# –––––––––––––––– REQUIRED ––––––––––––––––NODE_ENV=production# Generat

1. # –––––––––––––––– REQUIRED ––––––––––––––––
2.  
3. NODE_ENV=production
4.  
5. # Generate a hex-encoded 32-byte random key. You should use `openssl rand -hex 32`
6. # in your terminal to generate a random value.
7. SECRET_KEY=xxxxx
8.  
9. # Generate a unique random key. The format is not important but you could still use
10. # `openssl rand -hex 32` in your terminal to produce this.
11. UTILS_SECRET=xxxx
12.  
13. # For production point these at your databases, in development the default
14. # should work out of the box.
15. DATABASE_URL=postgres://user:pass@postgres:5432/outline
16. DATABASE_URL_TEST=postgres://user:pass@postgres:5432/outline-test
17. DATABASE_CONNECTION_POOL_MIN=
18. DATABASE_CONNECTION_POOL_MAX=
19. # Uncomment this to disable SSL for connecting to Postgres
20. PGSSLMODE=disable
21.  
22. # For redis you can either specify an ioredis compatible url like this
23. REDIS_URL=redis://redis:6379
24. # or alternatively, if you would like to provide additional connection options,
25. # use a base64 encoded JSON connection option object. Refer to the ioredis documentation
26. # for a list of available options.
27. # Example: Use Redis Sentinel for high availability
28. # {"sentinels":[{"host":"sentinel-0","port":26379},{"host":"sentinel-1","port":26379}],"name":"mymaster"}
29. # REDIS_URL=ioredis://eyJzZW50aW5lbHMiOlt7Imhvc3QiOiJzZW50aW5lbC0wIiwicG9ydCI6MjYzNzl9LHsiaG9zdCI6InNlbnRpbmVsLTEiLCJwb3J0IjoyNjM3OX1dLCJuYW1lIjoibXltYXN0ZXIifQ==
30.  
31. # URL should point to the fully qualified, publicly accessible URL. If using a
32. # proxy the port in URL and PORT may be different.
33. URL=https://outline.domain2.com
34. PORT=3000
35.  
36. # See [documentation](docs/SERVICES.md) on running a separate collaboration
37. # server, for normal operation this does not need to be set.
38. COLLABORATION_URL=
39.  
40. # To support uploading of images for avatars and document attachments an
41. # s3-compatible storage must be provided. AWS S3 is recommended for redundancy
42. # however if you want to keep all file storage local an alternative such as
43. # minio (https://github.com/minio/minio) can be used.
44.  
45. # A more detailed guide on setting up S3 is available here:
46. # => https://wiki.generaloutline.com/share/125de1cc-9ff6-424b-8415-0d58c809a40f
47. #
48. AWS_ACCESS_KEY_ID=get_a_key_from_aws
49. AWS_SECRET_ACCESS_KEY=get_the_secret_of_above_key
50. AWS_REGION=xx-xxxx-x
51. AWS_S3_ACCELERATE_URL=
52. AWS_S3_UPLOAD_BUCKET_URL=http://s3:4569
53. AWS_S3_UPLOAD_BUCKET_NAME=bucket_name_here
54. AWS_S3_UPLOAD_MAX_SIZE=26214400
55. AWS_S3_FORCE_PATH_STYLE=true
56. AWS_S3_ACL=private
57.  
58.  
59. # –––––––––––––– AUTHENTICATION ––––––––––––––
60.  
61. # Third party signin credentials, at least ONE OF EITHER Google, Slack,
62. # or Microsoft is required for a working installation or you'll have no sign-in
63. # options.
64.  
65. # To configure Slack auth, you'll need to create an Application at
66. # => https://api.slack.com/apps
67. #
68. # When configuring the Client ID, add a redirect URL under "OAuth & Permissions":
69. # https://<URL>/auth/slack.callback
70. SLACK_CLIENT_ID=get_a_key_from_slack
71. SLACK_CLIENT_SECRET=get_the_secret_of_above_key
72.  
73. # To configure Google auth, you'll need to create an OAuth Client ID at
74. # => https://console.cloud.google.com/apis/credentials
75. #
76. # When configuring the Client ID, add an Authorized redirect URI:
77. # https://<URL>/auth/google.callback
78. GOOGLE_CLIENT_ID=
79. GOOGLE_CLIENT_SECRET=
80.  
81. # To configure Microsoft/Azure auth, you'll need to create an OAuth Client. See
82. # the guide for details on setting up your Azure App:
83. # => https://wiki.generaloutline.com/share/dfa77e56-d4d2-4b51-8ff8-84ea6608faa4
84. AZURE_CLIENT_ID=
85. AZURE_CLIENT_SECRET=
86. AZURE_RESOURCE_APP_ID=
87.  
