AppFlowy-Cloud/deploy.env

# =============================================================================
# AppFlowy Cloud - Production Deployment Configuration
# =============================================================================
# This file is a template for docker compose deployment
# Copy this file to .env and change the values as needed

# Fully qualified domain name for the deployment. Replace localhost with your domain,
# such as mydomain.com.
FQDN=localhost

# Change this to https if you are using TLS.
SCHEME=http
# Change this to wss if you are using TLS
WS_SCHEME=ws

APPFLOWY_BASE_URL=${SCHEME}://${FQDN}
APPFLOWY_WEBSOCKET_BASE_URL=${WS_SCHEME}://${FQDN}/ws/v2

# =============================================================================
# 🗄️ DATABASE & CACHE: Core data infrastructure
# =============================================================================

# PostgreSQL Settings
POSTGRES_HOST=postgres
POSTGRES_USER=postgres
POSTGRES_PASSWORD=password
POSTGRES_PORT=5432
POSTGRES_DB=postgres

# Redis Settings
REDIS_HOST=redis
REDIS_PORT=6379

# =============================================================================
# 🏗️ INFRASTRUCTURE SERVICES: Object storage and networking
# =============================================================================

# MinIO Configuration: S3-compatible object storage for file uploads and attachments
# Docker service discovery: These values are used for container-to-container communication
# MINIO_HOST refers to the Docker Compose service name, not an external domain/IP
# Used by: AppFlowy Cloud, Worker services, AI service, and Admin Frontend
MINIO_HOST=minio
MINIO_PORT=9000

# MinIO/AWS Credentials: Authentication keys for object storage access
# Development: Uses MinIO's default credentials (minioadmin/minioadmin) for quick setup
# Production: MUST be changed to secure, randomly generated credentials for security
# These credentials are used across all services that access file storage
# Security note: Default credentials are well-known and should never be used in production
AWS_ACCESS_KEY=minioadmin
AWS_SECRET=minioadmin

# =============================================================================
# ☁️ APPFLOWY SERVICES: Application service configuration
# =============================================================================

# AppFlowy Cloud Service Configuration
# URL that connects to the gotrue docker container
APPFLOWY_GOTRUE_BASE_URL=http://gotrue:9999

# URL that connects to the postgres docker container. If your password contains special characters,
# instead of using ${POSTGRES_PASSWORD}, you will need to convert them into url encoded format.
# For example, `p@ssword` will become `p%40ssword`.
APPFLOWY_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}

# AppFlowy Service Configuration
# Access Control System: Enables/disables permission-based access control
# Controls workspace access, collaboration permissions, and realtime access restrictions
APPFLOWY_ACCESS_CONTROL=true

# WebSocket Mailbox Configuration: Controls realtime server message handling capacity
# Sets the maximum number of messages that can be queued in the WebSocket actor's mailbox
# Higher values allow more concurrent WebSocket messages but use more memory
# Lower values may cause message drops under high load but reduce memory usage
APPFLOWY_WEBSOCKET_MAILBOX_SIZE=6000

# Database Connection Pool: Maximum number of concurrent PostgreSQL connections
# Controls the size of the database connection pool for the AppFlowy Cloud service
# PostgreSQL has a default limit of ~100 connections total (15 reserved for superuser)
# Higher values improve concurrency but consume more database resources
# Lower values reduce database load but may cause connection timeouts under load
APPFLOWY_DATABASE_MAX_CONNECTIONS=40

# URL that connects to the redis docker container
APPFLOWY_REDIS_URI=redis://${REDIS_HOST}:${REDIS_PORT}

# GoTrue database connection. If your password contains special characters,
# instead of using ${POSTGRES_PASSWORD}, use the url encoded version.
# For example, `p@ssword` will become `p%40ssword`
GOTRUE_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}?search_path=auth

# =============================================================================
# 🔐 GOTRUE: Authentication service configuration
# =============================================================================

# GoTrue Admin Credentials
# This user will be created when GoTrue starts successfully
# You can use this user to login to the admin panel
GOTRUE_ADMIN_EMAIL=admin@example.com
GOTRUE_ADMIN_PASSWORD=password

