You can change 1122 to any available port on your host system.

目标

3000

默认值

1122

价值

1122

目标

/app/data

价值

/mnt/user/appdata/jotty/data

目标

/app/config

价值

/mnt/user/appdata/jotty/config

目标

/app/.next/cache

价值

/mnt/user/appdata/jotty/cache

Sets the Node.js environment to production mode for optimal performance and security.

默认值

production

价值

production

Process User ID that the container will run as.

默认值

99

价值

99

Process Group ID that the container will run as.

默认值

100

价值

100

Sets the default file creation mask.

默认值

002

价值

002

Enables HTTPS mode for secure connections.

默认值

false|true

价值

false

Base URL of your jotty·page instance. Required for secure session (https) and SSO. Include the https://

目标

APP_URL

Allows public access to uploaded images via direct URLs.

目标

SERVE_PUBLIC_IMAGES

默认值

yes|no

价值

yes

Allows public access to uploaded files via direct URLs.

目标

SERVE_PUBLIC_VIDEOS

默认值

yes|no

价值

yes

Allows public access to uploaded files via direct URLs.

目标

SERVE_PUBLIC_FILES

默认值

yes|no

价值

yes

If set to yes stops the github api call and won't give you a toast when a new update is available.

目标

STOP_CHECK_UPDATES

默认值

no|yes

价值

no

Optional. Disables brute force protection for local login authentication. By default, accounts are temporarily locked after 3 failed login attempts with exponential delays (10s, 30s, 60s, etc.). Set to true to completely disable this security feature.

目标

DISABLE_BRUTEFORCE_PROTECTION

默认值

false|true

价值

false

Optional. Sets the default language for the application (e.g., on the login page) when no user is logged in or a user hasn't set a preference.

目标

DEFAULT_LOCALE

默认值

en

价值

en

Optional. Enables zooming on the PWA for accessibility reasons.

目标

ENABLE_PWA_ZOOM

默认值

no|yes

价值

no

Enables OIDC (OpenID Connect) single sign-on or LDAP/Active Directory authentication. Set to 'oidc' or 'ldap'. Supersedes SSO_MODE.

目标

AUTH_MODE

默认值

|oidc|ldap

Legacy fallback for AUTH_MODE. Kept for backward compatibility with existing setups — prefer AUTH_MODE for new installs. Leave empty if AUTH_MODE is set.

目标

SSO_MODE

默认值

|oidc

URL of your OIDC provider (e.g., Authentik, Auth0, Keycloak).

目标

OIDC_ISSUER

Client ID from your OIDC provider configuration.

目标

OIDC_CLIENT_ID

Optional. Client secret for confidential OIDC client authentication.

目标

OIDC_CLIENT_SECRET

Optional. Path to file containing the OIDC client ID. If set, takes priority over OIDC_CLIENT_ID. Useful for Docker Secrets.

目标

OIDC_CLIENT_ID_FILE

Optional. Path to file containing the OIDC client secret. If set, takes priority over OIDC_CLIENT_SECRET. Useful for Docker Secrets.

目标

OIDC_CLIENT_SECRET_FILE

Optional. Allows both SSO and local authentication methods.

目标

SSO_FALLBACK_LOCAL

默认值

yes|no

价值

yes

Optional. Comma-separated list of OIDC groups that should have admin privileges.

目标

OIDC_ADMIN_GROUPS

默认值

admins

价值

admins

Optional. Comma-separated list of OIDC roles that should have admin privileges.

目标

OIDC_ADMIN_ROLES

默认值

admin

价值

admin

Optional. Comma-separated list of OIDC groups allowed to access the application. If set, only users in these groups (or admins) can log in.

目标

OIDC_USER_GROUPS

Optional. Comma-separated list of OIDC roles allowed to access the application. If set, only users with these roles (or admins) can log in.

目标

OIDC_USER_ROLES

Scope to request for groups. Defaults to 'groups'. Set to empty string or 'no' to disable for providers like Entra ID that don't support the groups scope.

目标

OIDC_GROUPS_SCOPE

默认值

groups

价值

groups

Optional. Custom logout URL for global logout. Full URL to redirect to when logging out.

目标

OIDC_LOGOUT_URL

URL of your LDAP server (e.g., ldap://ldap.example.com:389). Use ldaps:// on port 636 for TLS. Required when AUTH_MODE=ldap.

目标

LDAP_URL

Distinguished name of the service account used to search the directory (e.g., cn=service,dc=example,dc=com). Required when AUTH_MODE=ldap.

目标

LDAP_BIND_DN

Password of the LDAP service account. Required when AUTH_MODE=ldap (unless LDAP_BIND_PASSWORD_FILE is set).

目标

LDAP_BIND_PASSWORD

Optional. Path to a file containing the LDAP service account password. Takes priority over LDAP_BIND_PASSWORD. Useful for Docker Secrets.

目标

LDAP_BIND_PASSWORD_FILE

Base DN under which to search for users (e.g., ou=users,dc=example,dc=com). Required when AUTH_MODE=ldap.

目标

LDAP_BASE_DN

Optional. The LDAP attribute matched against the submitted username. Defaults to 'uid'. Use 'sAMAccountName' for Active Directory.

目标

LDAP_USER_ATTRIBUTE

默认值

uid

Optional. Pipe-separated list of group DNs granted admin rights on first login (e.g., cn=admins,ou=groups,dc=example,dc=com). Use '|' as separator since DNs contain commas. Requires memberof overlay on the LDAP server.

目标

LDAP_ADMIN_GROUPS

Optional. Pipe-separated list of group DNs allowed to log in. Only members of these groups (or admin groups) can authenticate. Requires memberof overlay on the LDAP server.

目标

LDAP_USER_GROUPS

Optional. Path (inside the container) to a CA certificate file. Use this for LDAPS with a self-signed certificate (e.g., /app/config/ldap-ca.crt).

目标

NODE_EXTRA_CA_CERTS

Use if getting 403 errors after SSO login: Set to http://localhost:3000

目标

INTERNAL_API_URL