| 123456789101112131415161718192021222324252627282930313233343536 |
- # Entra ID / OIDC
- ENTRA_TENANT_ID=
- ENTRA_CLIENT_ID=
- ENTRA_CLIENT_SECRET=
- # Base URL the app is reachable at (no trailing slash).
- # Used to build the OIDC redirect URI {APP_BASE_URL}/auth/callback
- APP_BASE_URL=http://localhost:8080
- # Path to the SQLite database file inside the container. Leave as-is unless
- # you have a specific reason to change it. The parent dir is the mounted
- # volume (/var/www/data).
- DB_PATH=/var/www/data/app.sqlite
- # Session handler files directory.
- SESSION_PATH=/var/www/data/sessions
- # 'production' disables verbose error output. Anything else is treated as dev.
- APP_ENV=production
- # ---------------------------------------------------------------------------
- # Local admin (optional) — lets you sign in without Entra, e.g. during initial
- # setup or for a fully on-prem deployment. Set BOTH email and the password
- # hash to enable; leave blank to disable. The password is verified with PHP's
- # password_verify() against LOCAL_ADMIN_PASSWORD_HASH, so .env never contains
- # the password itself. Generate the hash with:
- # docker run --rm php:8.3-cli php -r \
- # 'echo password_hash(readline("Password: "), PASSWORD_DEFAULT), PHP_EOL;'
- # (Or `php -r '...'` directly if you have PHP 8 on the host.) Paste the
- # resulting `$2y$...` string verbatim. Single quotes recommended in .env so
- # the `$` in the hash isn't interpreted by the shell.
- # The resulting user is stored with entra_oid = "local:<email>" and is_admin=1.
- # ---------------------------------------------------------------------------
- LOCAL_ADMIN_EMAIL=
- LOCAL_ADMIN_PASSWORD_HASH=
- LOCAL_ADMIN_NAME=Local Admin
|
