Note Mark
  • Support The Project

    • 02 - Configuration

    Configuration of the backend is done through environment variables. See the below options:

    KeyDescriptionDefaultDocker Default
    BIND__HOSTWhat ip to listen on127.0.0.10.0.0.0
    BIND__PORTPort to bind to80008000
    DB__TYPEType of DB (sqlite or postgres)sqlite
    DB__URIURI (or file path if using SQLite)/data/db.sqlite
    JWT_SECRETbase64 encoded secret
    TOKEN_EXPIRYseconds until a token expires259200259200
    DATA_PATHWhere to store app data/data
    STATIC_PATHHost static files
    CORS_ORIGINSComma separated values of allowed origins
    ENABLE_INTERNAL_SIGNUPWhether to enable new internal accountstruetrue
    ENABLE_INTERNAL_LOGINWhether to enable new logins for internal accountstruetrue
    NOTE_SIZE_LIMITMax file size for note1M1M
    ASSET_SIZE_LIMITMax file size for uploaded assets12M12M
    OIDC__DISPLAY_NAMEThe provider name (used for UI)--
    OIDC__PROVIDER_NAMEThe provider name (used for DB)--
    OIDC__ISSUER_URLThe OIDC issuer url--
    OIDC__CLIENT_IDThe OIDC client id--
    OIDC__ENABLE_USER_CREATIONWhether to automatically create userstruetrue

    TIP A secret can be generated using: openssl rand -base64 32

    OIDC

    Single-Sign-On is handled via OpenID Connect and OAuth2. To use SSO you must have a compatible provider that supports the following features:

    • OpenID Connect (OIDC) Discovery - RFC5785
    • Authorization Code Flow with PKCE
      • May show in provider UI’s as a “public client type”
    • Claims
      • sub: the users id
      • name: the users full name
      • preferred_username: the users username, not the email
    • Scopes
      • openid
      • profile

    Depending on your SSO provider the issuer URL may be different, see below for examples:

    Authentik:

    issuer url:

https://{provider-domain:port}/application/o/{note-mark}/

redirect/callback:

https://{note-mark-domain:port}/oidc-callback

    Database URI

    These have been copied from the ORM docs, more info found on gorm.io.

    sqlite:

    /path/to/db.sqlite

    postgres:

    host=localhost user=user password=pass dbname=notemark port=5432 sslmode=disable TimeZone=Europe/London

    CORS

    For most people this should be set to your front-end URL. For example if you access your front-end via https://notemark.example.com then you should enter that. Multiple origins can also be specified by providing comma separated values. Learn more about CORS on Wikipedia.