# JWT Configuration
# Authentication key, change this and keep the key safe and secret
GOTRUE_JWT_SECRET=hello456

# Expiration time in seconds for the JWT token
GOTRUE_JWT_EXP=7200

# External URL where the GoTrue service is exposed
API_EXTERNAL_URL=${APPFLOWY_BASE_URL}/gotrue

# User Registration & Login Settings
# User sign up will automatically be confirmed if this is set to true.
# If you have OAuth2 set up or smtp configured, you can set this to false
# to enforce email confirmation or OAuth2 login instead.
# If you set this to false, you need to either set up SMTP
GOTRUE_MAILER_AUTOCONFIRM=true

# Set this to true if users can only join by invite
GOTRUE_DISABLE_SIGNUP=false

# Number of emails that can be sent per minute
GOTRUE_RATE_LIMIT_EMAIL_SENT=100

# Email Templates
# Optional. You can provide a public http link (eg. github) to customize your magic link template.
# Refer to https://github.com/supabase/auth?tab=readme-ov-file#configuration for details on how to create a custom email template.
GOTRUE_MAILER_TEMPLATES_MAGIC_LINK=

# =============================================================================
# 🎛️ ADMIN FRONTEND: Management interface configuration
# =============================================================================

# URL that connects to redis docker container
ADMIN_FRONTEND_REDIS_URL=redis://${REDIS_HOST}:${REDIS_PORT}

# URL that connects to gotrue docker container
ADMIN_FRONTEND_GOTRUE_URL=http://gotrue:9999

# URL that connects to the cloud docker container
ADMIN_FRONTEND_APPFLOWY_CLOUD_URL=http://appflowy_cloud:8000

# =============================================================================
# 📧 EMAIL CONFIGURATION: SMTP settings (optional but recommended for production)
# =============================================================================

# If you intend to use mail confirmation, you need to set the SMTP configuration below
# You would then need to set GOTRUE_MAILER_AUTOCONFIRM=false
# Check for logs in gotrue service if there are any issues with email confirmation
# Note that smtps will be used for port 465, otherwise plain smtp with optional STARTTLS
GOTRUE_SMTP_HOST=smtp.gmail.com
GOTRUE_SMTP_PORT=465
GOTRUE_SMTP_USER=email_sender@some_company.com
GOTRUE_SMTP_PASS=email_sender_password
GOTRUE_SMTP_ADMIN_EMAIL=comp_admin@some_company.com

# AppFlowy Cloud Mailer
# Note that smtps (TLS) is always required, even for ports other than 465
APPFLOWY_MAILER_SMTP_HOST=smtp.gmail.com
APPFLOWY_MAILER_SMTP_PORT=465
APPFLOWY_MAILER_SMTP_USERNAME=email_sender@some_company.com
APPFLOWY_MAILER_SMTP_EMAIL=email_sender@some_company.com
APPFLOWY_MAILER_SMTP_PASSWORD=email_sender_password
APPFLOWY_MAILER_SMTP_TLS_KIND=wrapper # "none" "wrapper" "required" "opportunistic"

# =============================================================================
# 🔑 OAUTH PROVIDERS: Third-party authentication (optional)
# =============================================================================
# Refer to this for details: https://github.com/AppFlowy-IO/AppFlowy-Cloud/blob/main/doc/AUTHENTICATION.md

# Google OAuth2
GOTRUE_EXTERNAL_GOOGLE_ENABLED=false
GOTRUE_EXTERNAL_GOOGLE_CLIENT_ID=
GOTRUE_EXTERNAL_GOOGLE_SECRET=
GOTRUE_EXTERNAL_GOOGLE_REDIRECT_URI=${API_EXTERNAL_URL}/callback

# GitHub OAuth2
GOTRUE_EXTERNAL_GITHUB_ENABLED=false
GOTRUE_EXTERNAL_GITHUB_CLIENT_ID=
GOTRUE_EXTERNAL_GITHUB_SECRET=
GOTRUE_EXTERNAL_GITHUB_REDIRECT_URI=${API_EXTERNAL_URL}/callback

