Self-Host Configuration
Configuring your self-hosted instance of Enclosed allows you to customize the application to better suit your environment and requirements. This guide covers the key environment variables you can set to control various aspects of the application, including port settings, security options, and storage configurations.
Environment Variables
Enclosed is configured primarily through environment variables. Below is a list of the available variables, along with their descriptions and default values.
Environment variable | Documentation |
---|---|
PORT |
The port to listen on when using node server. Default value: 8787 . |
SERVER_API_ROUTES_TIMEOUT_MS |
The maximum time in milliseconds for a route to complete before timing out. Default value: 5000 . |
SERVER_CORS_ORIGINS |
The CORS origin for the api server. |
NOTES_MAX_ENCRYPTED_PAYLOAD_LENGTH |
The maximum length of the encrypted payload of a note allowed by the api. Default value: 52428800 . |
TASK_DELETE_EXPIRED_NOTES_ENABLED |
Whether to enable a periodic task to delete expired notes (not available for cloudflare). Default value: true . |
TASK_DELETE_EXPIRED_NOTES_CRON |
The frequency with which to run the task to delete expired notes (cron syntax). Default value: 0 * * * * . |
TASK_DELETE_EXPIRED_NOTES_RUN_ON_STARTUP |
Whether the task to delete expired notes should run on startup. Default value: true . |
STORAGE_DRIVER_FS_LITE_PATH |
The path to the directory where the data will be stored (only in node env). Default value: ./.data . |
STORAGE_DRIVER_CLOUDFLARE_KV_BINDING |
The name of the Cloudflare KV binding to use (only in cloudflare env). Default value: notes . |
PUBLIC_BASE_API_URL |
The base URL of the public api, can be an absolute URL (like https://example.com/enclosed ) or a path (like /enclosed ). Default value: / . |
PUBLIC_IS_AUTHENTICATION_REQUIRED |
Whether to require authentication to access the public api. Default value: false . |
PUBLIC_DEFAULT_DELETE_NOTE_AFTER_READING |
The default value for the Delete note after reading checkbox in the note creation form. Default value: false . |
PUBLIC_DEFAULT_NOTE_TTL_SECONDS |
The default value for the expiration time of a note in seconds, the value must be one of: 3600 (1 hour), 86400 (1 day), 604800 (1 week), 2592000 (1 month). Default value: 3600 . |
PUBLIC_IS_SETTING_NO_EXPIRATION_ALLOWED |
Whether to allow the user to set the note to never expire. Default value: true . |
PUBLIC_DEFAULT_NOTE_NO_EXPIRATION |
The default value for the No expiration checkbox in the note creation form (only used if setting no expiration is allowed). Default value: false . |
AUTHENTICATION_JWT_SECRET |
The secret used to sign the JWT tokens. Default value: change-me . |
AUTHENTICATION_JWT_DURATION_SECONDS |
The duration in seconds for which the JWT token is valid. Default value: 604800 . |
AUTHENTICATION_USERS |
The list of users allowed to authenticate. Comma-separated list of email and bcrypt password hash, like: email1:passwordHash1,email2:passwordHash2 . Easily generate the value for this env variable here: https://docs.enclosed.cc/self-hosting/users-authentication-key-generator. |
Applying Configuration Changes
To apply your configuration changes, ensure that you have exported the environment variables in your shell or included them in your environment configuration file. Then, restart your Enclosed instance to apply the changes.
For Docker deployments, you can pass the environment variables directly when running the container:
docker run \
-d --name enclosed \
--restart unless-stopped \
-p 8787:8787 \
-v /path/to/local/data:/app/.data \
-e SERVER_CORS_ORIGINS="https://example.com" \
ghcr.io/corentin-th/enclosed
Next Steps
Once your instance is configured, you can proceed to explore advanced deployment options or set up monitoring to ensure your Enclosed instance runs smoothly. For a more complex setup, consider using Docker Compose or deploying on a cloud provider.