FormBuilder
Self-hosted form builder for one workspace with Authentik OIDC sign-in, Prisma/Postgres storage, per-form response ACLs, public form links, webhooks, uploads, and an MCP endpoint.
Portainer Deployment
This repo is ready to deploy as a Portainer stack with docker-compose.yml.
- Create a new git repo and push this directory.
- In Portainer, create a stack from the git repository.
- Copy
.env.exampleto.envin the stack environment and fill the values below. - Deploy the stack.
The app container runs prisma migrate deploy before starting the Next.js standalone server.
Required .env
APP_PORT=3000
POSTGRES_PASSWORD=replace-with-a-strong-password
AUTH_SECRET=replace-with-openssl-rand-base64-32
AUTH_URL=https://forms.example.com
OIDC_ISSUER=https://authentik.example.com/application/o/formbuilder/
OIDC_CLIENT_ID=replace-with-authentik-client-id
OIDC_CLIENT_SECRET=replace-with-authentik-client-secret
OIDC_PROVIDER_NAME=Authentik
AUTH_BOOTSTRAP_ADMINS=you@example.com
Optional values are documented in .env.example for Redis rate limiting, email, file storage, hCaptcha, and webhook worker auth.
Authentik Setup
Create an OAuth2/OpenID provider in Authentik:
- Provider type: OAuth2/OpenID
- Client type: Confidential
- Redirect URI:
${AUTH_URL}/api/auth/callback/oidc - Scopes:
openid,profile,email - Issuer mode: use the provider's OpenID Configuration Issuer URL
Then create an Authentik application and bind it to that provider. Put the issuer, client ID, and client secret in .env.
The first successful signer becomes an admin. Any emails listed in AUTH_BOOTSTRAP_ADMINS are also promoted on first sign-in.
Persistent Data
The compose stack creates two named volumes:
postgres_data: bundled Postgres databaseuploads: local uploaded files mounted at/app/uploads
For multi-instance deployments, set RATE_LIMIT_DRIVER=redis and provide REDIS_URL. For durable object storage outside the app container, configure the S3 values in .env.example.
Useful Commands
npm ci
npm test
npm run build
docker compose up --build
MCP Endpoint
The MCP endpoint is available at:
POST /api/mcp
Create a token in /app/account, then send requests with:
Authorization: Bearer fb_xxxxxxxxxxxxxxxx
Stack
Next.js 15 App Router, React 19, Auth.js v5, Authentik OIDC, Prisma, Postgres, Tailwind, and Docker Compose.