Files
plunk/.env.self-host.example
T

183 lines
7.1 KiB
Bash

# ========================================
# Plunk Self-Hosting Configuration
# ========================================
# ========================================
# REQUIRED: Security & Database
# ========================================
DB_PASSWORD=changeme123
JWT_SECRET=
# ========================================
# REQUIRED: Domains
# ========================================
# Replace example.com with your domain
# Or use *.localhost for local testing
API_DOMAIN=api.example.com
DASHBOARD_DOMAIN=app.example.com
LANDING_DOMAIN=www.example.com
WIKI_DOMAIN=docs.example.com
# For local development: URIs for running services locally
# These are used by the applications at runtime
API_URI=http://localhost:8080
DASHBOARD_URI=http://localhost:3000
LANDING_URI=http://localhost:4000
WIKI_URI=http://localhost:1000
# NEXT_PUBLIC_* variables are used for client-side code and sitemap generation
# Use placeholder URLs that will be replaced at Docker container runtime
NEXT_PUBLIC_API_URI=https://next-api.useplunk.com
NEXT_PUBLIC_DASHBOARD_URI=https://next-app.useplunk.com
NEXT_PUBLIC_LANDING_URI=https://www.useplunk.com
NEXT_PUBLIC_WIKI_URI=https://next-wiki.useplunk.com
# Set to 'true' if using HTTPS in production (behind a reverse proxy/load balancer)
# This affects how application URIs are auto-generated from domain names
USE_HTTPS=false
# ========================================
# REQUIRED: AWS SES (Email Sending)
# ========================================
AWS_SES_REGION=us-east-1
AWS_SES_ACCESS_KEY_ID=
AWS_SES_SECRET_ACCESS_KEY=
# Configuration sets for email tracking
# SES_CONFIGURATION_SET: Default configuration with open/click tracking enabled
SES_CONFIGURATION_SET=plunk-configuration-set
# SES_CONFIGURATION_SET_NO_TRACKING: Optional configuration without tracking
# If not set, the tracking toggle will be hidden in project settings
# When set, projects can choose to disable email tracking
SES_CONFIGURATION_SET_NO_TRACKING=plunk-no-tracking-configuration-set
# Custom MAIL FROM subdomain — used to construct `<subdomain>.<your-domain>`
# when a domain is added. Defaults to `plunk`. Override when `plunk.<your-domain>`
# is already used for something else (e.g. an R2/CDN custom domain), since the
# MAIL FROM hostname needs MX + TXT records that can't coexist with a CNAME.
# Example: MAIL_FROM_SUBDOMAIN=emails → emails.<your-domain>
# MAIL_FROM_SUBDOMAIN=
# ========================================
# OPTIONAL: OAuth Login
# ========================================
GITHUB_OAUTH_CLIENT=
GITHUB_OAUTH_SECRET=
GOOGLE_OAUTH_CLIENT=
GOOGLE_OAUTH_SECRET=
# ========================================
# OPTIONAL: File Storage (Minio)
# ========================================
# Minio is included by default in Docker Compose
# These credentials match the Minio service configuration
# Leave defaults unless you're using external storage
MINIO_ROOT_USER=plunk
MINIO_ROOT_PASSWORD=plunkminiopass
MINIO_API_PORT=9000
MINIO_CONSOLE_PORT=9001
# S3-compatible storage configuration
# For self-hosted: uses internal Minio service (defaults work out of the box)
S3_ENDPOINT=http://minio:9000
S3_ACCESS_KEY_ID=plunk
S3_ACCESS_KEY_SECRET=plunkminiopass
S3_BUCKET=uploads
S3_PUBLIC_URL=http://localhost:9000/uploads
S3_FORCE_PATH_STYLE=true
# ========================================
# OPTIONAL: Notifications (ntfy.sh)
# ========================================
# Plunk includes a self-hosted ntfy.sh server for system notifications
# You can access the ntfy web UI at http://localhost:8080 (or your configured NTFY_PORT)
# Subscribe to the topic 'plunk-notifications' to receive notifications
# Port for ntfy web UI and API (default: 8080)
NTFY_PORT=8080
# Ntfy topic URL - Uses internal ntfy service by default
# To use external ntfy.sh or your own server, change this URL
# Examples:
# - Self-hosted (default): http://ntfy/plunk-notifications
# - Public ntfy.sh: https://ntfy.sh/your-unique-topic-name
# - Custom server: https://your-ntfy-server.com/your-topic
NTFY_URL=http://ntfy/plunk-notifications
# ========================================
# OPTIONAL: SMTP Server
# ========================================
# The SMTP relay server allows sending emails via SMTP protocol
# TLS certificates can be mounted via:
# 1. Traefik acme.json (requires SMTP_DOMAIN to select the right cert)
# 2. PEM files (privkey.pem and fullchain.pem)
# SMTP domain - Required if using Traefik acme.json with multiple certificates
# Optional if using PEM files
SMTP_DOMAIN=smtp.example.com
# SMTP Ports (defaults work for most setups)
# PORT_SECURE=465 # SMTPS (implicit TLS)
# PORT_SUBMISSION=587 # SMTP Submission (STARTTLS)
# Maximum recipients per email (default: 5)
# MAX_RECIPIENTS=5
# ========================================
# OPTIONAL: Platform emails
# ========================================
# Your Plunk instance will send emails if you provide a Plunk API key and a from address
# These emails include system notifications, for example when your project hits billing limits
# PLUNK_API_KEY=
# PLUNK_FROM_ADDRESS=
# ========================================
# OPTIONAL: Security Settings
# ========================================
# Controls whether projects are automatically disabled when bounce/complaint rate thresholds are exceeded
# When enabled (default), projects exceeding security limits will be automatically suspended
# When disabled, violations will be logged and notifications sent, but projects won't be auto-disabled
# Recommended for self-hosters: false (manage project status manually)
# Default: true
# AUTO_PROJECT_DISABLE=false
# ========================================
# OPTIONAL: Self-Hosting User Management
# ========================================
# Controls whether new user signups are allowed
# When enabled (true), the signup endpoint will reject new user registration attempts
# Useful for private instances or when you want to manually manage users
# Default: false
# DISABLE_SIGNUPS=false
# ========================================
# OPTIONAL: SES Sending Rate
# ========================================
# Caps the email-worker's send rate (messages per second) for the SES sandbox or
# manually-throttled accounts. When unset, the worker probes the AWS account at
# startup via ses:GetSendQuota; if that call is denied or transiently fails,
# the worker silently falls back to 14/sec which may exceed sandbox limits and
# trigger SES throttling errors. Set this explicitly to avoid the silent fallback.
# Default: unset (auto-detect, falls back to 14)
# EMAIL_RATE_LIMIT_PER_SECOND=1
# Number of emails the worker processes in parallel. When unset, concurrency is
# derived from the effective rate limit (~ rate * 0.5, min 5, capped by
# EMAIL_WORKER_MAX_CONCURRENCY) so a higher SES quota translates into higher
# throughput automatically. Pin this only when the Prisma pool or memory is the
# binding constraint.
# Default: unset (auto-derived)
# EMAIL_WORKER_CONCURRENCY=10
# Upper bound applied to the auto-derived concurrency. Raise this when your SES
# quota is high AND the Prisma connection pool has been sized for it.
# Default: 50
# EMAIL_WORKER_MAX_CONCURRENCY=50
# ========================================
# ADVANCED (rarely needed)
# ========================================
# NGINX_PORT=80