Zurück zu Anwendungen Eine App einreichenEinreichen

sure-aio-alpha

Docker-Anwendung from JSONbored's Repository

Übersicht

Sure Alpha is the testing lane for the Sure AIO Unraid package. It tracks upstream [code]we-promise/sure[/code] alpha prereleases and includes alpha-only wrapper patches before they are promoted or upstreamed.

Testing / Unstable
This template is meant for testing and local validation, not primary household finance data. Upstream alpha releases may include migrations or behavior changes that are not compatible with stable. Keep backups and do not point this container at your stable [code]sure-aio[/code] appdata.

Alpha customizations

Raises Sure NDJSON import defaults to [code]250MB[/code] and [code]1,000,000[/code] rows.
Exposes [code]SURE_IMPORT_MAX_NDJSON_SIZE_MB[/code] and [code]SURE_IMPORT_MAX_ROWS[/code] for larger alpha import testing.
Runs strict SureImport preflight before publish so blocked imports show specific errors during alpha testing.
Adds a self-hosted admin reset UI/task for clearing one selected family workspace before a fresh Sure NDJSON import.
Adds temporary split-line and transfer route-parity import support for Enhanced NDJSON proof packages.
Uses a separate alpha tag namespace, Web UI port, and appdata root from stable.

Quick Install

In Unraid, install this alpha template separately from stable.
Generate a secret with [code]openssl rand -hex 64[/code] and paste it into [code]Secret Key Base[/code].
Leave the default alpha appdata paths unless you have a deliberate test directory.
Wait for initialization, then open [code]http://SERVER_IP:3001[/code] or your mapped port.

Data paths (default)

[code]/mnt/user/appdata/sure-aio-alpha/system[/code]
[code]/mnt/user/appdata/sure-aio-alpha/postgres[/code]
[code]/mnt/user/appdata/sure-aio-alpha/redis[/code]

Anforderungen

Testing lane only. Do not point this template at stable sure-aio appdata, keep backups, and expect upstream alpha migrations or behavior changes. Generate a strong SECRET_KEY_BASE before first boot.

Laufzeit-Argumente

Web-UI: http://[IP]:[PORT:3000]
Netzwerk: bridge
Shell: sh
Privilegiert: false

Konfiguration der Vorlage

Web UI PortPorttcp

The main web interface port.

Ziel: 3000
Standard: 3001
Wert: 3001

Secret Key BaseVariable

Critical: Run 'openssl rand -hex 64' in your Unraid terminal and paste the randomized hash here.

Ziel: SECRET_KEY_BASE

[Internal] Self Hosted ModeVariable

Internal wrapper flag required for Sure self-hosted mode. Leave unchanged.

Ziel: SELF_HOSTED
Standard: true
Wert: true

[Internal] Legacy Self Hosting AliasVariable

Legacy upstream alias for self-hosted mode. Usually leave blank because SELF_HOSTED=true is already set by this wrapper.

Ziel: SELF_HOSTING_ENABLED

[Alpha] Sure NDJSON Upload Limit MBVariable

Alpha-only Sure import NDJSON upload limit in megabytes. Lower it if this test instance has constrained storage or memory.

Ziel: SURE_IMPORT_MAX_NDJSON_SIZE_MB
Standard: 250
Wert: 250

[Alpha] Sure Import Max RowsVariable

Alpha-only Sure import row limit used by web, API, and preflight paths.

Ziel: SURE_IMPORT_MAX_ROWS
Standard: 1000000
Wert: 1000000

App Volumes - Rails StoragePathrw

Internal rails file storage.

Ziel: /rails/storage
Standard: /mnt/user/appdata/sure-aio-alpha/system
Wert: /mnt/user/appdata/sure-aio-alpha/system

App Volumes - Postgres DBPathrw

Internal PostgreSQL database storage mapped externally so you don't lose data.

Ziel: /var/lib/postgresql/data
Standard: /mnt/user/appdata/sure-aio-alpha/postgres
Wert: /mnt/user/appdata/sure-aio-alpha/postgres

App Volumes - Redis CachePathrw

Internal Redis memory cache.

Ziel: /var/lib/redis
Standard: /mnt/user/appdata/sure-aio-alpha/redis
Wert: /mnt/user/appdata/sure-aio-alpha/redis

[SSL] Custom CA Certificate MountPathro

Optional host path to a PEM CA certificate file for trusting self-signed or internal HTTPS services. Leave blank unless you need private CA support.

Ziel: /certs/custom-ca.pem

App DomainVariable

The domain your Sure instance is hosted at (used for email links).

Ziel: APP_DOMAIN

App URLVariable

Optional full external base URL including scheme, such as 'https://finance.example.com'. Useful for advanced SSO flows that need an absolute callback or issuer URL.

Ziel: APP_URL

Onboarding StateVariable

Controls user registration. Use 'open', 'closed', or 'invite_only'.

