================================================
# This file is a template for docker compose deployment
# Copy this file to .env and change the values as needed
# Fully qualified domain name for the deployment. Replace localhost with your domain,
# such as mydomain.com.
FQDN=localhost
# Change this to https if you are using TLS.
SCHEME=http
# Change this to wss if you are using TLS
WS_SCHEME=ws
APPFLOWY_BASE_URL=${SCHEME}://${FQDN}
APPFLOWY_WEBSOCKET_BASE_URL=${WS_SCHEME}://${FQDN}/ws/v2
# =============================================================================
# 🗄️ DATABASE & CACHE: Core data infrastructure
# =============================================================================
# PostgreSQL Settings
POSTGRES_HOST=postgres
POSTGRES_USER=postgres
POSTGRES_PASSWORD=password
POSTGRES_PORT=5432
POSTGRES_DB=postgres
# Redis Settings
REDIS_HOST=redis
REDIS_PORT=6379
# =============================================================================
# 🏗️ INFRASTRUCTURE SERVICES: Object storage and networking
# =============================================================================
# MinIO Configuration: S3-compatible object storage for file uploads and attachments
# Docker service discovery: These values are used for container-to-container communication
# MINIO_HOST refers to the Docker Compose service name, not an external domain/IP
# Used by: AppFlowy Cloud, Worker services, AI service, and Admin Frontend
MINIO_HOST=minio
MINIO_PORT=9000
# MinIO/AWS Credentials: Authentication keys for object storage access
# Development: Uses MinIO's default credentials (minioadmin/minioadmin) for quick setup
# Production: MUST be changed to secure, randomly generated credentials for security
# These credentials are used across all services that access file storage
# Security note: Default credentials are well-known and should never be used in production
AWS_ACCESS_KEY=minioadmin
AWS_SECRET=minioadmin
# =============================================================================
# ☁️ APPFLOWY SERVICES: Application service configuration
# =============================================================================
# AppFlowy Cloud Service Configuration
# URL that connects to the gotrue docker container
APPFLOWY_GOTRUE_BASE_URL=http://gotrue:9999
# URL that connects to the postgres docker container. If your password contains special characters,
# instead of using ${POSTGRES_PASSWORD}, you will need to convert them into url encoded format.
# For example, `p@ssword` will become `p%40ssword`.
APPFLOWY_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
# AppFlowy Service Configuration
# Access Control System: Enables/disables permission-based access control
# Controls workspace access, collaboration permissions, and realtime access restrictions
APPFLOWY_ACCESS_CONTROL=true
# WebSocket Mailbox Configuration: Controls realtime server message handling capacity
# Sets the maximum number of messages that can be queued in the WebSocket actor's mailbox
# Higher values allow more concurrent WebSocket messages but use more memory
# Lower values may cause message drops under high load but reduce memory usage
APPFLOWY_WEBSOCKET_MAILBOX_SIZE=6000
# Database Connection Pool: Maximum number of concurrent PostgreSQL connections
# Controls the size of the database connection pool for the AppFlowy Cloud service
# PostgreSQL has a default limit of ~100 connections total (15 reserved for superuser)
# Higher values improve concurrency but consume more database resources
# Lower values reduce database load but may cause connection timeouts under load
APPFLOWY_DATABASE_MAX_CONNECTIONS=40
