goodcomms/server.env.example at main · GoodComms/goodcomms · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
# GoodComms Server Configuration
# ─────────────────────────────────────────────────────────────────────────────
# Copy this file to `.env` and fill in your values.
# Lines starting with # are comments and are ignored.
#
# All settings can also be passed as CLI flags or environment variables
# directly. Environment variables take precedence over defaults; CLI flags
# take precedence over environment variables.
# ─────────────────────────────────────────────────────────────────────────────


# ── Network ───────────────────────────────────────────────────────────────────

# IP address to bind to. Use 0.0.0.0 to accept connections on all interfaces.
IP_ADDR=0.0.0.0

# Main TCP port for WebSocket and HTTP traffic.
# Behind a reverse proxy: set to an internal port (e.g. 4076) and set NO_TLS=true.
# Standalone: set to 443 (HTTPS) or any port you prefer.
PORT=4076

# HTTP redirect port (redirects plain HTTP → HTTPS). Only used in standalone mode.
# Not needed when behind a reverse proxy.
HTTP_PORT=80

# Voice relay UDP port. Must be open in your firewall.
VOICE_PORT=4077

# Video relay UDP port. Must be open in your firewall.
VIDEO_PORT=4078


# ── TLS ───────────────────────────────────────────────────────────────────────

# Set to true when running behind a reverse proxy (Caddy, Nginx, Traefik).
# The proxy handles TLS; GoodComms receives plain HTTP on PORT.
NO_TLS=true

# Paths to your TLS certificate and private key (Mode C: manual TLS).
# Leave commented out to use auto-generated self-signed certificates (Mode B).
# TLS_CERT_PATH=/path/to/fullchain.pem
# TLS_KEY_PATH=/path/to/privkey.pem

# Automatic HTTPS via ACME/Let's Encrypt. Requires a public domain.
# DOMAIN=chat.yourdomain.com
# ACME_EMAIL=admin@yourdomain.com


# ── Storage ───────────────────────────────────────────────────────────────────

# Path to the SQLite database file.
DATABASE_PATH=/app/data/goodcomms.db

# Directory for chat file uploads (images, attachments).
STORAGE_DIR=/app/uploads

# Directory for the Server Drive (community file storage).
DRIVE_DIR=/app/drive

# Auto-delete chat media older than this many days (0 = keep forever).
RETENTION_DAYS=0


# ── Bootstrap ─────────────────────────────────────────────────────────────────
# First run only. These create the initial Owner account.
# REMOVE THESE LINES after logging in for the first time — credentials
# in a config file are a security risk once the account is in the database.

# ADMIN_USER=your_username
# ADMIN_PASS=your_secure_password


# ── Security ──────────────────────────────────────────────────────────────────

# JWT signing secret. If not set, one is auto-generated and stored in the
# database on first run. Only set this manually if you need a stable,
# portable secret (e.g. migrating the server to new hardware).
# JWT_SECRET=


# ── GIF Search (Optional) ─────────────────────────────────────────────────────

# Klipy API key (recommended GIF provider).
# KLIPY_API_KEY=

# Giphy API key (fallback GIF provider). Used if Klipy is unavailable.
# GIPHY_API_KEY=


# ── Logging ───────────────────────────────────────────────────────────────────

# Directory to write rolling log files. Set to empty string to disable file logging.
LOG_DIR=logs

# Maximum log file size in MB before rotating to a new file.
LOG_MAX_SIZE_MB=50

# Number of rotated log files to keep (oldest are deleted automatically).
LOG_MAX_FILES=5


# ── Performance ───────────────────────────────────────────────────────────────

# Number of permission entries to cache in RAM.
# Increase for servers with many channels and active users.
PERMISSION_CACHE_SIZE=1000