Ziel: ONBOARDING_STATE
Standard: open
Wert: open

Require Invite CodeVariable

Optional global gate for account registration. Set to 'true' to require invite codes for sign-up.

Ziel: REQUIRE_INVITE_CODE

Require Email ConfirmationVariable

Set to 'false' if you explicitly want to skip email confirmation for new accounts. Leave enabled for the safer default.

Ziel: REQUIRE_EMAIL_CONFIRMATION
Standard: true
Wert: true

Assume SSLVariable

Leave 'false' for direct LAN access. Set to 'true' only when Sure sits behind a SSL-terminating reverse proxy.

Ziel: RAILS_ASSUME_SSL
Standard: false
Wert: false

Force SSL RedirectsVariable

Leave 'false' for the default Unraid install over plain HTTP. Set to 'true' only if you want direct HTTP requests redirected to HTTPS.

Ziel: RAILS_FORCE_SSL
Standard: false
Wert: false

[SSL] Custom CA FileVariable

Optional in-container path to a PEM CA certificate file. If you use the provided mount above, set this to '/certs/custom-ca.pem'.

Ziel: SSL_CA_FILE

[SSL] Override Global CA BundleVariable

Optional full CA bundle path for advanced Ruby/OpenSSL trust overrides. Usually leave blank and use SSL_CA_FILE instead.

Ziel: SSL_CERT_FILE

[SSL] Verify Remote CertificatesVariable

Leave 'true' for production. Set to 'false' only for temporary testing against broken or self-signed HTTPS endpoints.

Ziel: SSL_VERIFY
Standard: true
Wert: true

[SSL] Debug LoggingVariable

Set to 'true' to log detailed outbound SSL trust and certificate diagnostics.

Ziel: SSL_DEBUG
Standard: false
Wert: false

[Legal] Privacy Policy URLVariable

Optional external privacy-policy URL shown by the app when provided.

Ziel: LEGAL_PRIVACY_URL

[Legal] Terms of Service URLVariable

Optional external terms-of-service URL shown by the app when provided.

Ziel: LEGAL_TERMS_URL

[External DB] DB Host OverrideVariable

Optional external PostgreSQL host or container name. Example: '192.168.1.50' or 'postgres-shared' on a custom Docker network.

Ziel: DB_HOST

[External DB] DB Port OverrideVariable

Optional external PostgreSQL port. Example: '5432'.

Ziel: DB_PORT

[External DB] DB Name OverrideVariable

Optional external PostgreSQL database name. Leave blank to keep Sure's normal default database name.

Ziel: POSTGRES_DB

[External DB] DB User OverrideVariable

Optional external PostgreSQL username. This user must already exist on your external database.

Ziel: POSTGRES_USER

[External DB] DB Password OverrideVariable

Optional password for the external PostgreSQL user above.

Ziel: POSTGRES_PASSWORD

[External DB] Redis URL OverrideVariable

Optional external Redis URL. Example: 'redis://192.168.1.50:6379/1' or 'redis://:password@redis-host:6379/1'.

Ziel: REDIS_URL

[External Redis] Sentinel HostsVariable

Optional Redis Sentinel hosts, comma-separated like 'host1:26379,host2:26379'. Takes precedence over REDIS_URL when set.

Ziel: REDIS_SENTINEL_HOSTS

[External Redis] Sentinel MasterVariable

Redis Sentinel master name.

Ziel: REDIS_SENTINEL_MASTER
Standard: mymaster
Wert: mymaster

[External Redis] Sentinel UsernameVariable

Redis Sentinel username if your Sentinel deployment requires authentication.

Ziel: REDIS_SENTINEL_USERNAME
Standard: default
Wert: default

[External Redis] Sentinel PasswordVariable

Redis password used for Sentinel-backed Redis deployments.

Ziel: REDIS_PASSWORD

[System] Product NameVariable

Custom product name in UI.

Ziel: PRODUCT_NAME

[System] Brand NameVariable

Custom brand name in UI.

Ziel: BRAND_NAME

[System] Default UI LayoutVariable

Choose the initial layout for new sessions. Use 'dashboard' for the standard app or 'intro' for the intro-first experience.

Ziel: DEFAULT_UI_LAYOUT
Standard: dashboard
Wert: dashboard

[DB Encryption] Primary KeyVariable

Optional explicit Rails encryption primary key. Leave blank unless you deliberately manage separate Active Record encryption keys outside SECRET_KEY_BASE.

Ziel: ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY

[DB Encryption] Deterministic KeyVariable

Optional deterministic encryption key paired with the primary key above. Leave blank unless you already know your Rails encryption key material.

Ziel: ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY

[DB Encryption] Derivation SaltVariable

Optional key-derivation salt for Rails encryption. Leave blank unless you manage custom encryption keys yourself.

Ziel: ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT

[AI] OpenAI / Ollama TokenVariable

OpenAI-compatible API key. Get OpenAI keys from platform.openai.com/api-keys. If using local Ollama, enter any non-empty placeholder such as 'ollama-local'.