# URL that connects to the redis docker container
APPFLOWY_REDIS_URI=redis://${REDIS_HOST}:${REDIS_PORT}
# GoTrue database connection. If your password contains special characters,
# instead of using ${POSTGRES_PASSWORD}, use the url encoded version.
# For example, `p@ssword` will become `p%40ssword`
GOTRUE_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}?search_path=auth
# =============================================================================
# 🔐 GOTRUE: Authentication service configuration
# =============================================================================
# GoTrue Admin Credentials
# This user will be created when GoTrue starts successfully
# You can use this user to login to the admin panel
GOTRUE_ADMIN_EMAIL=admin@example.com
GOTRUE_ADMIN_PASSWORD=password
# JWT Configuration
# Authentication key, change this and keep the key safe and secret
GOTRUE_JWT_SECRET=hello456
# Expiration time in seconds for the JWT token
GOTRUE_JWT_EXP=604800
# External URL where the GoTrue service is exposed
API_EXTERNAL_URL=${APPFLOWY_BASE_URL}/gotrue
# User Registration & Login Settings
# User sign up will automatically be confirmed if this is set to true.
# If you have OAuth2 set up or smtp configured, you can set this to false
# to enforce email confirmation or OAuth2 login instead.
# If you set this to false, you need to either set up SMTP
GOTRUE_MAILER_AUTOCONFIRM=true
# Set this to true if users can only join by invite
GOTRUE_DISABLE_SIGNUP=false
# Number of emails that can be sent per minute
GOTRUE_RATE_LIMIT_EMAIL_SENT=100
# Email Templates
# Optional. You can provide a public http link (eg. github) to customize your magic link template.
# Refer to https://github.com/supabase/auth?tab=readme-ov-file#configuration for details on how to create a custom email template.
GOTRUE_MAILER_TEMPLATES_MAGIC_LINK=
# =============================================================================
# 🎛️ ADMIN FRONTEND: Management interface configuration
# =============================================================================
# URL that connects to redis docker container
ADMIN_FRONTEND_REDIS_URL=redis://${REDIS_HOST}:${REDIS_PORT}
# URL that connects to gotrue docker container
ADMIN_FRONTEND_GOTRUE_URL=http://gotrue:9999
# URL that connects to the cloud docker container
ADMIN_FRONTEND_APPFLOWY_CLOUD_URL=http://appflowy_cloud:8000
# =============================================================================
# 📧 EMAIL CONFIGURATION: SMTP settings (optional but recommended for production)
# =============================================================================
# If you intend to use mail confirmation, you need to set the SMTP configuration below
# You would then need to set GOTRUE_MAILER_AUTOCONFIRM=false
# Check for logs in gotrue service if there are any issues with email confirmation
# Note that smtps will be used for port 465, otherwise plain smtp with optional STARTTLS
GOTRUE_SMTP_HOST=smtp.gmail.com
GOTRUE_SMTP_PORT=465
GOTRUE_SMTP_USER=email_sender@some_company.com
GOTRUE_SMTP_PASS=email_sender_password
GOTRUE_SMTP_ADMIN_EMAIL=comp_admin@some_company.com
# AppFlowy Cloud Mailer
# Note that smtps (TLS) is always required, even for ports other than 465
APPFLOWY_MAILER_SMTP_HOST=smtp.gmail.com
APPFLOWY_MAILER_SMTP_PORT=465
APPFLOWY_MAILER_SMTP_USERNAME=email_sender@some_company.com
APPFLOWY_MAILER_SMTP_EMAIL=email_sender@some_company.com
APPFLOWY_MAILER_SMTP_PASSWORD=email_sender_password
APPFLOWY_MAILER_SMTP_TLS_KIND=wrapper # "none" "wrapper" "required" "opportunistic"
