📝 Update documentation (#1733)

2025-07-30 22:49:03 +02:00 · 2025-05-28 10:28:21 +01:00 · 2025-05-28 10:28:21 +01:00 · b557084d9c
commit b557084d9c
parent 53a957dc49
13 changed files with 4401 additions and 186 deletions
--- a/apps/docs/self-hosting/configuration.mdx
+++ b/apps/docs/self-hosting/configuration.mdx
@ -0,0 +1,186 @@
+---
+icon: gear
+title: Configuration Options
+description: Using environment variable to configure a self-hosted instance of Rallly.
+---
+
+## General
+
+<ParamField path="NEXT_PUBLIC_BASE_URL" required>
+  The base url where this instance is accessible, including the scheme (eg.
+  `http://` or `https://`), the domain name, and optionally a port.
+</ParamField>
+
+<ParamField path="SECRET_PASSWORD" required>
+  A random 32-character secret key used to encrypt user sessions
+</ParamField>
+
+<ParamField path="SUPPORT_EMAIL" required>
+  This email will be shown as the contact email for support queries.
+</ParamField>
+
+<ParamField path="NOREPLY_EMAIL">
+  This email is used as the sender for all transactional emails. If not set,
+  `SUPPORT_EMAIL` will be used instead.
+</ParamField>
+
+<ParamField path="NOREPLY_EMAIL_NAME" default="Rallly">
+  This name is used as the sender name for all transactional emails.
+</ParamField>
+
+<ParamField path="INITIAL_ADMIN_EMAIL">
+  Specifies the email address of the first user who will be eligible to become an administrator. After the application starts, the user with this email address must navigate to `/control-panel` and click a button to claim their admin role.
+</ParamField>
+
+
+## Database
+
+<ParamField path="DATABASE_URL" required>
+  Postgres database connection string
+</ParamField>
+
+## Email (SMTP)
+
+<ParamField path="SMTP_HOST">The host address of your SMTP server</ParamField>
+
+<ParamField path="SMTP_PORT" default="25 or 465">
+  The port of your SMTP server
+</ParamField>
+
+<ParamField path="SMTP_SECURE" default="false">
+  Set to "true" if SSL is enabled for your SMTP connection
+</ParamField>
+
+<ParamField path="SMTP_USER" default="">
+  The username (if auth is enabled on your SMTP server)
+</ParamField>
+
+<ParamField path="SMTP_PWD" default="">
+  The password (if auth is enabled on your SMTP server)
+</ParamField>
+
+<ParamField path="SMTP_TLS_ENABLED" default={"false"}>
+  Enable TLS for your SMTP connection
+</ParamField>
+
+## Auth
+
+<ParamField path="ALLOWED_EMAILS">
+  Comma separated list of email addresses that are allowed to register and
+  login. Wildcard characters are supported. Example: Setting it to
+  `*@example.com` to allow anyone with a `@example.com` email address.
+</ParamField>
+
+### Google
+
+<Accordion title="Setup">
+1. Head over to the Credentials tab: https://console.developers.google.com/apis/credentials
+
+2. Create a OAuth client ID. This will be your `GOOGLE_CLIENT_ID` and `GOOGLE_CLIENT_SECRET`
+
+3. Set "Authorized redirect URIs" to include your full domain and end in the callback path:
+
+```
+https://<YOUR_DOMAIN>/api/auth/callback/google
+```
+</Accordion>
+
+<ParamField path="GOOGLE_CLIENT_ID">
+  The client ID of your Google application
+</ParamField>
+
+<ParamField path="GOOGLE_CLIENT_SECRET">
+  The client secret of your Google application
+</ParamField>
+
+### Microsoft
+
+<Accordion title="Setup">
+Follow the instructions here to create a Microsoft Entra ID application: https://docs.microsoft.com/en-us/entra/identity-platform/quickstart-register-app
+
+After creating the application, set the redirect URI to include your full domain and end in the callback path:
+
+```
+https://<YOUR_DOMAIN>/api/auth/callback/microsoft-entra-id
+```
+</Accordion>
+
+<ParamField path="MICROSOFT_TENANT_ID">
+  The tenant ID of your Microsoft application
+</ParamField>
+
+<ParamField path="MICROSOFT_CLIENT_ID">
+  The client ID of your Microsoft application
+</ParamField>
+
+<ParamField path="MICROSOFT_CLIENT_SECRET">
+  The client secret of your Microsoft application
+</ParamField>
+
+### Custom SSO (OIDC)
+
+<Accordion title="Setup">
+Your OAuth 2.0 application needs to be configured with the following scopes:
+
+- `openid`: Essential for OIDC to function, used to perform authentication.
+- `profile`: Access to the user's personal information such as name and picture.
+- `email`: Access to the user's email address.
+
+Your identity provider should redirect the user back to the following URL:
+
+```
+https://<YOUR-DOMAIN>/api/auth/callback/oidc
+```
+</Accordion>
+
+<ParamField path="OIDC_NAME" default="OpenID Connect">
+  The display name of your provider as it will be shown on the login page
+</ParamField>
+
+<ParamField path="OIDC_DISCOVERY_URL">
+  URL of the `.well-known/openid-configuration` endpoint for your OIDC provider
+</ParamField>
+
+<ParamField path="OIDC_CLIENT_ID">
+  The client ID of your OIDC application
+</ParamField>
+
+<ParamField path="OIDC_CLIENT_SECRET">
+  The client secret of your OIDC application
+</ParamField>
+
+<ParamField path="OIDC_NAME_CLAIM_PATH" default="name">
+  The path to the claim that contains the user's name
+</ParamField>
+
+<ParamField path="OIDC_EMAIL_CLAIM_PATH" default="email">
+  The path to the claim that contains the user's email address
+</ParamField>
+
+<ParamField path="OIDC_PICTURE_CLAIM_PATH" default="picture">
+  The path to the claim that contains the user's profile picture
+</ParamField>
+
+<Info>Use dot notation in `_CLAIM_PATH` fields to access nested objects.</Info>
+
+## Storage (S3)
+
+<ParamField path="S3_BUCKET_NAME">
+  The name of your S3 bucket
+</ParamField>
+
+<ParamField path="S3_ACCESS_KEY_ID">
+  The access key ID of your S3 server
+</ParamField>
+
+<ParamField path="S3_SECRET_ACCESS_KEY">
+  The secret access key of your S3 server
+</ParamField>
+
+<ParamField path="S3_ENDPOINT">
+  The endpoint of your S3 server. Can be left empty if using AWS S3.
+</ParamField>
+
+<ParamField path="S3_REGION">
+  The region of your S3 server. Can be left empty if using AWS S3.
+</ParamField>