Ziel: OPENAI_ACCESS_TOKEN

[AI] OpenAI URI BaseVariable

Leave blank for official OpenAI. For local LLMs, enter your endpoint (e.g., 'http://ollama:11434/v1').

Ziel: OPENAI_URI_BASE

[AI] Model NameVariable

If using Ollama, you MUST define the model here (e.g., 'llama3.1:13b' or 'gemma2:7b').

Ziel: OPENAI_MODEL

[AI] Categorization ProviderVariable

Optional provider override used only for transaction categorization. Example: 'openai' or 'ollama'. If blank, Sure uses its normal AI provider behavior.

Ziel: CATEGORIZATION_PROVIDER

[AI] Categorization ModelVariable

Optional model override used only for categorization, such as 'gemma2:7b'.

Ziel: CATEGORIZATION_MODEL

[AI] Chat ProviderVariable

Optional provider override used only for chat-assistant requests. Example: 'openai' or 'ollama'.

Ziel: CHAT_PROVIDER

[AI] Chat ModelVariable

Optional model override used only for chat-assistant requests, such as 'gpt-4.1' or a local Ollama model.

Ziel: CHAT_MODEL

[AI] Request TimeoutVariable

OpenAI-compatible request timeout in seconds. Raise this only if your provider or local LLM is slow to respond.

Ziel: OPENAI_REQUEST_TIMEOUT
Standard: 60
Wert: 60

[AI] JSON Mode OverrideVariable

Optional structured-output override. Valid values are '', 'strict', 'none', or 'json_object'. Set this only if you need to force Sure's OpenAI JSON behavior globally.

Ziel: LLM_JSON_MODE

[AI] Debug LoggingVariable

Set to 'true' to enable verbose AI chat debugging in logs.

Ziel: AI_DEBUG_MODE
Standard: false
Wert: false

[AI] Enable PDF ProcessingVariable

Leave 'true' for OpenAI or vision-capable providers. Set to 'false' only for OpenAI-compatible endpoints that do not support PDF or vision input.

Ziel: OPENAI_SUPPORTS_PDF_PROCESSING
Standard: true
Wert: true

[AI] Supports Responses APIVariable

Optional override for OpenAI-compatible endpoints. Use 'true' to force the Responses API or 'false' to force chat completions. Leave blank for upstream auto-detection.

Ziel: OPENAI_SUPPORTS_RESPONSES_ENDPOINT

[AI] Context WindowVariable

Optional total LLM context window in tokens. Lower this for small local models or raise it for larger cloud models.

Ziel: LLM_CONTEXT_WINDOW

[AI] Max Response TokensVariable

Optional tokens reserved for each model response. Leave blank for upstream defaults.

Ziel: LLM_MAX_RESPONSE_TOKENS

[AI] Max History TokensVariable

Optional explicit chat history token budget. Leave blank so Sure derives it from context, response, and system-prompt reserves.

Ziel: LLM_MAX_HISTORY_TOKENS

[AI] System Prompt ReserveVariable

Optional tokens reserved for Sure's system prompt and instructions. Leave blank for upstream defaults.

Ziel: LLM_SYSTEM_PROMPT_RESERVE

[AI] Max Items Per Tool CallVariable

Optional maximum batch size for AI categorization and merchant-detection calls. Lower this for small local models.

Ziel: LLM_MAX_ITEMS_PER_CALL

[AI] Vector Store ProviderVariable

Optional document-search backend. Leave blank for the default path. Set to 'pgvector' to use PostgreSQL-based vectors or 'qdrant' for an external Qdrant server.

Ziel: VECTOR_STORE_PROVIDER

[AI] Embedding ModelVariable

Embedding model name used for document search. Example: 'nomic-embed-text'. This is required when you enable pgvector or qdrant-backed document search.

Ziel: EMBEDDING_MODEL

[AI] Embedding DimensionsVariable

Embedding width for the selected model. Must match the provider output.

Ziel: EMBEDDING_DIMENSIONS
Standard: 1024
Wert: 1024

[AI] Embedding URI BaseVariable

Optional dedicated embeddings endpoint. Example: 'http://ollama:11434/v1'. If blank, Sure falls back to OPENAI_URI_BASE.

Ziel: EMBEDDING_URI_BASE

[AI] Embedding Access TokenVariable

Optional dedicated embeddings token. If blank, Sure falls back to OPENAI_ACCESS_TOKEN.

Ziel: EMBEDDING_ACCESS_TOKEN

[AI] Qdrant URLVariable

Optional external Qdrant endpoint for vector storage. Example: 'http://192.168.1.50:6333'.

Ziel: QDRANT_URL

[AI] Qdrant API KeyVariable

Optional Qdrant API key from your Qdrant Cloud or self-hosted auth configuration.

Ziel: QDRANT_API_KEY

[Ext. AI] Assistant TypeVariable

Set to 'external' to route all chat to an external agent via MCP.