# Discord OAuth2
GOTRUE_EXTERNAL_DISCORD_ENABLED=false
GOTRUE_EXTERNAL_DISCORD_CLIENT_ID=
GOTRUE_EXTERNAL_DISCORD_SECRET=
GOTRUE_EXTERNAL_DISCORD_REDIRECT_URI=${API_EXTERNAL_URL}/callback

# Apple OAuth2
GOTRUE_EXTERNAL_APPLE_ENABLED=false
GOTRUE_EXTERNAL_APPLE_CLIENT_ID=
GOTRUE_EXTERNAL_APPLE_SECRET=
GOTRUE_EXTERNAL_APPLE_REDIRECT_URI=${API_EXTERNAL_URL}/callback

# SAML 2.0. Refer to https://github.com/AppFlowy-IO/AppFlowy-Cloud/blob/main/doc/OKTA_SAML.md for example using Okta.
GOTRUE_SAML_ENABLED=false
GOTRUE_SAML_PRIVATE_KEY=

# =============================================================================
# 💾 FILE STORAGE: S3/MinIO configuration (required for file uploads)
# =============================================================================

# Storage Architecture Control: Determines the file storage backend for the entire system
# Affects: User uploads, document attachments, collaboration snapshots, AI embeddings, import/export files
# When true: Uses MinIO (S3-compatible) with path-style URLs and MinIO endpoint configuration
# When false: Uses AWS S3 with region-based configuration and standard S3 URLs
# Production options: Keep true for self-hosted MinIO, set false for AWS S3
APPFLOWY_S3_USE_MINIO=true

# Bucket Management: Controls automatic bucket creation during AppFlowy startup
# When true: AppFlowy automatically creates the storage bucket if it doesn't exist
# When false: Assumes bucket exists and was created externally (recommended for production)
APPFLOWY_S3_CREATE_BUCKET=true

# MinIO Endpoint Configuration: URL for MinIO API access
# Uses Docker service discovery variables for container networking
# Format combines MINIO_HOST and MINIO_PORT for internal service communication
# Change this URL if using external MinIO instance or different networking setup
APPFLOWY_S3_MINIO_URL=http://${MINIO_HOST}:${MINIO_PORT}

# Storage Authentication: Maps to the MinIO/AWS credentials defined above
# These reference the AWS_ACCESS_KEY and AWS_SECRET variables for consistency
# All AppFlowy services use these credentials to access the file storage backend
APPFLOWY_S3_ACCESS_KEY=${AWS_ACCESS_KEY}
APPFLOWY_S3_SECRET_KEY=${AWS_SECRET}

# Storage Bucket: Default bucket name for all AppFlowy file storage
# Contains: User files, document attachments, collaboration data, AI embeddings
# Must exist in both MinIO and AWS S3 configurations
APPFLOWY_S3_BUCKET=appflowy

# AWS S3 Configuration: Required only when APPFLOWY_S3_USE_MINIO=false
# Uncomment and configure these settings when using AWS S3 instead of MinIO
# APPFLOWY_S3_REGION=us-east-1

# MinIO Presigned URL Endpoint: External URL for client-side file access (optional)
# Enables direct file uploads/downloads from AppFlowy clients through presigned URLs
# Set this to your public MinIO endpoint if using nginx proxy configuration
# Format: Uses the external base URL with /minio-api path for API access
# APPFLOWY_S3_PRESIGNED_URL_ENDPOINT=${APPFLOWY_BASE_URL}/minio-api

# =============================================================================
# 🤖 AI FEATURES: Optional AI capabilities (configure only if needed)
# =============================================================================

# AppFlowy AI
# OpenAI API Authentication: Required API key for AI-powered features and semantic search
# Controls access to OpenAI's embedding models (text-embedding-3-small) for document indexing
# and ChatGPT models (gpt-4o-mini default) for search result summarization
# When configured: Enables semantic document search, AI-powered search summaries, and document embeddings
# When empty: AI features are disabled but core AppFlowy functionality remains fully operational
AI_OPENAI_API_KEY=

