# –––––––––––––––– REQUIRED –––––––––––––––– NODE_ENV=production # Generate a hex-encoded 32-byte random key. You should use `openssl rand -hex 32` # in your terminal to generate a random value. SECRET_KEY=generate_a_new_key # Generate a unique random key. The format is not important but you could still use # `openssl rand -hex 32` in your terminal to produce this. UTILS_SECRET=generate_a_new_key # For production point these at your databases, in development the default # should work out of the box. DATABASE_URL=postgres://user:pass@localhost:5432/outline DATABASE_CONNECTION_POOL_MIN= DATABASE_CONNECTION_POOL_MAX= # Uncomment this to disable SSL for connecting to Postgres PGSSLMODE=disable # For redis you can either specify an ioredis compatible url like this REDIS_URL=redis://localhost:6379 # or alternatively, if you would like to provide additional connection options, # use a base64 encoded JSON connection option object. Refer to the ioredis documentation # for a list of available options. # Example: Use Redis Sentinel for high availability # {"sentinels":[{"host":"sentinel-0","port":26379},{"host":"sentinel-1","port":26379}],"name":"mymaster"} # REDIS_URL=ioredis://eyJzZW50aW5lbHMiOlt7Imhvc3QiOiJzZW50aW5lbC0wIiwicG9ydCI6MjYzNzl9LHsiaG9zdCI6InNlbnRpbmVsLTEiLCJwb3J0IjoyNjM3OX1dLCJuYW1lIjoibXltYXN0ZXIifQ== # URL should point to the fully qualified, publicly accessible URL. If using a # proxy the port in URL and PORT may be different. URL=http://127.0.0.1:3000 PORT=3000 # See [documentation](docs/SERVICES.md) on running a separate collaboration # server, for normal operation this does not need to be set. COLLABORATION_URL= # Specify what storage system to use. Possible value is one of "s3" or "local". # For "local", the avatar images and document attachments will be saved on local disk. FILE_STORAGE=local # If "local" is configured for FILE_STORAGE above, then this sets the parent directory under # which all attachments/images go. Make sure that the process has permissions to create # this path and also to write files to it. FILE_STORAGE_LOCAL_ROOT_DIR=/var/lib/outline/data # Maximum allowed size for the uploaded attachment. FILE_STORAGE_UPLOAD_MAX_SIZE=262144000 # Override the maximum size of document imports, generally this should be lower # than the document attachment maximum size. FILE_STORAGE_IMPORT_MAX_SIZE= # Override the maximum size of workspace imports, these can be especially large # and the files are temporary being automatically deleted after a period of time. FILE_STORAGE_WORKSPACE_IMPORT_MAX_SIZE= # To support uploading of images for avatars and document attachments in a distributed # architecture an s3-compatible storage can be configured if FILE_STORAGE=s3 above. AWS_ACCESS_KEY_ID=get_a_key_from_aws AWS_SECRET_ACCESS_KEY=get_the_secret_of_above_key AWS_REGION=xx-xxxx-x AWS_S3_ACCELERATE_URL= AWS_S3_UPLOAD_BUCKET_URL=http://s3:4569 AWS_S3_UPLOAD_BUCKET_NAME=bucket_name_here AWS_S3_FORCE_PATH_STYLE=true AWS_S3_ACL=private # –––––––––––––– AUTHENTICATION –––––––––––––– # Third party signin credentials, at least ONE OF EITHER Google, Slack, # or Microsoft is required for a working installation or you'll have no sign-in # options. # To configure Slack auth, you'll need to create an Application at # => https://api.slack.com/apps # # When configuring the Client ID, add a redirect URL under "OAuth & Permissions": # https:///auth/slack.callback SLACK_CLIENT_ID=get_a_key_from_slack SLACK_CLIENT_SECRET=get_the_secret_of_above_key # To configure Google auth, you'll need to create an OAuth Client ID at # => https://console.cloud.google.com/apis/credentials # # When configuring the Client ID, add an Authorized redirect URI: # https:///auth/google.callback GOOGLE_CLIENT_ID= GOOGLE_CLIENT_SECRET= # To configure Microsoft/Azure auth, you'll need to create an OAuth Client. See # the guide for details on setting up your Azure App: # => https://wiki.generaloutline.com/share/dfa77e56-d4d2-4b51-8ff8-84ea6608faa4 AZURE_CLIENT_ID= AZURE_CLIENT_SECRET= AZURE_RESOURCE_APP_ID= # To configure generic OIDC auth, you'll need some kind of identity provider. # See documentation for whichever IdP you use to acquire the following info: # Redirect URI is https:///auth/oidc.callback OIDC_CLIENT_ID= OIDC_CLIENT_SECRET= OIDC_AUTH_URI= OIDC_TOKEN_URI= OIDC_USERINFO_URI= OIDC_LOGOUT_URI= # Specify which claims to derive user information from # Supports any valid JSON path with the JWT payload OIDC_USERNAME_CLAIM=preferred_username # Display name for OIDC authentication OIDC_DISPLAY_NAME=OpenID Connect # Space separated auth scopes. OIDC_SCOPES=openid profile email # To configure the GitHub integration, you'll need to create a GitHub App at # => https://github.com/settings/apps # # When configuring the Client ID, add a redirect URL under "Permissions & events": # https:///api/github.callback GITHUB_CLIENT_ID= GITHUB_CLIENT_SECRET= GITHUB_APP_NAME= GITHUB_APP_ID= GITHUB_APP_PRIVATE_KEY= # To configure Discord auth, you'll need to create a Discord Application at # => https://discord.com/developers/applications/ # # When configuring the Client ID, add a redirect URL under "OAuth2": # https:///auth/discord.callback DISCORD_CLIENT_ID= DISCORD_CLIENT_SECRET= # DISCORD_SERVER_ID should be the ID of the Discord server that Outline is # integrated with. # Used to verify that the user is a member of the server as well as server # metadata such as nicknames, server icon and name. DISCORD_SERVER_ID= # DISCORD_SERVER_ROLES should be a comma separated list of role IDs that are # allowed to access Outline. If this is not set, all members of the server # will be allowed to access Outline. # DISCORD_SERVER_ID and DISCORD_SERVER_ROLES must be set together. DISCORD_SERVER_ROLES= # –––––––––––––––– OPTIONAL –––––––––––––––– # Base64 encoded private key and certificate for HTTPS termination. This is only # required if you do not use an external reverse proxy. See documentation: # https://wiki.generaloutline.com/share/1c922644-40d8-41fe-98f9-df2b67239d45 SSL_KEY= SSL_CERT= # If using a Cloudfront/Cloudflare distribution or similar it can be set below. # This will cause paths to javascript, stylesheets, and images to be updated to # the hostname defined in CDN_URL. In your CDN configuration the origin server # should be set to the same as URL. CDN_URL= # Auto-redirect to https in production. The default is true but you may set to # false if you can be sure that SSL is terminated at an external loadbalancer. FORCE_HTTPS=false # Have the installation check for updates by sending anonymized statistics to # the maintainers ENABLE_UPDATES=true # How many processes should be spawned. As a reasonable rule divide your servers # available memory by 512 for a rough estimate WEB_CONCURRENCY=1 # You can remove this line if your reverse proxy already logs incoming http # requests and this ends up being duplicative DEBUG=http # Configure lowest severity level for server logs. Should be one of # error, warn, info, http, verbose, debug and silly LOG_LEVEL=info # For a complete Slack integration with search and posting to channels the # following configs are also needed, some more details # => https://wiki.generaloutline.com/share/be25efd1-b3ef-4450-b8e5-c4a4fc11e02a # SLACK_VERIFICATION_TOKEN=your_token SLACK_APP_ID=A0XXXXXXX SLACK_MESSAGE_ACTIONS=true # Optionally enable Sentry (sentry.io) to track errors and performance, # and optionally add a Sentry proxy tunnel for bypassing ad blockers in the UI: # https://docs.sentry.io/platforms/javascript/troubleshooting/#using-the-tunnel-option) SENTRY_DSN= SENTRY_TUNNEL= # To support sending outgoing transactional emails such as "document updated" or # "you've been invited" you'll need to provide authentication for an SMTP server SMTP_HOST= SMTP_PORT= SMTP_USERNAME= SMTP_PASSWORD= SMTP_FROM_EMAIL= SMTP_REPLY_EMAIL= SMTP_TLS_CIPHERS= SMTP_SECURE=true # The default interface language. See translate.getoutline.com for a list of # available language codes and their rough percentage translated. DEFAULT_LANGUAGE=zh_CN # Optionally enable rate limiter at application web server RATE_LIMITER_ENABLED=true # Configure default throttling parameters for rate limiter RATE_LIMITER_REQUESTS=1000 RATE_LIMITER_DURATION_WINDOW=60 # Iframely API config # https://iframe.ly/api/oembed # https://iframe.ly/api/iframely IFRAMELY_URL=https://iframe.ly/api/iframely # IFRAMELY_API_KEY=