Ziel: ASSISTANT_TYPE

[Ext. AI] Assistant URLVariable

URL for the external agent (e.g. https://your-openclaw/v1/chat/completions).

Ziel: EXTERNAL_ASSISTANT_URL

[Ext. AI] Assistant TokenVariable

Auth token expected by your external agent or gateway. Copy it from that service's dashboard or config.

Ziel: EXTERNAL_ASSISTANT_TOKEN

[Ext. AI] Agent IDVariable

Optional Agent ID for OpenClaw routing.

Ziel: EXTERNAL_ASSISTANT_AGENT_ID

[Ext. AI] Session KeyVariable

Optional shared session key for remote agent conversation persistence. Leave blank so Sure-AIO derives isolated per-chat remote state.

Ziel: EXTERNAL_ASSISTANT_SESSION_KEY

[Ext. AI] Allowed EmailsVariable

Optional comma-separated allowlist of users permitted to use the external assistant.

Ziel: EXTERNAL_ASSISTANT_ALLOWED_EMAILS

[Ext. AI] MCP User EmailVariable

Required if using Ext. AI: Email of an existing Sure user.

Ziel: MCP_USER_EMAIL

[Ext. AI] MCP API TokenVariable

Required if using Ext. AI: Bearer token for agent callbacks to /mcp. Generate one with 'openssl rand -hex 32' in the Unraid terminal.

Ziel: MCP_API_TOKEN

[Telemetry] PostHog KeyVariable

PostHog project API key from your PostHog project settings.

Ziel: POSTHOG_KEY

[Telemetry] PostHog HostVariable

PostHog host URL. Example: 'https://us.i.posthog.com' or your self-hosted PostHog URL.

Ziel: POSTHOG_HOST

[Telemetry] Langfuse HostVariable

Langfuse base URL for LLM observability. Example: 'https://cloud.langfuse.com' or your self-hosted Langfuse URL.

Ziel: LANGFUSE_HOST

[Telemetry] Langfuse RegionVariable

Optional Langfuse region shortcut like 'us' or 'eu'. Use this only if you are not setting a custom Langfuse Host URL.

Ziel: LANGFUSE_REGION

[Telemetry] Langfuse Public KeyVariable

Langfuse public key from your project settings.

Ziel: LANGFUSE_PUBLIC_KEY

[Telemetry] Langfuse Secret KeyVariable

Langfuse secret key from your project settings.

Ziel: LANGFUSE_SECRET_KEY

[Telemetry] Sentry DSNVariable

Optional Sentry DSN if you want upstream exception reporting enabled for this instance.

Ziel: SENTRY_DSN

[Telemetry] Skylight EnabledVariable

Set to 'true' only if you intentionally use Skylight's hosted APM service. Default is 'false' for AIO installs so no external Skylight setup is required.

Ziel: SKYLIGHT_ENABLED
Standard: false
Wert: false

[Telemetry] Skylight Auth TokenVariable

Optional Skylight app authentication token. Only used when SKYLIGHT_ENABLED is true and you want to send APM data to your Skylight account.

Ziel: SKYLIGHT_AUTHENTICATION

[Telemetry] Logtail API KeyVariable

Optional Better Stack / Logtail source token from your log source settings.

Ziel: LOGTAIL_API_KEY

[Telemetry] Logtail Ingest HostVariable

Optional Logtail ingest host used with LOGTAIL_API_KEY.

Ziel: LOGTAIL_INGESTING_HOST

[Telemetry] Rails Log LevelVariable

Application log verbosity. Use 'info' for normal operation or 'debug' for deeper troubleshooting.

Ziel: RAILS_LOG_LEVEL
Standard: info
Wert: info

[Runtime] Rails/Sidekiq Thread PoolVariable

Optional worker thread count used by Puma, Sidekiq, and DB pool sizing. Leave blank for upstream default (3).

Ziel: RAILS_MAX_THREADS

[Runtime] Puma Worker ProcessesVariable

Optional Puma process count for the web service. Leave blank for upstream default (1).

Ziel: WEB_CONCURRENCY

[Runtime] Sidekiq Web UsernameVariable

Optional username for /sidekiq dashboard basic auth. Leave blank to keep upstream default username ('sure').

Ziel: SIDEKIQ_WEB_USERNAME

[Runtime] Sidekiq Web PasswordVariable

Optional password for /sidekiq dashboard basic auth. Leave blank to keep upstream default password ('sure').

Ziel: SIDEKIQ_WEB_PASSWORD

[Network] HTTPS ProxyVariable

Optional outbound HTTPS proxy URL (for advanced egress controls like Pipelock). Leave blank for normal direct outbound traffic.

Ziel: HTTPS_PROXY

[Network] HTTP ProxyVariable

Optional outbound HTTP proxy URL. Leave blank unless your network requires a proxy.

Ziel: HTTP_PROXY

[Network] No Proxy HostsVariable

Optional comma-separated hosts/domains that should bypass HTTP(S) proxy routing.

