All apps · 0 apps
AppFlowy-GoTrue
Docker app from vmalinics0's Repository
Overview
Readme
View on GitHubAppFlowy Cloud — Unraid Community Apps Templates
Unraid Community Apps templates for self-hosting AppFlowy Cloud — the open-source, privacy-first collaborative workspace (Notion alternative).
Services
| Container | Image | Role |
|---|---|---|
| AppFlowy-Postgres | pgvector/pgvector:pg16 |
Primary database |
| AppFlowy-Redis | redis:7 |
Cache & pub/sub |
| AppFlowy-MinIO | minio/minio |
S3-compatible object storage |
| AppFlowy-GoTrue | appflowyinc/gotrue |
Authentication (JWT, OAuth, email) |
| AppFlowy-Cloud | appflowyinc/appflowy_cloud |
Core backend API + WebSocket |
| AppFlowy-Admin | appflowyinc/admin_frontend |
Admin web console (/console) |
| AppFlowy-Web | appflowyinc/appflowy_web |
Browser client (/) |
| AppFlowy-Worker | appflowyinc/appflowy_worker |
Background job processor |
| AppFlowy-Search | appflowyinc/appflowy_search |
Full-text & semantic search |
| AppFlowy-AI (optional) | appflowyinc/appflowy_ai |
LLM chat & embeddings |
| AppFlowy-Nginx | nginx:stable-alpine |
Reverse proxy (public entry point) |
| AppFlowy-Certbot (optional) | certbot/certbot |
Automated Let's Encrypt TLS certificates |
Prerequisites
1. Create the appflowy Docker network
All containers communicate on a shared custom bridge network.
Via SSH or the Unraid terminal:
docker network create appflowy
2. Download the nginx config
Before starting AppFlowy-Nginx, place the custom config at:
/mnt/user/appdata/AppFlowy-Nginx/nginx.conf
mkdir -p /mnt/user/appdata/AppFlowy-Nginx/ssl
curl -o /mnt/user/appdata/AppFlowy-Nginx/nginx.conf \
https://raw.githubusercontent.com/vmalinics0/unraid-appflowy/main/nginx/nginx.conf
The nginx.conf in this repo uses Unraid container names (AppFlowy-Cloud, AppFlowy-GoTrue, etc.) instead of the default compose service names.
Deploy Order
Deploy containers in this order (each group can be deployed in parallel). The install step number is shown in each app's description in Community Apps.
Step 1 — AppFlowy-Postgres
Step 2 — AppFlowy-Redis
Step 3 — AppFlowy-MinIO
Step 4 — AppFlowy-GoTrue (waits for Postgres)
Step 5 — AppFlowy-Cloud (waits for GoTrue, Postgres, Redis, MinIO)
Step 6 — AppFlowy-Admin \
AppFlowy-Web | (wait for AppFlowy-Cloud)
AppFlowy-Worker |
AppFlowy-Search |
AppFlowy-AI (optional) /
Step 7 — AppFlowy-Nginx (deploy last)
Required Configuration
Set these values consistently across all templates before starting:
| Setting | Where to set | Notes |
|---|---|---|
YOUR_SERVER_IP |
All templates | Your Unraid server's LAN IP or domain |
| Postgres Password | AppFlowy-Postgres, AppFlowy-GoTrue, AppFlowy-Cloud, AppFlowy-Worker, AppFlowy-Search, AppFlowy-AI | Must be identical everywhere |
| JWT Secret | AppFlowy-GoTrue, AppFlowy-Cloud, AppFlowy-Search, AppFlowy-AI | Min 32 chars; must be identical everywhere |
| MinIO credentials | AppFlowy-MinIO, AppFlowy-Cloud, AppFlowy-Worker, AppFlowy-Search, AppFlowy-AI | Access key + secret key |
| Admin email/password | AppFlowy-GoTrue | Login for /console |
Accessing AppFlowy
| URL | Service |
|---|---|
http://YOUR_SERVER_IP/ |
AppFlowy Web (browser client) |
http://YOUR_SERVER_IP/console |
Admin console |
http://YOUR_SERVER_IP/minio/ |
MinIO web UI |
Native desktop/mobile clients: point them to http://YOUR_SERVER_IP as the server URL.
TLS / HTTPS
Three nginx config files are provided; choose one:
| Config file | Use when |
|---|---|
nginx/nginx.conf |
HTTP only (default, no TLS) |
nginx/nginx-https-custom.conf |
You have your own TLS certificate |
nginx/nginx-letsencrypt.conf |
Automated Let's Encrypt certificates |
Option A — User-provided certificate
- Place your certificate and key in
/mnt/user/appdata/AppFlowy-Nginx/ssl/:certificate.crtprivate_key.key
- Point the AppFlowy-Nginx nginx.conf path to
nginx-https-custom.conf. - Update all
http://URLs in every template tohttps://. - Update
APPFLOWY_WS_BASE_URLin AppFlowy-Web fromws://towss://. - Restart all containers.
