dawarich/docker/.env.example

# Dawarich Docker Compose Configuration
# Copy this file to .env and customize for your environment

# =============================================================================
# ENVIRONMENT CONFIGURATION
# =============================================================================

# Rails environment: development, staging, or production
RAILS_ENV=development

# =============================================================================
# DATABASE CONFIGURATION
# =============================================================================

# PostgreSQL credentials
POSTGRES_USER=postgres
POSTGRES_PASSWORD=password

# Database name
POSTGRES_DB=dawarich_development

# Database connection settings (used by Rails app)
DATABASE_HOST=dawarich_db
DATABASE_PORT=5432
DATABASE_USERNAME=postgres
DATABASE_PASSWORD=password
DATABASE_NAME=dawarich_development

# =============================================================================
# REDIS CONFIGURATION
# =============================================================================

# Redis connection URL
REDIS_URL=redis://dawarich_redis:6379

# =============================================================================
# APPLICATION SETTINGS
# =============================================================================

# Port to expose the application on
DAWARICH_APP_PORT=3000

# Application hosts (comma-separated)
# Development: localhost
# Production: your-domain.com,www.your-domain.com
APPLICATION_HOSTS=localhost,::1,127.0.0.1

# Application protocol (http or https)
APPLICATION_PROTOCOL=http

# Time zone
TIME_ZONE=Europe/London

# Minimum minutes spent in city for statistics
MIN_MINUTES_SPENT_IN_CITY=60

# Self-hosted flag (true for docker deployments)
SELF_HOSTED=true

# Store geodata (reverse geocoding results)
STORE_GEODATA=true

# Storage backend (local or s3)
STORAGE_BACKEND=local

# =============================================================================
# SECURITY
# =============================================================================

# Secret key base for production/staging
# Generate with: openssl rand -hex 64
# Leave empty for development
# REQUIRED for production and staging environments
SECRET_KEY_BASE=

# =============================================================================
# BACKGROUND JOBS
# =============================================================================

# Sidekiq concurrency (number of threads)
BACKGROUND_PROCESSING_CONCURRENCY=10

# =============================================================================
# MONITORING & LOGGING
# =============================================================================

# Prometheus exporter settings
PROMETHEUS_EXPORTER_ENABLED=false
PROMETHEUS_EXPORTER_HOST=0.0.0.0
PROMETHEUS_EXPORTER_PORT=9394
PROMETHEUS_EXPORTER_HOST_SIDEKIQ=dawarich_app

# Uncomment to expose Prometheus port
# PROMETHEUS_PORT=9394

# Rails logging
RAILS_LOG_TO_STDOUT=true

# Docker logging settings
LOG_MAX_SIZE=100m
LOG_MAX_FILE=5

# =============================================================================
# RESOURCE LIMITS
# =============================================================================

# CPU and memory limits for the app container
APP_CPU_LIMIT=0.50
APP_MEMORY_LIMIT=4G

# =============================================================================
# EXAMPLE CONFIGURATIONS BY ENVIRONMENT
# =============================================================================

# --- DEVELOPMENT ---
# RAILS_ENV=development
# POSTGRES_DB=dawarich_development
# DATABASE_NAME=dawarich_development
# APPLICATION_HOSTS=localhost,::1,127.0.0.1
# APPLICATION_PROTOCOL=http
# SECRET_KEY_BASE=
# SELF_HOSTED=true

# --- STAGING ---
# RAILS_ENV=staging
# POSTGRES_DB=dawarich_staging
# DATABASE_NAME=dawarich_staging
# APPLICATION_HOSTS=staging.example.com
# APPLICATION_PROTOCOL=https
# SECRET_KEY_BASE=your-generated-secret-key
# SELF_HOSTED=true

# --- PRODUCTION ---
# RAILS_ENV=production
# POSTGRES_DB=dawarich_production
# DATABASE_NAME=dawarich_production
# APPLICATION_HOSTS=dawarich.example.com,www.dawarich.example.com
# APPLICATION_PROTOCOL=https
# SECRET_KEY_BASE=your-generated-secret-key
# SELF_HOSTED=true
# PROMETHEUS_EXPORTER_ENABLED=true

# =============================================================================
# Example of configuration for OpenID Connect (OIDC) authentication
#
# =============================================================================

# Generic OpenID Connect (for Authelia, Authentik, Keycloak, etc.)
# Option 1: Using OIDC Discovery (Recommended)
# Set OIDC_ISSUER to your provider's issuer URL (e.g., https://auth.example.com)
# The provider must support OpenID Connect Discovery (.well-known/openid-configuration)
OIDC_CLIENT_ID=client_id_example
OIDC_CLIENT_SECRET=client_secret_example
OIDC_ISSUER=https://authentik.yourdomain.com/application/o/dawarich/
OIDC_REDIRECT_URI=https://your-dawarich-url.com/users/auth/openid_connect/callback