Ziel: NO_PROXY

[API] Exchange Rate ProviderVariable

Optional exchange-rate provider override. If left blank, Sure uses its normal default and UI selection behavior.

Ziel: EXCHANGE_RATE_PROVIDER

[API] Securities ProviderVariable

Optional securities provider override. If left blank, Sure uses its normal default and UI selection behavior.

Ziel: SECURITIES_PROVIDER

[API] Securities ProvidersVariable

Optional comma-separated securities provider list. Example: 'yahoo_finance,binance_public,twelve_data'. Takes precedence over the single Securities Provider field when set.

Ziel: SECURITIES_PROVIDERS

[API] Brandfetch Client IDVariable

Brandfetch client ID from your Brandfetch application or dashboard if you want merchant and bank logos.

Ziel: BRAND_FETCH_CLIENT_ID

[API] Brandfetch High-Res LogosVariable

Optional env override for 120x120 Brandfetch logos. Set to 'true' to force high-res logos, 'false' to force standard size. Leave blank to keep the in-app toggle enabled.

Ziel: BRAND_FETCH_HIGH_RES_LOGOS

[API] Indexa API TokenVariable

Optional global API token used by the Indexa Capital provider when account-level credentials are not configured.

Ziel: INDEXA_API_TOKEN

[API] Twelve Data KeyVariable

Optional Twelve Data API key from twelvedata.com if you want exchange rates or securities from Twelve Data instead of Yahoo Finance.

Ziel: TWELVE_DATA_API_KEY

[API] Twelve Data URL OverrideVariable

Optional custom Twelve Data API base URL. Leave blank unless you are routing Twelve Data through a proxy or alternate endpoint.

Ziel: TWELVE_DATA_URL

[API] Twelve Data Min Request IntervalVariable

Optional minimum spacing between Twelve Data requests in seconds. Leave blank for upstream pacing.

Ziel: TWELVE_DATA_MIN_REQUEST_INTERVAL

[API] Twelve Data Max Requests Per MinuteVariable

Optional Twelve Data per-minute credit limit. Lower this if your plan is more restrictive than upstream defaults.

Ziel: TWELVE_DATA_MAX_REQUESTS_PER_MINUTE

[API] Tiingo API KeyVariable

Optional Tiingo API key for securities pricing. Configure provider selection separately if you want Sure to use Tiingo.

Ziel: TIINGO_API_KEY

[API] Tiingo URL OverrideVariable

Optional custom Tiingo API base URL. Leave blank for normal public Tiingo access.

Ziel: TIINGO_URL

[API] Tiingo Max Requests Per HourVariable

Optional Tiingo hourly request cap used by Sure's rate limiter. Leave blank for upstream defaults.

Ziel: TIINGO_MAX_REQUESTS_PER_HOUR

[API] EODHD API KeyVariable

Optional EODHD API key for securities pricing, especially international ETF coverage. Configure provider selection separately if you want Sure to use EODHD.

Ziel: EODHD_API_KEY

[API] EODHD URL OverrideVariable

Optional custom EODHD API base URL. Leave blank for normal public EODHD access.

Ziel: EODHD_URL

[API] EODHD Max Requests Per DayVariable

Optional EODHD daily request cap used by Sure's rate limiter. Leave blank for upstream defaults.

Ziel: EODHD_MAX_REQUESTS_PER_DAY

[API] Alpha Vantage API KeyVariable

Optional Alpha Vantage API key for securities pricing. Configure provider selection separately if you want Sure to use Alpha Vantage.

Ziel: ALPHA_VANTAGE_API_KEY

[API] Alpha Vantage URL OverrideVariable

Optional custom Alpha Vantage API base URL. Leave blank for normal public Alpha Vantage access.

Ziel: ALPHA_VANTAGE_URL

[API] Alpha Vantage Max Requests Per DayVariable

Optional Alpha Vantage daily request cap used by Sure's rate limiter. Leave blank for upstream defaults.

Ziel: ALPHA_VANTAGE_MAX_REQUESTS_PER_DAY

[API] MFAPI URL OverrideVariable

Optional custom MFAPI base URL for mutual-fund data. Leave blank for upstream defaults.

Ziel: MFAPI_URL

[API] Binance Public URL OverrideVariable

Optional custom Binance public market-data base URL. Leave blank for upstream defaults.

Ziel: BINANCE_PUBLIC_URL

[API] Binance Egress IP HintVariable

Optional public egress IP shown in the Binance setup UI so users know which IP to allowlist.

Ziel: BINANCE_EGRESS_IP

[API] Yahoo Finance URL OverrideVariable

Optional custom Yahoo Finance API base URL. Leave blank for normal public Yahoo Finance access.

Ziel: YAHOO_FINANCE_URL

[API] Yahoo Finance Max RetriesVariable

Maximum retry attempts for Yahoo Finance requests before Sure gives up.

