1 # Full list of environment variables that can be used with BookStack.
2 # Selectively copy these to your '.env' file as required.
3 # Each option is shown with it's default value.
4 # Do not copy this whole file to use as your '.env' file.
6 # Application environment
7 # Can be 'production', 'development', 'testing' or 'demo'
11 # Shows advanced debug information and errors.
12 # CAN EXPOSE OTHER VARIABLES, LEAVE DISABLED
16 # Used for encryption where needed.
17 # Run `php artisan key:generate` to generate a valid key.
18 APP_KEY=SomeRandomString
21 # This must be the root URL that you want to host BookStack on.
22 # All URL's in BookStack will be generated using this value.
23 APP_URL=https://example.com
25 # Application default language
26 # The default language choice to show.
27 # May be overridden by user-preference or visitor browser settings.
30 # Auto-detect language for public visitors.
31 # Uses browser-sent headers to infer a language.
32 # APP_LANG will be used if such a header is not provided.
33 APP_AUTO_LANG_PUBLIC=true
35 # Application timezone
36 # Used where dates are displayed such as on exported content.
37 # Valid timezone values can be found here: https://www.php.net/manual/en/timezones.php
41 # Used to specific a themes/<APP_THEME> folder where BookStack UI
42 # overrides can be made. Defaults to disabled.
46 # Used to indicate trust of systems that proxy to the application so
47 # certain header values (Such as "X-Forwarded-For") can be used from the
48 # incoming proxy request to provide origin detail.
49 # Set to an IP address, or multiple comma seperated IP addresses.
50 # Can alternatively be set to "*" to trust all proxy addresses.
54 # Host can contain a port (localhost:3306) or a separate DB_PORT option can be used.
57 DB_DATABASE=database_database
58 DB_USERNAME=database_username
59 DB_PASSWORD=database_user_password
61 # MySQL specific connection options
62 # Path to Certificate Authority (CA) certificate file for your MySQL instance.
63 # When this option is used host name identity verification will be performed
64 # which checks the hostname, used by the client, against names within the
65 # certificate itself (Common Name or Subject Alternative Name).
66 MYSQL_ATTR_SSL_CA="/path/to/ca.pem"
69 # Can be 'smtp' or 'sendmail'
72 # Mail sending options
74 MAIL_FROM_NAME=BookStack
83 # Command to use when email is sent via sendmail
84 MAIL_SENDMAIL_COMMAND="/usr/sbin/sendmail -bs"
86 # Cache & Session driver to use
87 # Can be 'file', 'database', 'memcached' or 'redis'
91 # Session configuration
93 SESSION_COOKIE_NAME=bookstack_session
94 SESSION_SECURE_COOKIE=false
97 # Can be used to prevent conflicts multiple BookStack instances use the same store.
98 CACHE_PREFIX=bookstack
100 # Memcached server configuration
101 # If using a UNIX socket path for the host, set the port to 0
102 # This follows the following format: HOST:PORT:WEIGHT
103 # For multiple servers separate with a comma
104 MEMCACHED_SERVERS=127.0.0.1:11211:100
106 # Redis server configuration
107 # This follows the following format: HOST:PORT:DATABASE
108 # or, if using a password: HOST:PORT:DATABASE:PASSWORD
109 # For multiple servers separate with a comma. These will be clustered.
110 REDIS_SERVERS=127.0.0.1:6379:0
112 # Queue driver to use
113 # Can be 'sync', 'database' or 'redis'
114 QUEUE_CONNECTION=sync
116 # Storage system to use
117 # Can be 'local', 'local_secure' or 's3'
120 # Image storage system to use
121 # Defaults to the value of STORAGE_TYPE if unset.
122 # Accepts the same values as STORAGE_TYPE.
123 STORAGE_IMAGE_TYPE=local
125 # Attachment storage system to use
126 # Defaults to the value of STORAGE_TYPE if unset.
127 # Accepts the same values as STORAGE_TYPE although 'local' will be forced to 'local_secure'.
128 STORAGE_ATTACHMENT_TYPE=local_secure
130 # Amazon S3 storage configuration
131 STORAGE_S3_KEY=your-s3-key
132 STORAGE_S3_SECRET=your-s3-secret
133 STORAGE_S3_BUCKET=s3-bucket-name
134 STORAGE_S3_REGION=s3-bucket-region
136 # S3 endpoint to use for storage calls
137 # Only set this if using a non-Amazon s3-compatible service such as Minio
138 STORAGE_S3_ENDPOINT=https://my-custom-s3-compatible.service.com:8001
141 # Used as a base for any generated image urls.
142 # An s3-format URL will be generated if not set.
145 # Authentication method to use
146 # Can be 'standard', 'ldap', 'saml2' or 'oidc'
149 # Automatically initiate login via external auth system if it's the only auth method.
