mirror/zerobyte
0
0
Fork 0
mirror of https://github.com/nicotsx/zerobyte.git synced 2026-04-20 23:09:16 -04:00
Code Issues Packages Projects Releases Wiki Activity

docs: update configuration to mention APP_SECRET_FILE

Browse Source
This commit is contained in:
Nicolas Meienberger
2026-04-20 19:47:14 +02:00
parent 927097a902
commit 96609fc328
2 changed files with 37 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
apps/docs/content/docs/configuration.mdx
View File

@@ -12,12 +12,17 @@ Zerobyte is configured through environment variables and Docker Compose settings
| Variable | Description | Example |
|----------|-------------|---------|
| `BASE_URL` | The URL where Zerobyte will be accessed. Controls cookie security and CORS behavior. | `http://localhost:4096` or `https://zerobyte.example.com` |
| `APP_SECRET` | Random secret key (32+ characters) used to encrypt sensitive data in the database. Generate with `openssl rand -hex 32`. | `94bad46e...c66e25d5c2b` |
| `APP_SECRET` | Random secret key (32+ characters) used to encrypt sensitive data in the database. Generate with `openssl rand -hex 32`. Set this or `APP_SECRET_FILE`, but not both. | `94bad46e...c66e25d5c2b` |
| `APP_SECRET_FILE` | Alternative to `APP_SECRET`. Path to a file containing the app secret, useful with Docker or Kubernetes secrets. Set this or `APP_SECRET`, but not both. | `/run/secrets/app_secret` |
<Callout type="warn">
Never share or commit your `APP_SECRET`. If you lose it, encrypted data (credentials stored for volumes and repositories) cannot be recovered.
</Callout>
<Callout type="info">
Zerobyte reads the contents of `APP_SECRET_FILE`, trims surrounding whitespace and newlines, and applies the same 32-256 character requirement as `APP_SECRET`.
</Callout>
### Recommended
| Variable | Description | Default |
@@ -37,6 +42,33 @@ Zerobyte is configured through environment variables and Docker Compose settings
| `RCLONE_CONFIG_DIR` | Path to the rclone config directory inside the container. | `/root/.config/rclone` |
| `PROVISIONING_PATH` | Path to a JSON file with operator-managed repositories and volumes to sync at startup. | (none) |
## Using APP_SECRET_FILE
If you prefer not to place the app secret directly in `environment:`, mount it as a file and point `APP_SECRET_FILE` at that path.
```yaml docker-compose.yml
services:
zerobyte:
environment:
- BASE_URL=https://zerobyte.example.com
- APP_SECRET_FILE=/run/secrets/app_secret
secrets:
- app_secret
secrets:
app_secret:
file: ./secrets/app_secret.txt
```
Generate the secret file with:
```bash
mkdir -p ./secrets
openssl rand -hex 32 > ./secrets/app_secret.txt
```
Do not set `APP_SECRET` at the same time. Zerobyte will fail to start if both are configured.
## Docker Compose Settings
### Volume Mounts

7
apps/docs/content/docs/troubleshooting.mdx
View File

@@ -27,9 +27,10 @@ docker logs -f zerobyte
## Container Won't Start
1. Check logs: `docker compose logs zerobyte`
2. Verify `APP_SECRET` is set and at least 32 characters
3. Ensure `/var/lib/zerobyte` exists and has correct permissions
4. Verify port 4096 is not already in use: `netstat -tuln | grep 4096`
2. Verify exactly one of `APP_SECRET` or `APP_SECRET_FILE` is set
3. If using `APP_SECRET_FILE`, ensure the file exists inside the container, is readable, and contains a 32-256 character secret
4. Ensure `/var/lib/zerobyte` exists and has correct permissions
5. Verify port 4096 is not already in use: `netstat -tuln | grep 4096`
### Permission Issues