Ziel: YAHOO_FINANCE_MAX_RETRIES
Standard: 5
Wert: 5

[API] Yahoo Finance Retry IntervalVariable

Seconds to wait between Yahoo Finance retry attempts.

Ziel: YAHOO_FINANCE_RETRY_INTERVAL
Standard: 1.0
Wert: 1.0

[API] Yahoo Finance Min Request IntervalVariable

Optional minimum spacing between Yahoo Finance requests in seconds. Leave blank to keep upstream defaults.

Ziel: YAHOO_FINANCE_MIN_REQUEST_INTERVAL

[Sync] Auto Sync EnabledVariable

Container-level override for Sure's scheduled sync job. Use '1' to keep it enabled or '0' to disable automatic syncs globally.

Ziel: AUTO_SYNC_ENABLED
Standard: 1
Wert: 1

[Sync] Auto Sync TimeVariable

Daily auto-sync time in 24-hour HH:MM format.

Ziel: AUTO_SYNC_TIME
Standard: 02:22
Wert: 02:22

[Sync] Auto Sync TimezoneVariable

Timezone used with AUTO_SYNC_TIME. Example: 'America/Denver'.

Ziel: AUTO_SYNC_TIMEZONE
Standard: UTC
Wert: UTC

[Sync] SimpleFIN Include PendingVariable

Set to '0' to exclude pending SimpleFIN transactions. If set here, upstream disables the corresponding Sync setting in the Sure UI.

Ziel: SIMPLEFIN_INCLUDE_PENDING
Standard: 1
Wert: 1

[Sync] SimpleFIN Raw Debug LogsVariable

Set to 'true' to log raw SimpleFIN payloads for debugging. This can expose sensitive data and create noisy logs.

Ziel: SIMPLEFIN_DEBUG_RAW

[Sync] SimpleFIN Credit Overpayment HeuristicVariable

Optional override for SimpleFIN liability overpayment detection. Set to 'false' to disable the heuristic globally.

Ziel: SIMPLEFIN_CC_OVERPAYMENT_HEURISTIC

[Sync] Plaid Include PendingVariable

Set to '0' to exclude pending Plaid transactions. If set here, upstream disables the corresponding Sync setting in the Sure UI.

Ziel: PLAID_INCLUDE_PENDING
Standard: 1
Wert: 1

[Sync] Lunchflow Include PendingVariable

Set to 'true' to include pending transactions in Lunchflow sync requests.

Ziel: LUNCHFLOW_INCLUDE_PENDING

[Sync] Lunchflow Raw Debug LogsVariable

Set to 'true' to log raw Lunchflow payloads for debugging. This can expose sensitive data and create noisy logs.

Ziel: LUNCHFLOW_DEBUG_RAW

[Auth] Local Login EnabledVariable

Set to 'false' to disable local email/password login and move users toward SSO-only auth.

Ziel: AUTH_LOCAL_LOGIN_ENABLED
Standard: true
Wert: true

[Auth] Local Admin OverrideVariable

If local login is disabled, set to 'true' to let super admins keep local login as an emergency backdoor.

Ziel: AUTH_LOCAL_ADMIN_OVERRIDE_ENABLED
Standard: false
Wert: false

[Auth] JIT SSO ModeVariable

SSO behavior for first-time users: 'create_and_link' creates accounts automatically, 'link_only' requires an existing user.

Ziel: AUTH_JIT_MODE
Standard: create_and_link
Wert: create_and_link

[Auth] Allowed OIDC DomainsVariable

Optional comma-separated email domains allowed for JIT SSO account creation.

Ziel: ALLOWED_OIDC_DOMAINS

[Alpha Auth] WebAuthn Relying Party IDVariable

Alpha-only passkey/WebAuthn relying party ID. Usually your registrable domain, such as 'example.com'. This only configures browser trust; add passkeys inside Sure from Settings > Security after enabling authenticator-app 2FA. Changing this after registering credentials can make existing passkeys unusable.

Ziel: WEBAUTHN_RP_ID

[Alpha Auth] WebAuthn Allowed OriginsVariable

Alpha-only comma-separated WebAuthn origins including scheme and host, such as 'https://finance.example.com'. This only configures browser trust; add passkeys inside Sure from Settings > Security after enabling authenticator-app 2FA.

Ziel: WEBAUTHN_ALLOWED_ORIGINS

[Auth] Provider SourceVariable

Leave blank for normal YAML/env-backed provider loading. Set to 'db' if you want upstream's database-backed SSO provider admin UI.

Ziel: AUTH_PROVIDERS_SOURCE

[Auth] OIDC Client IDVariable

OIDC client ID from your identity provider app registration, such as Authentik, Authelia, Keycloak, or Zitadel.

Ziel: OIDC_CLIENT_ID

[Auth] OIDC Client SecretVariable

OIDC client secret from the same identity provider app registration.

Ziel: OIDC_CLIENT_SECRET

[Auth] OIDC IssuerVariable

OIDC issuer URL. Example: 'https://auth.example.com/application/o/sure/' or your provider's issuer endpoint.