150 # Works with saml2 or oidc auth methods.
151 AUTH_AUTO_INITIATE=false
153 # Social authentication configuration
154 # All disabled by default.
155 # Refer to https://www.bookstackapp.com/docs/admin/third-party-auth/
158 AZURE_APP_SECRET=false
160 AZURE_AUTO_REGISTER=false
161 AZURE_AUTO_CONFIRM_EMAIL=false
164 DISCORD_APP_SECRET=false
165 DISCORD_AUTO_REGISTER=false
166 DISCORD_AUTO_CONFIRM_EMAIL=false
168 FACEBOOK_APP_ID=false
169 FACEBOOK_APP_SECRET=false
170 FACEBOOK_AUTO_REGISTER=false
171 FACEBOOK_AUTO_CONFIRM_EMAIL=false
174 GITHUB_APP_SECRET=false
175 GITHUB_AUTO_REGISTER=false
176 GITHUB_AUTO_CONFIRM_EMAIL=false
179 GITLAB_APP_SECRET=false
180 GITLAB_BASE_URI=false
181 GITLAB_AUTO_REGISTER=false
182 GITLAB_AUTO_CONFIRM_EMAIL=false
185 GOOGLE_APP_SECRET=false
186 GOOGLE_SELECT_ACCOUNT=false
187 GOOGLE_AUTO_REGISTER=false
188 GOOGLE_AUTO_CONFIRM_EMAIL=false
192 OKTA_APP_SECRET=false
193 OKTA_AUTO_REGISTER=false
194 OKTA_AUTO_CONFIRM_EMAIL=false
197 SLACK_APP_SECRET=false
198 SLACK_AUTO_REGISTER=false
199 SLACK_AUTO_CONFIRM_EMAIL=false
202 TWITCH_APP_SECRET=false
203 TWITCH_AUTO_REGISTER=false
204 TWITCH_AUTO_CONFIRM_EMAIL=false
207 TWITTER_APP_SECRET=false
208 TWITTER_AUTO_REGISTER=false
209 TWITTER_AUTO_CONFIRM_EMAIL=false
211 # LDAP authentication configuration
212 # Refer to https://www.bookstackapp.com/docs/admin/ldap-auth/
217 LDAP_USER_FILTER=false
220 LDAP_TLS_INSECURE=false
221 LDAP_ID_ATTRIBUTE=uid
222 LDAP_EMAIL_ATTRIBUTE=mail
223 LDAP_DISPLAY_NAME_ATTRIBUTE=cn
224 LDAP_THUMBNAIL_ATTRIBUTE=null
225 LDAP_FOLLOW_REFERRALS=true
226 LDAP_DUMP_USER_DETAILS=false
228 # LDAP group sync configuration
229 # Refer to https://www.bookstackapp.com/docs/admin/ldap-auth/
230 LDAP_USER_TO_GROUPS=false
231 LDAP_GROUP_ATTRIBUTE="memberOf"
232 LDAP_REMOVE_FROM_GROUPS=false
233 LDAP_DUMP_USER_GROUPS=false
235 # SAML authentication configuration
236 # Refer to https://www.bookstackapp.com/docs/admin/saml2-auth/
238 SAML2_EMAIL_ATTRIBUTE=email
239 SAML2_DISPLAY_NAME_ATTRIBUTES=username
240 SAML2_EXTERNAL_ID_ATTRIBUTE=null
241 SAML2_IDP_ENTITYID=null
245 SAML2_ONELOGIN_OVERRIDES=null
246 SAML2_DUMP_USER_DETAILS=false
247 SAML2_AUTOLOAD_METADATA=false
248 SAML2_IDP_AUTHNCONTEXT=true
250 SAML2_SP_x509_KEY=null
252 # SAML group sync configuration
253 # Refer to https://www.bookstackapp.com/docs/admin/saml2-auth/
254 SAML2_USER_TO_GROUPS=false
255 SAML2_GROUP_ATTRIBUTE=group
256 SAML2_REMOVE_FROM_GROUPS=false
258 # OpenID Connect authentication configuration
259 # Refer to https://www.bookstackapp.com/docs/admin/oidc-auth/
261 OIDC_DISPLAY_NAME_CLAIMS=name
263 OIDC_CLIENT_SECRET=null
265 OIDC_ISSUER_DISCOVER=false
267 OIDC_AUTH_ENDPOINT=null
268 OIDC_TOKEN_ENDPOINT=null
269 OIDC_ADDITIONAL_SCOPES=null
270 OIDC_DUMP_USER_DETAILS=false
271 OIDC_USER_TO_GROUPS=false
272 OIDC_GROUPS_CLAIM=groups
273 OIDC_REMOVE_FROM_GROUPS=false
274 OIDC_EXTERNAL_ID_CLAIM=sub
276 # Disable default third-party services such as Gravatar and Draw.IO
277 # Service-specific options will override this option
278 DISABLE_EXTERNAL_SERVICES=false
280 # Use custom avatar service, Sets fetch URL
281 # Possible placeholders: ${hash} ${size} ${email}
282 # If set, Avatars will be fetched regardless of DISABLE_EXTERNAL_SERVICES option.