# =============================================================================
# 🔑 OAUTH PROVIDERS: Third-party authentication (optional)
# =============================================================================
# Refer to this for details: https://github.com/AppFlowy-IO/AppFlowy-Cloud/blob/main/doc/AUTHENTICATION.md
# Google OAuth2
GOTRUE_EXTERNAL_GOOGLE_ENABLED=false
GOTRUE_EXTERNAL_GOOGLE_CLIENT_ID=
GOTRUE_EXTERNAL_GOOGLE_SECRET=
GOTRUE_EXTERNAL_GOOGLE_REDIRECT_URI=${API_EXTERNAL_URL}/callback
# GitHub OAuth2
GOTRUE_EXTERNAL_GITHUB_ENABLED=false
GOTRUE_EXTERNAL_GITHUB_CLIENT_ID=
GOTRUE_EXTERNAL_GITHUB_SECRET=
GOTRUE_EXTERNAL_GITHUB_REDIRECT_URI=${API_EXTERNAL_URL}/callback
# Discord OAuth2
GOTRUE_EXTERNAL_DISCORD_ENABLED=false
GOTRUE_EXTERNAL_DISCORD_CLIENT_ID=
GOTRUE_EXTERNAL_DISCORD_SECRET=
GOTRUE_EXTERNAL_DISCORD_REDIRECT_URI=${API_EXTERNAL_URL}/callback
# Apple OAuth2
GOTRUE_EXTERNAL_APPLE_ENABLED=false
GOTRUE_EXTERNAL_APPLE_CLIENT_ID=
GOTRUE_EXTERNAL_APPLE_SECRET=
GOTRUE_EXTERNAL_APPLE_REDIRECT_URI=${API_EXTERNAL_URL}/callback
# SAML 2.0. Refer to https://github.com/AppFlowy-IO/AppFlowy-Cloud/blob/main/doc/OKTA_SAML.md for example using Okta.
GOTRUE_SAML_ENABLED=false
GOTRUE_SAML_PRIVATE_KEY=
# =============================================================================
# 💾 FILE STORAGE: S3/MinIO configuration (required for file uploads)
# =============================================================================
# Storage Architecture Control: Determines the file storage backend for the entire system
# Affects: User uploads, document attachments, collaboration snapshots, AI embeddings, import/export files
# When true: Uses MinIO (S3-compatible) with path-style URLs and MinIO endpoint configuration
# When false: Uses AWS S3 with region-based configuration and standard S3 URLs
# Production options: Keep true for self-hosted MinIO, set false for AWS S3
APPFLOWY_S3_USE_MINIO=true
# Bucket Management: Controls automatic bucket creation during AppFlowy startup
# When true: AppFlowy automatically creates the storage bucket if it doesn't exist
# When false: Assumes bucket exists and was created externally (recommended for production)
APPFLOWY_S3_CREATE_BUCKET=true
# MinIO Endpoint Configuration: URL for MinIO API access
# Uses Docker service discovery variables for container networking
# Format combines MINIO_HOST and MINIO_PORT for internal service communication
# Change this URL if using external MinIO instance or different networking setup
APPFLOWY_S3_MINIO_URL=http://${MINIO_HOST}:${MINIO_PORT}
# Storage Authentication: Maps to the MinIO/AWS credentials defined above
# These reference the AWS_ACCESS_KEY and AWS_SECRET variables for consistency
# All AppFlowy services use these credentials to access the file storage backend
APPFLOWY_S3_ACCESS_KEY=${AWS_ACCESS_KEY}
APPFLOWY_S3_SECRET_KEY=${AWS_SECRET}
# Storage Bucket: Default bucket name for all AppFlowy file storage
# Contains: User files, document attachments, collaboration data, AI embeddings
# Must exist in both MinIO and AWS S3 configurations
APPFLOWY_S3_BUCKET=appflowy
# AWS S3 Configuration: Required only when APPFLOWY_S3_USE_MINIO=false
# Uncomment and configure these settings when using AWS S3 instead of MinIO
# APPFLOWY_S3_REGION=us-east-1
# MinIO Presigned URL Endpoint: External URL for client-side file access (optional)
# Enables direct file uploads/downloads from AppFlowy clients through presigned URLs
# Set this to your public MinIO endpoint if using nginx proxy configuration
# Format: Uses the external base URL with /minio-api path for API access
# APPFLOWY_S3_PRESIGNED_URL_ENDPOINT=${APPFLOWY_BASE_URL}/minio-api
# =============================================================================
# 🤖 AI FEATURES: Optional AI capabilities (configure only if needed)
# =============================================================================
# AppFlowy AI
# OpenAI API Authentication: Required API key for AI-powered features and semantic search
# Controls access to OpenAI's embedding models (text-embedding-3-small) for document indexing
# and ChatGPT models (gpt-4o-mini default) for search result summarization
# When configured: Enables semantic document search, AI-powered search summaries, and document embeddings
# When empty: AI features are disabled but core AppFlowy functionality remains fully operational
AI_OPENAI_API_KEY=
