You can change 1122 to any available port on your host system.

Objetivo

3000

Por defecto

1122

Valor

1122

Objetivo

/app/data

Valor

/mnt/user/appdata/jotty/data

Objetivo

/app/config

Valor

/mnt/user/appdata/jotty/config

Objetivo

/app/.next/cache

Valor

/mnt/user/appdata/jotty/cache

Sets the Node.js environment to production mode for optimal performance and security.

Por defecto

production

Valor

production

Process User ID that the container will run as.

Por defecto

99

Valor

99

Process Group ID that the container will run as.

Por defecto

100

Valor

100

Sets the default file creation mask.

Por defecto

002

Valor

002

Enables HTTPS mode for secure connections.

Por defecto

false|true

Valor

false

Base URL of your jotty·page instance. Required for secure session (https) and SSO. Include the https://

Objetivo

APP_URL

Allows public access to uploaded images via direct URLs.

Objetivo

SERVE_PUBLIC_IMAGES

Por defecto

yes|no

Valor

yes

Allows public access to uploaded files via direct URLs.

Objetivo

SERVE_PUBLIC_VIDEOS

Por defecto

yes|no

Valor

yes

Allows public access to uploaded files via direct URLs.

Objetivo

SERVE_PUBLIC_FILES

Por defecto

yes|no

Valor

yes

If set to yes stops the github api call and won't give you a toast when a new update is available.

Objetivo

STOP_CHECK_UPDATES

Por defecto

no|yes

Valor

no

Optional. Disables brute force protection for local login authentication. By default, accounts are temporarily locked after 3 failed login attempts with exponential delays (10s, 30s, 60s, etc.). Set to true to completely disable this security feature.

Objetivo

DISABLE_BRUTEFORCE_PROTECTION

Por defecto

false|true

Valor

false

Optional. Sets the default language for the application (e.g., on the login page) when no user is logged in or a user hasn't set a preference.

Objetivo

DEFAULT_LOCALE

Por defecto

en

Valor

en

Optional. Enables zooming on the PWA for accessibility reasons.

Objetivo

ENABLE_PWA_ZOOM

Por defecto

no|yes

Valor

no

Enables OIDC (OpenID Connect) single sign-on or LDAP/Active Directory authentication. Set to 'oidc' or 'ldap'. Supersedes SSO_MODE.

Objetivo

AUTH_MODE

Por defecto

|oidc|ldap

Legacy fallback for AUTH_MODE. Kept for backward compatibility with existing setups — prefer AUTH_MODE for new installs. Leave empty if AUTH_MODE is set.

Objetivo

SSO_MODE

Por defecto

|oidc

URL of your OIDC provider (e.g., Authentik, Auth0, Keycloak).

Objetivo

OIDC_ISSUER

Client ID from your OIDC provider configuration.

Objetivo

OIDC_CLIENT_ID

Optional. Client secret for confidential OIDC client authentication.

Objetivo

OIDC_CLIENT_SECRET

Optional. Path to file containing the OIDC client ID. If set, takes priority over OIDC_CLIENT_ID. Useful for Docker Secrets.

Objetivo

OIDC_CLIENT_ID_FILE

Optional. Path to file containing the OIDC client secret. If set, takes priority over OIDC_CLIENT_SECRET. Useful for Docker Secrets.

Objetivo

OIDC_CLIENT_SECRET_FILE

Optional. Allows both SSO and local authentication methods.

Objetivo

SSO_FALLBACK_LOCAL

Por defecto

yes|no

Valor

yes

Optional. Comma-separated list of OIDC groups that should have admin privileges.

Objetivo

OIDC_ADMIN_GROUPS

Por defecto

admins

Valor

admins

Optional. Comma-separated list of OIDC roles that should have admin privileges.

Objetivo

OIDC_ADMIN_ROLES

Por defecto

admin

Valor

admin

Optional. Comma-separated list of OIDC groups allowed to access the application. If set, only users in these groups (or admins) can log in.

Objetivo

OIDC_USER_GROUPS

Optional. Comma-separated list of OIDC roles allowed to access the application. If set, only users with these roles (or admins) can log in.

Objetivo

OIDC_USER_ROLES

Scope to request for groups. Defaults to 'groups'. Set to empty string or 'no' to disable for providers like Entra ID that don't support the groups scope.

Objetivo

OIDC_GROUPS_SCOPE

Por defecto

groups

Valor

groups

Optional. Custom logout URL for global logout. Full URL to redirect to when logging out.

Objetivo

OIDC_LOGOUT_URL

URL of your LDAP server (e.g., ldap://ldap.example.com:389). Use ldaps:// on port 636 for TLS. Required when AUTH_MODE=ldap.

Objetivo

LDAP_URL

Distinguished name of the service account used to search the directory (e.g., cn=service,dc=example,dc=com). Required when AUTH_MODE=ldap.

Objetivo

LDAP_BIND_DN

Password of the LDAP service account. Required when AUTH_MODE=ldap (unless LDAP_BIND_PASSWORD_FILE is set).

Objetivo

LDAP_BIND_PASSWORD

Optional. Path to a file containing the LDAP service account password. Takes priority over LDAP_BIND_PASSWORD. Useful for Docker Secrets.

Objetivo

LDAP_BIND_PASSWORD_FILE

Base DN under which to search for users (e.g., ou=users,dc=example,dc=com). Required when AUTH_MODE=ldap.

Objetivo

LDAP_BASE_DN

Optional. The LDAP attribute matched against the submitted username. Defaults to 'uid'. Use 'sAMAccountName' for Active Directory.

Objetivo

LDAP_USER_ATTRIBUTE

Por defecto

uid

Optional. Pipe-separated list of group DNs granted admin rights on first login (e.g., cn=admins,ou=groups,dc=example,dc=com). Use '|' as separator since DNs contain commas. Requires memberof overlay on the LDAP server.

Objetivo

LDAP_ADMIN_GROUPS

Optional. Pipe-separated list of group DNs allowed to log in. Only members of these groups (or admin groups) can authenticate. Requires memberof overlay on the LDAP server.

Objetivo

LDAP_USER_GROUPS

Optional. Path (inside the container) to a CA certificate file. Use this for LDAPS with a self-signed certificate (e.g., /app/config/ldap-ca.crt).

Objetivo

NODE_EXTRA_CA_CERTS

Use if getting 403 errors after SSO login: Set to http://localhost:3000

Objetivo

INTERNAL_API_URL