# OIDC Provider Name
# Custom display name for your OIDC provider shown on the sign-in page
# Default: "Openid Connect" (if not specified)
# Examples: "Authelia", "Authentik", "Keycloak", "Company SSO"
OIDC_PROVIDER_NAME=Authentik

# OIDC Auto-Registration
# Controls whether new users are automatically created when signing in with OIDC
# Set to 'false' to require administrators to pre-create user accounts
# When disabled, OIDC users must have an existing account (matching email) to sign in
# Default: true (automatically create new users)
OIDC_AUTO_REGISTER=true

# Authentication Methods Control
# Control which authentication methods are available in self-hosted mode
#
# ALLOW_EMAIL_PASSWORD_REGISTRATION - Allow users to register with email/password
# Default: false (disabled in self-hosted mode, only family invitations allowed)
# Set to 'true' to allow public email/password registration alongside OIDC
ALLOW_EMAIL_PASSWORD_REGISTRATION=false

# Option 2: Manual Endpoint Configuration (if discovery is not supported)
# Use this if your provider doesn't support OIDC discovery
# OIDC_CLIENT_ID=
# OIDC_CLIENT_SECRET=
# OIDC_HOST=auth.example.com
# OIDC_SCHEME=https
# OIDC_PORT=443
# OIDC_AUTHORIZATION_ENDPOINT=/authorize
# OIDC_TOKEN_ENDPOINT=/token
# OIDC_USERINFO_ENDPOINT=/userinfo
# OIDC_REDIRECT_URI=https://yourdomain.com/users/auth/openid_connect/callback

# Example configurations:
#
# Authelia:
# OIDC_ISSUER=https://auth.example.com
# OIDC_CLIENT_ID=your-client-id
# OIDC_CLIENT_SECRET=your-client-secret
# OIDC_REDIRECT_URI=https://dawarich.example.com/users/auth/openid_connect/callback
#
# Authentik:
# OIDC_ISSUER=https://authentik.example.com/application/o/dawarich/
# OIDC_CLIENT_ID=your-client-id
# OIDC_CLIENT_SECRET=your-client-secret
# OIDC_REDIRECT_URI=https://dawarich.example.com/users/auth/openid_connect/callback
#
# Keycloak:
# OIDC_ISSUER=https://keycloak.example.com/realms/your-realm
# OIDC_CLIENT_ID=dawarich
# OIDC_CLIENT_SECRET=your-client-secret
# OIDC_REDIRECT_URI=https://dawarich.example.com/users/auth/openid_connect/callback
Unify Dockerfile 2025-11-07 06:38:44 -05:00			`# Dawarich Docker Compose Configuration`
			`# Copy this file to .env and customize for your environment`

			`# =============================================================================`
			`# ENVIRONMENT CONFIGURATION`
			`# =============================================================================`

			`# Rails environment: development, staging, or production`
			`RAILS_ENV=development`

			`# =============================================================================`
			`# DATABASE CONFIGURATION`
			`# =============================================================================`

			`# PostgreSQL credentials`
			`POSTGRES_USER=postgres`
			`POSTGRES_PASSWORD=password`

Allow S3 storage backend to be used in self-hosted instances 2025-11-07 17:50:18 -05:00			`# Database name`
Unify Dockerfile 2025-11-07 06:38:44 -05:00			`POSTGRES_DB=dawarich_development`

			`# Database connection settings (used by Rails app)`
			`DATABASE_HOST=dawarich_db`
			`DATABASE_PORT=5432`
			`DATABASE_USERNAME=postgres`
			`DATABASE_PASSWORD=password`
			`DATABASE_NAME=dawarich_development`

			`# =============================================================================`
			`# REDIS CONFIGURATION`
			`# =============================================================================`

			`# Redis connection URL`
			`REDIS_URL=redis://dawarich_redis:6379`

			`# =============================================================================`
			`# APPLICATION SETTINGS`
			`# =============================================================================`

			`# Port to expose the application on`
			`DAWARICH_APP_PORT=3000`

			`# Application hosts (comma-separated)`
			`# Development: localhost`
			`# Production: your-domain.com,www.your-domain.com`
			`APPLICATION_HOSTS=localhost,::1,127.0.0.1`

