mirror of
https://github.com/aliasvault/aliasvault.git
synced 2026-05-08 23:35:43 -04:00
132 lines
6.1 KiB
Plaintext
132 lines
6.1 KiB
Plaintext
# ----------------------------------------------------------------------------
|
|
# AliasVault configuration file.
|
|
#
|
|
# Note: we recommend using the provided install.sh script to install and
|
|
# configure AliasVault, as this will automatically set all of the following
|
|
# variables for you and allow you to easily change them later via the CLI.
|
|
# It also allows for easily updating AliasVault to a newer version in the
|
|
# future.
|
|
#
|
|
# However if you still wish to manually install or configure AliasVault,
|
|
# you can do so below.
|
|
#
|
|
# After changing settings here, make sure to restart all AliasVault
|
|
# Docker containers to apply the changes.
|
|
# ----------------------------------------------------------------------------
|
|
|
|
# ===========================================
|
|
# NETWORK PORTS
|
|
# ===========================================
|
|
|
|
# Configure the network ports used by AliasVault by the `reverse-proxy` and `smtp` containers.
|
|
# You can change these if the defaults are already in use on your system.
|
|
# Requires a restart before taking effect.
|
|
HTTP_PORT=80
|
|
HTTPS_PORT=443
|
|
SMTP_PORT=25
|
|
SMTP_TLS_PORT=587
|
|
|
|
# Whether to force redirect all HTTP traffic (80) to HTTPS (443). Defaults to true.
|
|
FORCE_HTTPS_REDIRECT=true
|
|
|
|
# ===========================================
|
|
# EMAIL SERVER CONFIGURATION
|
|
# ===========================================
|
|
|
|
# In order to use AliasVault's private email domains feature, you need to configure
|
|
# your DNS. Please refer to the full documentation for more instructions on DNS:
|
|
# https://docs.aliasvault.net/installation/install.html#3-email-server-setup
|
|
#
|
|
# Set the private email domains below that the server should accept incoming mail for (comma separated values).
|
|
# Example: PRIVATE_EMAIL_DOMAINS=example.com,example2.org
|
|
# To disable the private email domains feature, keep this empty.
|
|
PRIVATE_EMAIL_DOMAINS=
|
|
|
|
# Set private email domains that should be hidden from UI components (comma separated values).
|
|
# These domains will still function as private email domains for receiving email and claims,
|
|
# but will not appear in domain selection dropdowns or settings. This is useful for deprecating
|
|
# legacy domains while maintaining backwards compatibility.
|
|
# Example: HIDDEN_PRIVATE_EMAIL_DOMAINS=old-domain.com,deprecated.org
|
|
# Note: Domains listed here should ALSO be included in PRIVATE_EMAIL_DOMAINS above.
|
|
HIDDEN_PRIVATE_EMAIL_DOMAINS=
|
|
|
|
# Hostname announced in the SMTP banner and EHLO. Should match the PTR (reverse DNS) for your
|
|
# server's public IP for best deliverability. If empty, "aliasvault" is used.
|
|
# Example: SMTP_ADVERTISED_HOSTNAME=mail.mydomain.net
|
|
SMTP_ADVERTISED_HOSTNAME=
|
|
|
|
# Enable TLS for SMTP (STARTTLS).
|
|
# When enabled, the SMTP server will offer STARTTLS to connecting mail servers.
|
|
#
|
|
# IMPORTANT: You must obtain SMTP TLS certificates yourself (e.g., from Let's Encrypt).
|
|
# The AliasVault installer does not currently support requesting SMTP certificates.
|
|
# The certificate should be issued for your mail hostname (e.g., mail.example.com).
|
|
#
|
|
# To enable SMTP TLS:
|
|
# 1. Obtain a certificate for your mail hostname (e.g., via certbot/Let's Encrypt)
|
|
# 2. Combine the certificate and private key into a single .pem file
|
|
# 3. Place the .pem file in the ./certificates/smtp/ directory
|
|
# 4. Set SMTP_TLS_ENABLED=true
|
|
# 5. Restart the SMTP service
|
|
#
|
|
# If you have multiple mail domains (e.g., mail.example.com and mail.example2.com),
|
|
# use a single certificate with Subject Alternative Names (SANs) covering all domains.
|
|
#
|
|
# Note: If TLS is enabled but no valid certificate is found, the service will log a
|
|
# warning (visible in admin) and continue in non-TLS mode.
|
|
#
|
|
# Disabling TLS does NOT impact email deliverability (that much). Although some websites
|
|
# are known to send emails exclusively via TLS connections, this is probably shy of <1% of websites.
|
|
SMTP_TLS_ENABLED=false
|
|
|
|
# ===========================================
|
|
# Let's Encrypt configuration
|
|
# ===========================================
|
|
# Set whether Let's Encrypt is enabled. This is only supported through
|
|
# the install.sh script and should be set to false for manual installations.
|
|
LETSENCRYPT_ENABLED=false
|
|
|
|
# Set the hostname that your AliasVault will be accessible at in order for LetsEncrypt
|
|
# to do its validation. This value is only required when LETSENCRYPT_ENABLED
|
|
# is set to true.
|
|
# Example: `aliasvault.mydomain.net`.
|
|
HOSTNAME=
|
|
|
|
# ===========================================
|
|
# Optional configuration settings
|
|
# ===========================================
|
|
# Enable or disable ability for new users to create an account via the web interface.
|
|
# Note: make sure you have created your (own) accounts before setting this to false.
|
|
PUBLIC_REGISTRATION_ENABLED=true
|
|
|
|
# Whether to enable IP logging for auth attempts. When set to true the last octet is
|
|
# always still anonymized, e.g. "127.0.0.1" becomes "127.0.0.xxx".
|
|
IP_LOGGING_ENABLED=true
|
|
|
|
# Set the support email address which is shown to users in the main web app.
|
|
# Keep this blank if you don't want to show a support email.
|
|
SUPPORT_EMAIL=
|
|
|
|
# Maximum upload size in megabytes for client-to-server requests (vault sync,
|
|
# API uploads, etc.). Increase if you run into "413 Request Entity Too Large"
|
|
# errors when syncing large vaults. Defaults to 100MB.
|
|
MAX_UPLOAD_SIZE_MB=100
|
|
|
|
# Restrict access to the /admin endpoint by client IP at the reverse-proxy layer. Options:
|
|
# - Empty = no restriction (default, preserves existing behavior).
|
|
# - "private" = allow only loopback + RFC1918 (127/8, 10/8, 172.16/12, 192.168/16).
|
|
# - A comma-separated list of CIDRs/IPs (e.g. "192.168.1.0/24,10.0.0.0/8").
|
|
# Requests from non-allowlisted IPs are silently routed to the client app and will
|
|
# result in a 404 error.
|
|
ADMIN_IP_ALLOWLIST=
|
|
|
|
# Trusted upstream proxies that AliasVault's reverse proxy will accept the
|
|
# X-Forwarded-For header from when determining the real client IP. Options:
|
|
# - Empty = trust all RFC1918 ranges (10/8, 172.16/12, 192.168/16).
|
|
# - A comma-separated list of CIDRs/IPs (e.g. "10.0.1.5,192.168.1.0/24") to
|
|
# trust only those upstream proxies. Recommended when running behind a
|
|
# specific reverse proxy (HAProxy, Traefik, Cloudflare, etc.) so X-Forwarded-For
|
|
# from any other source is ignored.
|
|
# - "none" = trust no upstream proxies; logs always show the direct peer IP.
|
|
TRUSTED_PROXIES=
|