Ziel: OIDC_ISSUER

[Auth] OIDC Redirect URIVariable

OIDC redirect URI registered with your provider. Example: 'https://finance.example.com/auth/openid_connect/callback'.

Ziel: OIDC_REDIRECT_URI

[Auth] OIDC Button LabelVariable

Optional custom sign-in button label for the default OIDC provider.

Ziel: OIDC_BUTTON_LABEL

[Auth] OIDC Button IconVariable

Optional icon slug for the default OIDC sign-in button.

Ziel: OIDC_BUTTON_ICON
Standard: key
Wert: key

[Auth] Google OAuth Client IDVariable

Optional Google OAuth client ID from console.cloud.google.com if you want a dedicated Google sign-in provider.

Ziel: GOOGLE_OAUTH_CLIENT_ID

[Auth] Google OAuth Client SecretVariable

Optional Google OAuth client secret from the same Google OAuth app.

Ziel: GOOGLE_OAUTH_CLIENT_SECRET

[Auth] Google Button LabelVariable

Optional custom label for the Google sign-in button.

Ziel: GOOGLE_BUTTON_LABEL
Standard: Sign in with Google
Wert: Sign in with Google

[Auth] Google Button IconVariable

Optional icon slug for the Google sign-in button.

Ziel: GOOGLE_BUTTON_ICON
Standard: google
Wert: google

[Auth] GitHub OAuth Client IDVariable

Optional GitHub OAuth client ID from your GitHub OAuth App settings if you want a dedicated GitHub sign-in provider.

Ziel: GITHUB_CLIENT_ID

[Auth] GitHub OAuth Client SecretVariable

Optional GitHub OAuth client secret from the same GitHub OAuth App.

Ziel: GITHUB_CLIENT_SECRET

[Auth] GitHub Button LabelVariable

Optional custom label for the GitHub sign-in button.

Ziel: GITHUB_BUTTON_LABEL
Standard: Sign in with GitHub
Wert: Sign in with GitHub

[Auth] GitHub Button IconVariable

Optional icon slug for the GitHub sign-in button.

Ziel: GITHUB_BUTTON_ICON
Standard: github
Wert: github

[Auth:Keycloak] Client IDVariable

Optional named Keycloak OIDC provider client ID for upstream multi-provider auth.yml mode.

Ziel: OIDC_KEYCLOAK_CLIENT_ID

[Auth:Keycloak] Client SecretVariable

Optional named Keycloak OIDC provider client secret for upstream multi-provider auth.yml mode.

Ziel: OIDC_KEYCLOAK_CLIENT_SECRET

[Auth:Keycloak] IssuerVariable

Optional named Keycloak OIDC issuer URL for upstream multi-provider auth.yml mode.

Ziel: OIDC_KEYCLOAK_ISSUER

[Auth:Keycloak] Redirect URIVariable

Optional named Keycloak OIDC redirect URI for upstream multi-provider auth.yml mode.

Ziel: OIDC_KEYCLOAK_REDIRECT_URI

[Auth:Authentik] Client IDVariable

Optional named Authentik OIDC provider client ID for upstream multi-provider auth.yml mode.

Ziel: OIDC_AUTHENTIK_CLIENT_ID

[Auth:Authentik] Client SecretVariable

Optional named Authentik OIDC provider client secret for upstream multi-provider auth.yml mode.

Ziel: OIDC_AUTHENTIK_CLIENT_SECRET

[Auth:Authentik] IssuerVariable

Optional named Authentik OIDC issuer URL for upstream multi-provider auth.yml mode.

Ziel: OIDC_AUTHENTIK_ISSUER

[Auth:Authentik] Redirect URIVariable

Optional named Authentik OIDC redirect URI for upstream multi-provider auth.yml mode.

Ziel: OIDC_AUTHENTIK_REDIRECT_URI

[Storage] Provider StrategyVariable

Leave blank for internal disk storage. Change to 'amazon', 'cloudflare', 'generic_s3', or 'google' to move uploads out of the container.

Ziel: ACTIVE_STORAGE_SERVICE

[Storage:AWS] Access Key IDVariable

Amazon S3 access key ID from your AWS IAM user or access-key pair.

Ziel: S3_ACCESS_KEY_ID

[Storage:AWS] Secret Access KeyVariable

Amazon S3 secret access key paired with the access key ID above.

Ziel: S3_SECRET_ACCESS_KEY

[Storage:AWS] RegionVariable

Amazon S3 region. Defaults to us-east-1 if left blank.

Ziel: S3_REGION

[Storage:AWS] Bucket NameVariable

Amazon S3 bucket name.

Ziel: S3_BUCKET

[Storage:R2] Cloudflare Account IDVariable

Cloudflare account ID used to construct the R2 endpoint URL.

Ziel: CLOUDFLARE_ACCOUNT_ID

[Storage:R2] Access Key IDVariable

Cloudflare R2 access key ID from your R2 API token pair.