Option B — Automated Let's Encrypt (AppFlowy-Certbot)
Requires a public domain name with port 80 reachable from the internet.
- Create the required host directories:
mkdir -p /mnt/user/appdata/AppFlowy-Nginx/letsencrypt mkdir -p /mnt/user/appdata/AppFlowy-Nginx/certbot-webroot - Download
nginx-letsencrypt.confand edit it — replaceYOUR_DOMAIN(two occurrences) with your actual domain:curl -o /mnt/user/appdata/AppFlowy-Nginx/nginx-letsencrypt.conf \ https://raw.githubusercontent.com/vmalinics0/unraid-appflowy/main/nginx/nginx-letsencrypt.conf - Point the AppFlowy-Nginx nginx.conf path to
nginx-letsencrypt.confand restart it. - In Community Apps, install AppFlowy-Certbot. Edit its Extra Parameters field — replace
yourdomain.comandadmin@yourdomain.comwith your real values. Start it; it will obtain the certificate and exit (this is normal). - Restart AppFlowy-Nginx to load the new certificate.
- Update all
http://URLs in every template tohttps://andAPPFLOWY_WS_BASE_URLfromws://towss://. - Schedule AppFlowy-Certbot to restart monthly (e.g. via the Unraid User Scripts plugin) for automatic renewal. After each renewal, restart AppFlowy-Nginx.
Submitting to Community Apps
- Fork / create a public GitHub repository.
- Push all files from this directory into the repo root.
- Submit the repository URL at https://ca.unraid.net/submit.
- Run Validate and Scan in the CA submission flow.
Support
- Template issues / requests: https://github.com/vmalinics0/unraid-appflowy/issues
- Template docs: https://github.com/vmalinics0/unraid-appflowy/blob/main/README.md
- Upstream AppFlowy Cloud discussions: https://github.com/AppFlowy-IO/AppFlowy-Cloud/discussions
Upstream
Install AppFlowy-GoTrue on Unraid in a few clicks.
Find AppFlowy-GoTrue in Community Apps on your Unraid server, review the template, and click Install. Unraid handles the Docker app or plugin setup from the published template.
Requirements
Categories
Download Statistics
Related apps
Explore more like this
Explore allDetails
appflowyinc/gotrue:latestRuntime arguments
- Network
custom:appflowy- Shell
sh- Privileged
- false
Template configuration
Public-facing GoTrue URL. Set to http://YOUR_SERVER_IP/gotrue (or your domain with /gotrue). Must be reachable by clients for OAuth redirects.
- Target
- API_EXTERNAL_URL
- Default
- http://YOUR_SERVER_IP/gotrue
- Value
- http://YOUR_SERVER_IP/gotrue
Email address of the initial admin account created on first start.
- Target
- GOTRUE_ADMIN_EMAIL
- Default
- admin@example.com
- Value
- admin@example.com
Password for the initial admin account.
- Target
- GOTRUE_ADMIN_PASSWORD
- Default
- changeme_admin_password
- Value
- changeme_admin_password
Shared JWT signing secret. MUST be identical to APPFLOWY_GOTRUE_JWT_SECRET in AppFlowy-Cloud. Minimum 32 characters. Keep private.
- Target
- GOTRUE_JWT_SECRET
- Default
- changeme_jwt_secret_min32chars!!
- Value
- changeme_jwt_secret_min32chars!!
GoTrue PostgreSQL connection string. Update user, password, and host if you changed them. Uses the auth schema.
- Target
- DATABASE_URL
- Default
- postgres://postgres:changeme_strong_password@AppFlowy-Postgres:5432/postgres?search_path=auth
- Value
- postgres://postgres:changeme_strong_password@AppFlowy-Postgres:5432/postgres?search_path=auth
JWT token lifetime in seconds. Default: 604800 (7 days).
- Target
- GOTRUE_JWT_EXP
- Default
- 604800
- Value
- 604800
Set true to skip email confirmation (recommended for initial setup). Set false to require email confirmation — you must also configure SMTP.
- Target
- GOTRUE_MAILER_AUTOCONFIRM
- Default
- true
- Value
- true
Set true to allow only invited users to sign up.
- Target
- GOTRUE_DISABLE_SIGNUP
- Default
- false
- Value
- false
Maximum emails GoTrue can send per minute.