			`# Application protocol (http or https)`
			`APPLICATION_PROTOCOL=http`

			`# Time zone`
			`TIME_ZONE=Europe/London`

			`# Minimum minutes spent in city for statistics`
			`MIN_MINUTES_SPENT_IN_CITY=60`

			`# Self-hosted flag (true for docker deployments)`
			`SELF_HOSTED=true`

			`# Store geodata (reverse geocoding results)`
			`STORE_GEODATA=true`

Allow S3 storage backend to be used in self-hosted instances 2025-11-07 17:50:18 -05:00			`# Storage backend (local or s3)`
			`STORAGE_BACKEND=local`

Unify Dockerfile 2025-11-07 06:38:44 -05:00			`# =============================================================================`
			`# SECURITY`
			`# =============================================================================`

			`# Secret key base for production/staging`
			`# Generate with: openssl rand -hex 64`
Update changelog 2025-11-09 10:27:00 -05:00			`# Leave empty for development`
			`# REQUIRED for production and staging environments`
Unify Dockerfile 2025-11-07 06:38:44 -05:00			`SECRET_KEY_BASE=`

			`# =============================================================================`
			`# BACKGROUND JOBS`
			`# =============================================================================`

			`# Sidekiq concurrency (number of threads)`
			`BACKGROUND_PROCESSING_CONCURRENCY=10`

			`# =============================================================================`
			`# MONITORING & LOGGING`
			`# =============================================================================`

			`# Prometheus exporter settings`
			`PROMETHEUS_EXPORTER_ENABLED=false`
			`PROMETHEUS_EXPORTER_HOST=0.0.0.0`
			`PROMETHEUS_EXPORTER_PORT=9394`
			`PROMETHEUS_EXPORTER_HOST_SIDEKIQ=dawarich_app`

			`# Uncomment to expose Prometheus port`
			`# PROMETHEUS_PORT=9394`

			`# Rails logging`
			`RAILS_LOG_TO_STDOUT=true`

			`# Docker logging settings`
			`LOG_MAX_SIZE=100m`
			`LOG_MAX_FILE=5`

			`# =============================================================================`
			`# RESOURCE LIMITS`
			`# =============================================================================`

			`# CPU and memory limits for the app container`
			`APP_CPU_LIMIT=0.50`
			`APP_MEMORY_LIMIT=4G`

			`# =============================================================================`
			`# EXAMPLE CONFIGURATIONS BY ENVIRONMENT`
			`# =============================================================================`

			`# --- DEVELOPMENT ---`
			`# RAILS_ENV=development`
			`# POSTGRES_DB=dawarich_development`
			`# DATABASE_NAME=dawarich_development`
			`# APPLICATION_HOSTS=localhost,::1,127.0.0.1`
			`# APPLICATION_PROTOCOL=http`
			`# SECRET_KEY_BASE=`
			`# SELF_HOSTED=true`

			`# --- STAGING ---`
			`# RAILS_ENV=staging`
			`# POSTGRES_DB=dawarich_staging`
			`# DATABASE_NAME=dawarich_staging`
			`# APPLICATION_HOSTS=staging.example.com`
			`# APPLICATION_PROTOCOL=https`
			`# SECRET_KEY_BASE=your-generated-secret-key`
			`# SELF_HOSTED=true`

			`# --- PRODUCTION ---`
			`# RAILS_ENV=production`
			`# POSTGRES_DB=dawarich_production`
			`# DATABASE_NAME=dawarich_production`
			`# APPLICATION_HOSTS=dawarich.example.com,www.dawarich.example.com`
			`# APPLICATION_PROTOCOL=https`
			`# SECRET_KEY_BASE=your-generated-secret-key`
			`# SELF_HOSTED=true`
			`# PROMETHEUS_EXPORTER_ENABLED=true`
0.36.0 (#1952) * Implement OmniAuth GitHub authentication * Fix omniauth GitHub scope to include user email access * Remove margin-bottom * Implement Google OAuth2 authentication * Implement OIDC authentication for Dawarich using omniauth_openid_connect gem. * Add patreon account linking and patron checking service * Update docker-compose.yml to use boolean values instead of strings * Add support for KML files * Add tests * Update changelog * Remove patreon OAuth integration * Move omniauthable to a concern * Update an icon in integrations * Update changelog * Update app version * Fix family location sharing toggle * Move family location sharing to its own controller * Update changelog * Implement basic tagging functionality for places, allowing users to categorize and label places with custom tags. * Add places management API and tags feature * Add some changes related to places management feature * Fix some tests * Fix sometests * Add places layer * Update places layer to use Leaflet.Control.Layers.Tree for hierarchical layer control * Rework tag form * Add hashtag * Add privacy zones to tags * Add notes to places and manage place tags * Update changelog * Update e2e tests * Extract tag serializer to its own file * Fix some tests * Fix tags request specs * Fix some tests * Fix rest of the tests * Revert some changes * Add missing specs * Revert changes in place export/import code * Fix some specs * Fix PlaceFinder to only consider global places when finding existing places * Fix few more specs * Fix visits creator spec * Fix last tests * Update place creating modal * Add home location based on "Home" tagged place * Save enabled tag layers * Some fixes * Fix bug where enabling place tag layers would trigger saving enabled layers, overwriting with incomplete data * Update migration to use disable_ddl_transaction! and add up/down methods * Fix tag layers restoration and filtering logic * Update OIDC auto-registration and email/password registration settings * Fix potential xss 2025-11-24 13:45:09 -05:00
			`# =============================================================================`
			`# Example of configuration for OpenID Connect (OIDC) authentication`
			`#`
			`# =============================================================================`