Ziel: CLOUDFLARE_ACCESS_KEY_ID

[Storage:R2] Secret Access KeyVariable

Cloudflare R2 secret access key paired with the R2 access key ID above.

Ziel: CLOUDFLARE_SECRET_ACCESS_KEY

[Storage:R2] Bucket NameVariable

Cloudflare R2 bucket name.

Ziel: CLOUDFLARE_BUCKET

[Storage:Generic S3] Access Key IDVariable

Generic S3 or MinIO access key ID from your object-storage service.

Ziel: GENERIC_S3_ACCESS_KEY_ID

[Storage:Generic S3] Secret Access KeyVariable

Generic S3 or MinIO secret access key paired with the access key ID above.

Ziel: GENERIC_S3_SECRET_ACCESS_KEY

[Storage:Generic S3] RegionVariable

Generic S3 region value expected by your provider.

Ziel: GENERIC_S3_REGION

[Storage:Generic S3] Bucket NameVariable

Generic S3 or MinIO bucket name.

Ziel: GENERIC_S3_BUCKET

[Storage:Generic S3] Custom EndpointVariable

Custom MinIO or S3-compatible endpoint URL.

Ziel: GENERIC_S3_ENDPOINT

[Storage:Generic S3] Force Path StyleVariable

Set to 'true' for providers that require path-style S3 requests.

Ziel: GENERIC_S3_FORCE_PATH_STYLE
Standard: false
Wert: false

[Storage:GCS] ProjectVariable

Google Cloud project ID used by Active Storage when Provider Strategy is set to 'google'.

Ziel: GCS_PROJECT

[Storage:GCS] Bucket NameVariable

Google Cloud Storage bucket name used when Provider Strategy is set to 'google'.

Ziel: GCS_BUCKET

[Storage:GCS] Keyfile JSONVariable

Raw Google service-account JSON content. Preferred over a keyfile path when using GCS storage.

Ziel: GCS_KEYFILE_JSON

[Storage:GCS] Keyfile PathVariable

In-container path to a Google service-account JSON keyfile. Use only if you mount the file separately.

Ziel: GCS_KEYFILE

[Email] SMTP AddressVariable

Hostname for your SMTP server. Example: 'smtp.mailgun.org', 'smtp.sendgrid.net', or your mail relay host.

Ziel: SMTP_ADDRESS

[Email] SMTP PortVariable

Port for your SMTP server. Common values: '465' for implicit TLS or '587' for STARTTLS.

Ziel: SMTP_PORT
Standard: 465

[Email] SMTP UsernameVariable

SMTP username from your mail provider or relay.

Ziel: SMTP_USERNAME

[Email] SMTP PasswordVariable

SMTP password or app password from your mail provider.

Ziel: SMTP_PASSWORD

[Email] SMTP TLS EnabledVariable

Leave 'true' for normal secure SMTP. Set to 'false' only if your mail relay expects plain SMTP without TLS.

Ziel: SMTP_TLS_ENABLED
Standard: true
Wert: true

[Email] SMTP TLS Skip VerifyVariable

Leave 'false' for normal certificate validation. Set to 'true' only for a trusted private SMTP relay with broken TLS certificates.

Ziel: SMTP_TLS_SKIP_VERIFY
Standard: false
Wert: false

[Email] Sender AddressVariable

The email address your app will send mail from (e.g., finance@mydomain.com).

Ziel: EMAIL_SENDER

[Plaid] Client IDVariable

Optional Plaid client ID if you want upstream Plaid account linking enabled.

Ziel: PLAID_CLIENT_ID

[Plaid] SecretVariable

Optional Plaid secret paired with the client ID above.

Ziel: PLAID_SECRET

[Plaid] EnvironmentVariable

Optional Plaid environment such as 'sandbox' or 'production'.

Ziel: PLAID_ENV

[Plaid EU] Client IDVariable

Optional Plaid Europe client ID if you use the Plaid EU adapter.

Ziel: PLAID_EU_CLIENT_ID

[Plaid EU] SecretVariable

Optional Plaid Europe secret paired with the Plaid EU client ID above.

Ziel: PLAID_EU_SECRET

[Plaid EU] EnvironmentVariable

Optional Plaid Europe environment such as 'sandbox' or 'production'.

Ziel: PLAID_EU_ENV

Links

Vorlage Unterstützung Docker-Hub Project

Einzelheiten

Repository

jsonbored/sure-aio-alpha:latest-alpha

Registry

https://hub.docker.com/r/jsonbored/sure-aio-alpha

Zuletzt aktualisiert2026-05-26

Erstmals gesehen2026-05-18

Führen Sie sure-aio-alpha auf Unraid aus.

sure-aio-alpha ist gelistet in Community Apps für Unraid OS. Erkunden Sie Unraid, um einen flexiblen Heimserver, ein NAS oder ein Heimlabor aufzubauen.

Erkunden Sie Unraid OS