88. # To configure generic OIDC auth, you'll need some kind of identity provider.
89. # See documentation for whichever IdP you use to acquire the following info:
90. # Redirect URI is https://<URL>/auth/oidc.callback
91. OIDC_CLIENT_ID=xxx
92. OIDC_CLIENT_SECRET=xxxxxxx
93. OIDC_AUTH_URI=https://auth.domain1.com/application/o/authorize
94. OIDC_TOKEN_URI=https://auth.domain1.com/application/o/token
95. OIDC_USERINFO_URI=https://auth.domain1.com/application/o/userinfo
96. FORCE_HTTPS=true # this one is very important
97. URL=https://tbg2.dedyn.io # Also important
98.  
99. # Specify which claims to derive user information from
100. # Supports any valid JSON path with the JWT payload
101. OIDC_USERNAME_CLAIM=preferred_username
102.  
103. # Display name for OIDC authentication
104. OIDC_DISPLAY_NAME=OpenID
105.  
106. # Space separated auth scopes.
107. OIDC_SCOPES=openid profile email
108.  
109.  
110. # –––––––––––––––– OPTIONAL ––––––––––––––––
111.  
112. # Base64 encoded private key and certificate for HTTPS termination. This is only
113. # required if you do not use an external reverse proxy. See documentation:
114. # https://wiki.generaloutline.com/share/1c922644-40d8-41fe-98f9-df2b67239d45
115. SSL_KEY=
116. SSL_CERT=
117.  
118. # If using a Cloudfront/Cloudflare distribution or similar it can be set below.
119. # This will cause paths to javascript, stylesheets, and images to be updated to
120. # the hostname defined in CDN_URL. In your CDN configuration the origin server
121. # should be set to the same as URL.
122. CDN_URL=
123.  
124. # Auto-redirect to https in production. The default is true but you may set to
125. # false if you can be sure that SSL is terminated at an external loadbalancer.
126. FORCE_HTTPS=true
127.  
128. # Have the installation check for updates by sending anonymized statistics to
129. # the maintainers
130. ENABLE_UPDATES=true
131.  
132. # How many processes should be spawned. As a reasonable rule divide your servers
133. # available memory by 512 for a rough estimate
134. WEB_CONCURRENCY=1
135.  
136. # Override the maximum size of document imports, could be required if you have
137. # especially large Word documents with embedded imagery
138. MAXIMUM_IMPORT_SIZE=5120000
139.  
140. # You can remove this line if your reverse proxy already logs incoming http
141. # requests and this ends up being duplicative
142. DEBUG=http
143.  
144. # Configure lowest severity level for server logs. Should be one of
145. # error, warn, info, http, verbose, debug and silly
146. LOG_LEVEL=info
147.  
148. # For a complete Slack integration with search and posting to channels the
149. # following configs are also needed, some more details
150. # => https://wiki.generaloutline.com/share/be25efd1-b3ef-4450-b8e5-c4a4fc11e02a
151. #
152. SLACK_VERIFICATION_TOKEN=your_token
153. SLACK_APP_ID=A0XXXXXXX
154. SLACK_MESSAGE_ACTIONS=true
155.  
156. # Optionally enable google analytics to track pageviews in the knowledge base
157. GOOGLE_ANALYTICS_ID=
158.  
159. # Optionally enable Sentry (sentry.io) to track errors and performance,
160. # and optionally add a Sentry proxy tunnel for bypassing ad blockers in the UI:
161. # https://docs.sentry.io/platforms/javascript/troubleshooting/#using-the-tunnel-option)
162. SENTRY_DSN=
163. SENTRY_TUNNEL=
164.  
165. # To support sending outgoing transactional emails such as "document updated" or
166. # "you've been invited" you'll need to provide authentication for an SMTP server
167. SMTP_HOST=
168. SMTP_PORT=
169. SMTP_USERNAME=
170. SMTP_PASSWORD=
171. [email protected]
172. [email protected]
173. SMTP_TLS_CIPHERS=
174. SMTP_SECURE=true
175.  
176. # The default interface language. See translate.getoutline.com for a list of
177. # available language codes and their rough percentage translated.
178. DEFAULT_LANGUAGE=en_US
179.  
180. # Optionally enable rate limiter at application web server
181. RATE_LIMITER_ENABLED=true
182.  
183. # Configure default throttling parameters for rate limiter
184. RATE_LIMITER_REQUESTS=1000
185. RATE_LIMITER_DURATION_WINDOW=60
186.  
187. # FORCE_HTTPS=false
188. # NODE_TLS_REJECT_UNAUTHORIZED=0