You can change 1122 to any available port on your host system.

Ziel

3000

Standard

1122

Wert

1122

Ziel

/app/data

Wert

/mnt/user/appdata/jotty/data

Ziel

/app/config

Wert

/mnt/user/appdata/jotty/config

Ziel

/app/.next/cache

Wert

/mnt/user/appdata/jotty/cache

Sets the Node.js environment to production mode for optimal performance and security.

Standard

production

Wert

production

Process User ID that the container will run as.

Standard

99

Wert

99

Process Group ID that the container will run as.

Standard

100

Wert

100

Sets the default file creation mask.

Standard

002

Wert

002

Enables HTTPS mode for secure connections.

Standard

false|true

Wert

false

Base URL of your jotty·page instance. Required for secure session (https) and SSO. Include the https://

Ziel

APP_URL

Allows public access to uploaded images via direct URLs.

Ziel

SERVE_PUBLIC_IMAGES

Standard

yes|no

Wert

yes

Allows public access to uploaded files via direct URLs.

Ziel

SERVE_PUBLIC_VIDEOS

Standard

yes|no

Wert

yes

Allows public access to uploaded files via direct URLs.

Ziel

SERVE_PUBLIC_FILES

Standard

yes|no

Wert

yes

If set to yes stops the github api call and won't give you a toast when a new update is available.

Ziel

STOP_CHECK_UPDATES

Standard

no|yes

Wert

no

Optional. Disables brute force protection for local login authentication. By default, accounts are temporarily locked after 3 failed login attempts with exponential delays (10s, 30s, 60s, etc.). Set to true to completely disable this security feature.

Ziel

DISABLE_BRUTEFORCE_PROTECTION

Standard

false|true

Wert

false

Optional. Sets the default language for the application (e.g., on the login page) when no user is logged in or a user hasn't set a preference.

Ziel

DEFAULT_LOCALE

Standard

en

Wert

en

Optional. Enables zooming on the PWA for accessibility reasons.

Ziel

ENABLE_PWA_ZOOM

Standard

no|yes

Wert

no

Enables OIDC (OpenID Connect) single sign-on or LDAP/Active Directory authentication. Set to 'oidc' or 'ldap'. Supersedes SSO_MODE.

Ziel

AUTH_MODE

Standard

|oidc|ldap

Legacy fallback for AUTH_MODE. Kept for backward compatibility with existing setups — prefer AUTH_MODE for new installs. Leave empty if AUTH_MODE is set.

Ziel

SSO_MODE

Standard

|oidc

URL of your OIDC provider (e.g., Authentik, Auth0, Keycloak).

Ziel

OIDC_ISSUER

Client ID from your OIDC provider configuration.

Ziel

OIDC_CLIENT_ID

Optional. Client secret for confidential OIDC client authentication.

Ziel

OIDC_CLIENT_SECRET

Optional. Path to file containing the OIDC client ID. If set, takes priority over OIDC_CLIENT_ID. Useful for Docker Secrets.

Ziel

OIDC_CLIENT_ID_FILE

Optional. Path to file containing the OIDC client secret. If set, takes priority over OIDC_CLIENT_SECRET. Useful for Docker Secrets.

Ziel

OIDC_CLIENT_SECRET_FILE

Optional. Allows both SSO and local authentication methods.

Ziel

SSO_FALLBACK_LOCAL

Standard

yes|no

Wert

yes

Optional. Comma-separated list of OIDC groups that should have admin privileges.

Ziel

OIDC_ADMIN_GROUPS

Standard

admins

Wert

admins

Optional. Comma-separated list of OIDC roles that should have admin privileges.

Ziel

OIDC_ADMIN_ROLES

Standard

admin

Wert

admin

Optional. Comma-separated list of OIDC groups allowed to access the application. If set, only users in these groups (or admins) can log in.

Ziel

OIDC_USER_GROUPS

Optional. Comma-separated list of OIDC roles allowed to access the application. If set, only users with these roles (or admins) can log in.

Ziel

OIDC_USER_ROLES

Scope to request for groups. Defaults to 'groups'. Set to empty string or 'no' to disable for providers like Entra ID that don't support the groups scope.

Ziel

OIDC_GROUPS_SCOPE

Standard

groups

Wert

groups

Optional. Custom logout URL for global logout. Full URL to redirect to when logging out.

Ziel

OIDC_LOGOUT_URL

URL of your LDAP server (e.g., ldap://ldap.example.com:389). Use ldaps:// on port 636 for TLS. Required when AUTH_MODE=ldap.

Ziel

LDAP_URL

Distinguished name of the service account used to search the directory (e.g., cn=service,dc=example,dc=com). Required when AUTH_MODE=ldap.

Ziel

LDAP_BIND_DN

Password of the LDAP service account. Required when AUTH_MODE=ldap (unless LDAP_BIND_PASSWORD_FILE is set).

Ziel

LDAP_BIND_PASSWORD

Optional. Path to a file containing the LDAP service account password. Takes priority over LDAP_BIND_PASSWORD. Useful for Docker Secrets.

Ziel

LDAP_BIND_PASSWORD_FILE

Base DN under which to search for users (e.g., ou=users,dc=example,dc=com). Required when AUTH_MODE=ldap.

Ziel

LDAP_BASE_DN

Optional. The LDAP attribute matched against the submitted username. Defaults to 'uid'. Use 'sAMAccountName' for Active Directory.

Ziel

LDAP_USER_ATTRIBUTE

Standard

uid

Optional. Pipe-separated list of group DNs granted admin rights on first login (e.g., cn=admins,ou=groups,dc=example,dc=com). Use '|' as separator since DNs contain commas. Requires memberof overlay on the LDAP server.

Ziel

LDAP_ADMIN_GROUPS

Optional. Pipe-separated list of group DNs allowed to log in. Only members of these groups (or admin groups) can authenticate. Requires memberof overlay on the LDAP server.

Ziel

LDAP_USER_GROUPS

Optional. Path (inside the container) to a CA certificate file. Use this for LDAPS with a self-signed certificate (e.g., /app/config/ldap-ca.crt).

Ziel

NODE_EXTRA_CA_CERTS

Use if getting 403 errors after SSO login: Set to http://localhost:3000

Ziel

INTERNAL_API_URL