			`# Generic OpenID Connect (for Authelia, Authentik, Keycloak, etc.)`
			`# Option 1: Using OIDC Discovery (Recommended)`
			`# Set OIDC_ISSUER to your provider's issuer URL (e.g., https://auth.example.com)`
			`# The provider must support OpenID Connect Discovery (.well-known/openid-configuration)`
			`OIDC_CLIENT_ID=client_id_example`
			`OIDC_CLIENT_SECRET=client_secret_example`
			`OIDC_ISSUER=https://authentik.yourdomain.com/application/o/dawarich/`
			`OIDC_REDIRECT_URI=https://your-dawarich-url.com/users/auth/openid_connect/callback`

			`# OIDC Provider Name`
			`# Custom display name for your OIDC provider shown on the sign-in page`
			`# Default: "Openid Connect" (if not specified)`
			`# Examples: "Authelia", "Authentik", "Keycloak", "Company SSO"`
			`OIDC_PROVIDER_NAME=Authentik`

			`# OIDC Auto-Registration`
			`# Controls whether new users are automatically created when signing in with OIDC`
			`# Set to 'false' to require administrators to pre-create user accounts`
			`# When disabled, OIDC users must have an existing account (matching email) to sign in`
			`# Default: true (automatically create new users)`
			`OIDC_AUTO_REGISTER=true`

			`# Authentication Methods Control`
			`# Control which authentication methods are available in self-hosted mode`
			`#`
			`# ALLOW_EMAIL_PASSWORD_REGISTRATION - Allow users to register with email/password`
			`# Default: false (disabled in self-hosted mode, only family invitations allowed)`
			`# Set to 'true' to allow public email/password registration alongside OIDC`
			`ALLOW_EMAIL_PASSWORD_REGISTRATION=false`

			`# Option 2: Manual Endpoint Configuration (if discovery is not supported)`
			`# Use this if your provider doesn't support OIDC discovery`
			`# OIDC_CLIENT_ID=`
			`# OIDC_CLIENT_SECRET=`
			`# OIDC_HOST=auth.example.com`
			`# OIDC_SCHEME=https`
			`# OIDC_PORT=443`
			`# OIDC_AUTHORIZATION_ENDPOINT=/authorize`
			`# OIDC_TOKEN_ENDPOINT=/token`
			`# OIDC_USERINFO_ENDPOINT=/userinfo`
			`# OIDC_REDIRECT_URI=https://yourdomain.com/users/auth/openid_connect/callback`

			`# Example configurations:`
			`#`
			`# Authelia:`
			`# OIDC_ISSUER=https://auth.example.com`
			`# OIDC_CLIENT_ID=your-client-id`
			`# OIDC_CLIENT_SECRET=your-client-secret`
			`# OIDC_REDIRECT_URI=https://dawarich.example.com/users/auth/openid_connect/callback`
			`#`
			`# Authentik:`
			`# OIDC_ISSUER=https://authentik.example.com/application/o/dawarich/`
			`# OIDC_CLIENT_ID=your-client-id`
			`# OIDC_CLIENT_SECRET=your-client-secret`
			`# OIDC_REDIRECT_URI=https://dawarich.example.com/users/auth/openid_connect/callback`
			`#`
			`# Keycloak:`
			`# OIDC_ISSUER=https://keycloak.example.com/realms/your-realm`
			`# OIDC_CLIENT_ID=dawarich`
			`# OIDC_CLIENT_SECRET=your-client-secret`
			`# OIDC_REDIRECT_URI=https://dawarich.example.com/users/auth/openid_connect/callback`