# If no summary model is provided, there will be no search summary when using AI search.
AI_OPENAI_API_SUMMARY_MODEL=
# Azure-hosted OpenAI API:
# If you're using a self-hosted OpenAI API via Azure, leave AI_OPENAI_API_KEY empty
# and set the following Azure-specific variables instead. If both are set, the standard OpenAI API will be used.
AI_AZURE_OPENAI_API_KEY=
AI_AZURE_OPENAI_API_BASE=
AI_AZURE_OPENAI_API_VERSION=
# AI Service Configuration (Docker container defaults)
AI_SERVER_PORT=5001
AI_SERVER_HOST=ai
AI_DATABASE_URL=postgresql+psycopg://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
AI_REDIS_URL=redis://${REDIS_HOST}:${REDIS_PORT}
AI_APPFLOWY_BUCKET_NAME=${APPFLOWY_S3_BUCKET}
AI_APPFLOWY_HOST=${APPFLOWY_BASE_URL}
AI_MINIO_URL=http://${MINIO_HOST}:${MINIO_PORT}
# Embedding Configuration
APPFLOWY_EMBEDDING_CHUNK_SIZE=2000
APPFLOWY_EMBEDDING_CHUNK_OVERLAP=200
# =============================================================================
# ⚙️ WORKER SERVICES: Background processing (good defaults for production)
# =============================================================================
# AppFlowy Indexer (for search functionality)
APPFLOWY_INDEXER_ENABLED=true
APPFLOWY_INDEXER_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
APPFLOWY_INDEXER_REDIS_URL=redis://${REDIS_HOST}:${REDIS_PORT}
APPFLOWY_INDEXER_EMBEDDING_BUFFER_SIZE=5000
# AppFlowy Collaboration Service Configuration:
# Controls real-time collaboration behavior and performance
# Multi-thread: Whether collaboration service uses multiple threads (can be true for production)
# When deployed as standalone service, can be set to true for better performance
APPFLOWY_COLLABORATE_MULTI_THREAD=false
# Remove batch size: Number of inactive collaboration groups to remove in a single batch (default: 100)
# Higher values improve cleanup efficiency but may cause temporary blocking
APPFLOWY_COLLABORATE_REMOVE_BATCH_SIZE=100
# AppFlowy Worker Service
APPFLOWY_WORKER_REDIS_URL=redis://${REDIS_HOST}:${REDIS_PORT}
APPFLOWY_WORKER_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
APPFLOWY_WORKER_DATABASE_NAME=${POSTGRES_DB}
# =============================================================================
# 🌐 WEB FRONTEND: AppFlowy Web interface
# =============================================================================
# AppFlowy Web
# If your AppFlowy Web is hosted on a different domain, update this variable to the correct domain
APPFLOWY_WEB_URL=${APPFLOWY_BASE_URL}
# If you are running AppFlowy Web locally for development purpose, use the following value instead
# APPFLOWY_WEB_URL=http://localhost:3000
# =============================================================================
# 🗄️ PGADMIN: Database Management Web Interface
# =============================================================================
# PgAdmin credentials for database management web UI
# You can access pgadmin at http://your-host/pgadmin
# Use the APPFLOWY_DATABASE_URL values when connecting to the database
PGADMIN_DEFAULT_EMAIL=admin@example.com
PGADMIN_DEFAULT_PASSWORD=password
# =============================================================================
# 🌐 NGINX: Reverse proxy and web server configuration
# =============================================================================
# NGINX Configuration
# Optional, change this if you want to use custom ports to expose AppFlowy
NGINX_PORT=80
NGINX_TLS_PORT=443
# =============================================================================
# 🛠️ INFRASTRUCTURE: Networking, logging, and admin tools
# =============================================================================
# Log level for the appflowy-cloud service
RUST_LOG=info
# Cloudflare Tunnel (Advanced Networking)
# Leave empty unless you're using Cloudflare tunnel for secure connections
CLOUDFLARE_TUNNEL_TOKEN=
# Enable AI tests in production environment (usually false)
# Set to true only if you want to run AI-related tests in production
AI_TEST_ENABLED=false