283 # Example: AVATAR_URL=https://seccdn.libravatar.org/avatar/${hash}?s=${size}&d=identicon
286 # Enable diagrams.net integration
287 # Can simply be true/false to enable/disable the integration.
288 # Alternatively, It can be URL to the diagrams.net instance you want to use.
289 # For URLs, The following URL parameters should be included: embed=1&proto=json&spin=1&configure=1
292 # Default item listing view
293 # Used for public visitors and user's without a preference.
294 # Can be 'list' or 'grid'.
296 APP_VIEWS_BOOKSHELVES=grid
297 APP_VIEWS_BOOKSHELF=grid
299 # Use dark mode by default
300 # Will be overriden by any user/session preference.
301 APP_DEFAULT_DARK_MODE=false
303 # Page revision limit
304 # Number of page revisions to keep in the system before deleting old revisions.
305 # If set to 'false' a limit will not be enforced.
308 # Recycle Bin Lifetime
309 # The number of days that content will remain in the recycle bin before
310 # being considered for auto-removal. It is not a guarantee that content will
311 # be removed after this time.
312 # Set to 0 for no recycle bin functionality.
313 # Set to -1 for unlimited recycle bin lifetime.
314 RECYCLE_BIN_LIFETIME=30
317 # Maximum file size, in megabytes, that can be uploaded to the system.
318 FILE_UPLOAD_SIZE_LIMIT=50
321 # Primarily used to determine page size of PDF exports.
322 # Can be 'a4' or 'letter'.
325 # Allow <script> tags in page content
326 # Note, if set to 'true' the page editor may still escape scripts.
327 ALLOW_CONTENT_SCRIPTS=false
329 # Indicate if robots/crawlers should crawl your instance.
330 # Can be 'true', 'false' or 'null'.
331 # The behaviour of the default 'null' option will depend on the 'app-public' admin setting.
332 # Contents of the robots.txt file can be overridden, making this option obsolete.
335 # Allow server-side fetches to be performed to potentially unknown
336 # and user-provided locations. Primarily used in exports when loading
337 # in externally referenced assets.
338 # Can be 'true' or 'false'.
339 ALLOW_UNTRUSTED_SERVER_FETCHING=false
341 # A list of hosts that BookStack can be iframed within.
342 # Space separated if multiple. BookStack host domain is auto-inferred.
343 # For Example: ALLOWED_IFRAME_HOSTS="https://example.com https://a.example.com"
344 # Setting this option will also auto-adjust cookies to be SameSite=None.
345 ALLOWED_IFRAME_HOSTS=null
347 # A list of sources/hostnames that can be loaded within iframes within BookStack.
348 # Space separated if multiple. BookStack host domain is auto-inferred.
349 # Can be set to a lone "*" to allow all sources for iframe content (Not advised).
350 # Defaults to a set of common services.
351 # Current host and source for the "DRAWIO" setting will be auto-appended to the sources configured.
352 ALLOWED_IFRAME_SOURCES="https://*.draw.io https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com"
354 # The default and maximum item-counts for listing API requests.
355 API_DEFAULT_ITEM_COUNT=100
356 API_MAX_ITEM_COUNT=500
358 # The number of API requests that can be made per minute by a single user.
359 API_REQUESTS_PER_MIN=180
361 # Enable the logging of failed email+password logins with the given message.
362 # The default log channel below uses the php 'error_log' function which commonly
363 # results in messages being output to the webserver error logs.
364 # The message can contain a %u parameter which will be replaced with the login
365 # user identifier (Username or email).
366 LOG_FAILED_LOGIN_MESSAGE=false
367 LOG_FAILED_LOGIN_CHANNEL=errorlog_plain_webserver
369 # Alter the precision of IP addresses stored by BookStack.
370 # Should be a number between 0 and 4, where 4 retains the full IP address
371 # and 0 completely hides the IP address. As an example, a value of 2 for the
372 # IP address '146.191.42.4' would result in '146.191.x.x' being logged.
373 # For the IPv6 address '2001:db8:85a3:8d3:1319:8a2e:370:7348' this would result as:
374 # '2001:db8:85a3:8d3:x:x:x:x'
375 IP_ADDRESS_PRECISION=4
projects / bookstack / blob