- Target
- GOTRUE_RATE_LIMIT_EMAIL_SENT
- Default
- 100
- Value
- 100
Database driver — always postgres.
- Target
- GOTRUE_DB_DRIVER
- Default
- postgres
- Value
- postgres
Deep-link scheme for the AppFlowy native app.
- Target
- GOTRUE_SITE_URL
- Default
- appflowy-flutter://
- Value
- appflowy-flutter://
Allowed OAuth redirect URIs. ** permits all; restrict for production.
- Target
- GOTRUE_URI_ALLOW_LIST
- Default
- **
- Value
- **
JWT group name for admin users.
- Target
- GOTRUE_JWT_ADMIN_GROUP_NAME
- Default
- supabase_admin
- Value
- supabase_admin
GoTrue internal listen port. Do not change.
- Target
- PORT
- Default
- 9999
- Value
- 9999
URL path for email confirmation links.
- Target
- GOTRUE_MAILER_URLPATHS_CONFIRMATION
- Default
- /gotrue/verify
- Value
- /gotrue/verify
URL path for invite links.
- Target
- GOTRUE_MAILER_URLPATHS_INVITE
- Default
- /gotrue/verify
- Value
- /gotrue/verify
URL path for password recovery links.
- Target
- GOTRUE_MAILER_URLPATHS_RECOVERY
- Default
- /gotrue/verify
- Value
- /gotrue/verify
URL path for email-change confirmation links.
- Target
- GOTRUE_MAILER_URLPATHS_EMAIL_CHANGE
- Default
- /gotrue/verify
- Value
- /gotrue/verify
SMTP server hostname (e.g. smtp.gmail.com). Required if GOTRUE_MAILER_AUTOCONFIRM=false.
- Target
- GOTRUE_SMTP_HOST
SMTP port. Use 465 for TLS/SMTPS, 587 for STARTTLS.
- Target
- GOTRUE_SMTP_PORT
- Default
- 465
- Value
- 465
SMTP sender email address.
- Target
- GOTRUE_SMTP_USER
SMTP password.
- Target
- GOTRUE_SMTP_PASS
Admin email used as the From address.
- Target
- GOTRUE_SMTP_ADMIN_EMAIL
Minimum interval between emails to the same address. Use 1ns for no limit.
- Target
- GOTRUE_SMTP_MAX_FREQUENCY
- Default
- 1ns
- Value
- 1ns
Optional: public URL to a custom magic-link email HTML template.
- Target
- GOTRUE_MAILER_TEMPLATES_MAGIC_LINK
Enable Google OAuth login.
- Target
- GOTRUE_EXTERNAL_GOOGLE_ENABLED
- Default
- false
- Value
- false
Google OAuth client ID.
- Target
- GOTRUE_EXTERNAL_GOOGLE_CLIENT_ID
Google OAuth client secret.
- Target
- GOTRUE_EXTERNAL_GOOGLE_SECRET
Google OAuth redirect URI.
- Target
- GOTRUE_EXTERNAL_GOOGLE_REDIRECT_URI
- Default
- http://YOUR_SERVER_IP/gotrue/callback
- Value
- http://YOUR_SERVER_IP/gotrue/callback
Enable GitHub OAuth login.
- Target
- GOTRUE_EXTERNAL_GITHUB_ENABLED
- Default
- false
- Value
- false
GitHub OAuth app client ID.
- Target
- GOTRUE_EXTERNAL_GITHUB_CLIENT_ID
GitHub OAuth app client secret.
- Target
- GOTRUE_EXTERNAL_GITHUB_SECRET
GitHub OAuth redirect URI.
- Target
- GOTRUE_EXTERNAL_GITHUB_REDIRECT_URI
- Default
- http://YOUR_SERVER_IP/gotrue/callback
- Value
- http://YOUR_SERVER_IP/gotrue/callback
Enable Discord OAuth login.
- Target
- GOTRUE_EXTERNAL_DISCORD_ENABLED
- Default
- false
- Value
- false
Discord OAuth application client ID.
- Target
- GOTRUE_EXTERNAL_DISCORD_CLIENT_ID
Discord OAuth application client secret.
- Target
- GOTRUE_EXTERNAL_DISCORD_SECRET
Discord OAuth redirect URI.
- Target
- GOTRUE_EXTERNAL_DISCORD_REDIRECT_URI
- Default
- http://YOUR_SERVER_IP/gotrue/callback
- Value
- http://YOUR_SERVER_IP/gotrue/callback
Enable SAML 2.0 single sign-on.
- Target
- GOTRUE_SAML_ENABLED
- Default
- false
- Value
- false
PEM-encoded private key for SAML 2.0 signing.
- Target
- GOTRUE_SAML_PRIVATE_KEY