| 123456789101112131415161718192021222324252627282930313233 |
- # Entra ID / OIDC
- ENTRA_TENANT_ID=
- ENTRA_CLIENT_ID=
- ENTRA_CLIENT_SECRET=
- # Base URL the app is reachable at (no trailing slash).
- # Used to build the OIDC redirect URI {APP_BASE_URL}/auth/callback
- APP_BASE_URL=http://localhost:8080
- # Random string (>=32 bytes). Used to salt the session cookie name / CSRF tokens.
- SESSION_SECRET=
- # Path to the SQLite database file inside the container. Leave as-is unless
- # you have a specific reason to change it. The parent dir is the mounted
- # volume (/var/www/data).
- DB_PATH=/var/www/data/app.sqlite
- # Session handler files directory.
- SESSION_PATH=/var/www/data/sessions
- # 'production' disables verbose error output. Anything else is treated as dev.
- APP_ENV=production
- # ---------------------------------------------------------------------------
- # Local admin (optional) — lets you sign in without Entra, e.g. during initial
- # setup or for a fully on-prem deployment. Set BOTH email and password to
- # enable; leave blank to disable. The password is compared in plain text
- # against this env value — so .env must be readable only by the app user.
- # The resulting user is stored with entra_oid = "local:<email>" and is_admin=1.
- # ---------------------------------------------------------------------------
- LOCAL_ADMIN_EMAIL=
- LOCAL_ADMIN_PASSWORD=
- LOCAL_ADMIN_NAME=Local Admin
|
