You can change 1122 to any available port on your host system.

Cible

3000

Défaut

1122

Valeur

1122

Cible

/app/data

Valeur

/mnt/user/appdata/jotty/data

Cible

/app/config

Valeur

/mnt/user/appdata/jotty/config

Cible

/app/.next/cache

Valeur

/mnt/user/appdata/jotty/cache

Sets the Node.js environment to production mode for optimal performance and security.

Défaut

production

Valeur

production

Process User ID that the container will run as.

Défaut

99

Valeur

99

Process Group ID that the container will run as.

Défaut

100

Valeur

100

Sets the default file creation mask.

Défaut

002

Valeur

002

Enables HTTPS mode for secure connections.

Défaut

false|true

Valeur

false

Base URL of your jotty·page instance. Required for secure session (https) and SSO. Include the https://

Cible

APP_URL

Allows public access to uploaded images via direct URLs.

Cible

SERVE_PUBLIC_IMAGES

Défaut

yes|no

Valeur

yes

Allows public access to uploaded files via direct URLs.

Cible

SERVE_PUBLIC_VIDEOS

Défaut

yes|no

Valeur

yes

Allows public access to uploaded files via direct URLs.

Cible

SERVE_PUBLIC_FILES

Défaut

yes|no

Valeur

yes

If set to yes stops the github api call and won't give you a toast when a new update is available.

Cible

STOP_CHECK_UPDATES

Défaut

no|yes

Valeur

no

Optional. Disables brute force protection for local login authentication. By default, accounts are temporarily locked after 3 failed login attempts with exponential delays (10s, 30s, 60s, etc.). Set to true to completely disable this security feature.

Cible

DISABLE_BRUTEFORCE_PROTECTION

Défaut

false|true

Valeur

false

Optional. Sets the default language for the application (e.g., on the login page) when no user is logged in or a user hasn't set a preference.

Cible

DEFAULT_LOCALE

Défaut

en

Valeur

en

Optional. Enables zooming on the PWA for accessibility reasons.

Cible

ENABLE_PWA_ZOOM

Défaut

no|yes

Valeur

no

Enables OIDC (OpenID Connect) single sign-on or LDAP/Active Directory authentication. Set to 'oidc' or 'ldap'. Supersedes SSO_MODE.

Cible

AUTH_MODE

Défaut

|oidc|ldap

Legacy fallback for AUTH_MODE. Kept for backward compatibility with existing setups — prefer AUTH_MODE for new installs. Leave empty if AUTH_MODE is set.

Cible

SSO_MODE

Défaut

|oidc

URL of your OIDC provider (e.g., Authentik, Auth0, Keycloak).

Cible

OIDC_ISSUER

Client ID from your OIDC provider configuration.

Cible

OIDC_CLIENT_ID

Optional. Client secret for confidential OIDC client authentication.

Cible

OIDC_CLIENT_SECRET

Optional. Path to file containing the OIDC client ID. If set, takes priority over OIDC_CLIENT_ID. Useful for Docker Secrets.

Cible

OIDC_CLIENT_ID_FILE

Optional. Path to file containing the OIDC client secret. If set, takes priority over OIDC_CLIENT_SECRET. Useful for Docker Secrets.

Cible

OIDC_CLIENT_SECRET_FILE

Optional. Allows both SSO and local authentication methods.

Cible

SSO_FALLBACK_LOCAL

Défaut

yes|no

Valeur

yes

Optional. Comma-separated list of OIDC groups that should have admin privileges.

Cible

OIDC_ADMIN_GROUPS

Défaut

admins

Valeur

admins

Optional. Comma-separated list of OIDC roles that should have admin privileges.

Cible

OIDC_ADMIN_ROLES

Défaut

admin

Valeur

admin

Optional. Comma-separated list of OIDC groups allowed to access the application. If set, only users in these groups (or admins) can log in.

Cible

OIDC_USER_GROUPS

Optional. Comma-separated list of OIDC roles allowed to access the application. If set, only users with these roles (or admins) can log in.

Cible

OIDC_USER_ROLES

Scope to request for groups. Defaults to 'groups'. Set to empty string or 'no' to disable for providers like Entra ID that don't support the groups scope.

Cible

OIDC_GROUPS_SCOPE

Défaut

groups

Valeur

groups

Optional. Custom logout URL for global logout. Full URL to redirect to when logging out.

Cible

OIDC_LOGOUT_URL

URL of your LDAP server (e.g., ldap://ldap.example.com:389). Use ldaps:// on port 636 for TLS. Required when AUTH_MODE=ldap.

Cible

LDAP_URL

Distinguished name of the service account used to search the directory (e.g., cn=service,dc=example,dc=com). Required when AUTH_MODE=ldap.

Cible

LDAP_BIND_DN

Password of the LDAP service account. Required when AUTH_MODE=ldap (unless LDAP_BIND_PASSWORD_FILE is set).

Cible

LDAP_BIND_PASSWORD

Optional. Path to a file containing the LDAP service account password. Takes priority over LDAP_BIND_PASSWORD. Useful for Docker Secrets.

Cible

LDAP_BIND_PASSWORD_FILE

Base DN under which to search for users (e.g., ou=users,dc=example,dc=com). Required when AUTH_MODE=ldap.

Cible

LDAP_BASE_DN

Optional. The LDAP attribute matched against the submitted username. Defaults to 'uid'. Use 'sAMAccountName' for Active Directory.

Cible

LDAP_USER_ATTRIBUTE

Défaut

uid

Optional. Pipe-separated list of group DNs granted admin rights on first login (e.g., cn=admins,ou=groups,dc=example,dc=com). Use '|' as separator since DNs contain commas. Requires memberof overlay on the LDAP server.

Cible

LDAP_ADMIN_GROUPS

Optional. Pipe-separated list of group DNs allowed to log in. Only members of these groups (or admin groups) can authenticate. Requires memberof overlay on the LDAP server.

Cible

LDAP_USER_GROUPS

Optional. Path (inside the container) to a CA certificate file. Use this for LDAPS with a self-signed certificate (e.g., /app/config/ldap-ca.crt).

Cible

NODE_EXTRA_CA_CERTS

Use if getting 403 errors after SSO login: Set to http://localhost:3000

Cible

INTERNAL_API_URL