# If no summary model is provided, there will be no search summary when using AI search.
AI_OPENAI_API_SUMMARY_MODEL=

# Azure-hosted OpenAI API:
# If you're using a self-hosted OpenAI API via Azure, leave AI_OPENAI_API_KEY empty
# and set the following Azure-specific variables instead. If both are set, the standard OpenAI API will be used.
AI_AZURE_OPENAI_API_KEY=
AI_AZURE_OPENAI_API_BASE=
AI_AZURE_OPENAI_API_VERSION=

# AI Service Configuration (Docker container defaults)
AI_SERVER_PORT=5001
AI_SERVER_HOST=ai
AI_DATABASE_URL=postgresql+psycopg://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
AI_REDIS_URL=redis://${REDIS_HOST}:${REDIS_PORT}
AI_APPFLOWY_BUCKET_NAME=${APPFLOWY_S3_BUCKET}
AI_APPFLOWY_HOST=${APPFLOWY_BASE_URL}
AI_MINIO_URL=http://${MINIO_HOST}:${MINIO_PORT}

# Embedding Configuration
APPFLOWY_EMBEDDING_CHUNK_SIZE=2000
APPFLOWY_EMBEDDING_CHUNK_OVERLAP=200

# =============================================================================
# ⚙️ WORKER SERVICES: Background processing (good defaults for production)
# =============================================================================

# AppFlowy Indexer (for search functionality)
APPFLOWY_INDEXER_ENABLED=true
APPFLOWY_INDEXER_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
APPFLOWY_INDEXER_REDIS_URL=redis://${REDIS_HOST}:${REDIS_PORT}
APPFLOWY_INDEXER_EMBEDDING_BUFFER_SIZE=5000

# AppFlowy Collaboration Service Configuration:
# Controls real-time collaboration behavior and performance
# Multi-thread: Whether collaboration service uses multiple threads (can be true for production)
# When deployed as standalone service, can be set to true for better performance
APPFLOWY_COLLABORATE_MULTI_THREAD=false

# Remove batch size: Number of inactive collaboration groups to remove in a single batch (default: 100)
# Higher values improve cleanup efficiency but may cause temporary blocking
APPFLOWY_COLLABORATE_REMOVE_BATCH_SIZE=100

# AppFlowy Worker Service
APPFLOWY_WORKER_REDIS_URL=redis://${REDIS_HOST}:${REDIS_PORT}
APPFLOWY_WORKER_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
APPFLOWY_WORKER_DATABASE_NAME=${POSTGRES_DB}

# =============================================================================
# 🌐 WEB FRONTEND: AppFlowy Web interface
# =============================================================================

# AppFlowy Web
# If your AppFlowy Web is hosted on a different domain, update this variable to the correct domain
APPFLOWY_WEB_URL=${APPFLOWY_BASE_URL}

# If you are running AppFlowy Web locally for development purpose, use the following value instead
# APPFLOWY_WEB_URL=http://localhost:3000

# =============================================================================
# 🗄️ PGADMIN: Database Management Web Interface
# =============================================================================

# PgAdmin credentials for database management web UI
# You can access pgadmin at http://your-host/pgadmin
# Use the APPFLOWY_DATABASE_URL values when connecting to the database
PGADMIN_DEFAULT_EMAIL=admin@example.com
PGADMIN_DEFAULT_PASSWORD=password

# =============================================================================
# 🌐 NGINX: Reverse proxy and web server configuration
# =============================================================================

# NGINX Configuration
# Optional, change this if you want to use custom ports to expose AppFlowy
NGINX_PORT=80
NGINX_TLS_PORT=443

# =============================================================================
# 🛠️ INFRASTRUCTURE: Networking, logging, and admin tools
# =============================================================================

# Log level for the appflowy-cloud service
RUST_LOG=info

# Cloudflare Tunnel (Advanced Networking)
# Leave empty unless you're using Cloudflare tunnel for secure connections
CLOUDFLARE_TUNNEL_TOKEN=

# Enable AI tests in production environment (usually false)
# Set to true only if you want to run AI-related tests in production
AI_TEST_ENABLED=false