From 439a94f94e982b7a89e4f7bc71e26679ddb3b5e5 Mon Sep 17 00:00:00 2001 From: Salim B Date: Wed, 15 May 2024 18:07:36 +0200 Subject: [PATCH 01/14] refactor: ensure litestream binary is on PATH --- packages/nocodb/Dockerfile | 4 ++-- packages/nocodb/docker/start-litestream.sh | 4 ++-- packages/nocodb/litestream/Dockerfile | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/packages/nocodb/Dockerfile b/packages/nocodb/Dockerfile index 1f1f271fe2..5a31b6f6ab 100644 --- a/packages/nocodb/Dockerfile +++ b/packages/nocodb/Dockerfile @@ -61,8 +61,8 @@ RUN apk --update --no-cache add \ nodejs \ dumb-init -# Copy litestream binary build -COPY --from=lt-builder /usr/src/lt /usr/src/appEntry/litestream +# Copy litestream binary +COPY --from=lt-builder /usr/src/lt /usr/local/bin/litestream # Copy production code & main entry file COPY --from=builder /usr/src/app/ /usr/src/app/ COPY --from=builder /usr/src/appEntry/ /usr/src/appEntry/ diff --git a/packages/nocodb/docker/start-litestream.sh b/packages/nocodb/docker/start-litestream.sh index 7acb7a72c7..db5987faef 100644 --- a/packages/nocodb/docker/start-litestream.sh +++ b/packages/nocodb/docker/start-litestream.sh @@ -15,12 +15,12 @@ if [ -n "${AWS_ACCESS_KEY_ID}" ] && [ -n "${AWS_SECRET_ACCESS_KEY}" ] && [ -n "$ rm "${NC_TOOL_DIR}noco.db-wal" fi - /usr/src/appEntry/litestream restore -o "${NC_TOOL_DIR}noco.db" "s3://$AWS_BUCKET/$AWS_BUCKET_PATH" + litestream restore -o "${NC_TOOL_DIR}noco.db" "s3://$AWS_BUCKET/$AWS_BUCKET_PATH" if [ ! -f "${NC_TOOL_DIR}noco.db" ] then touch "${NC_TOOL_DIR}noco.db" fi - /usr/src/appEntry/litestream replicate "${NC_TOOL_DIR}noco.db" "s3://$AWS_BUCKET/$AWS_BUCKET_PATH" & + litestream replicate "${NC_TOOL_DIR}noco.db" "s3://$AWS_BUCKET/$AWS_BUCKET_PATH" & fi node docker/main.js diff --git a/packages/nocodb/litestream/Dockerfile b/packages/nocodb/litestream/Dockerfile index 23b9200e3f..116dc8ea1f 100644 --- a/packages/nocodb/litestream/Dockerfile +++ b/packages/nocodb/litestream/Dockerfile @@ -84,8 +84,8 @@ RUN apk --update --no-cache add \ nodejs \ tar -# Copy litestream binary build -COPY --from=lt /usr/src/lt /usr/src/appEntry/litestream +# Copy litestream binary +COPY --from=lt /usr/src/lt /usr/local/bin/litestream # Copy production code & main entry file COPY --from=builder /usr/src/app/ /usr/src/app/ COPY --from=builder /usr/src/appEntry/ /usr/src/appEntry/ From ac7112963b3b24947dfb90007d29be8c9627e1f3 Mon Sep 17 00:00:00 2001 From: Salim B Date: Wed, 15 May 2024 23:50:08 +0200 Subject: [PATCH 02/14] feat: expose Litestream configuration --- .../020.environment-variables.md | 124 +++++++++--------- packages/nocodb/Dockerfile | 17 ++- packages/nocodb/docker/litestream.yml | 22 ++++ packages/nocodb/docker/start-litestream.sh | 14 +- packages/nocodb/litestream/Dockerfile | 22 ++-- 5 files changed, 117 insertions(+), 82 deletions(-) create mode 100644 packages/nocodb/docker/litestream.yml diff --git a/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md b/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md index 8b66160ece..186a0f33cd 100644 --- a/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md +++ b/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md @@ -12,62 +12,68 @@ For production use-cases, it is **recommended** to configure - `NC_PUBLIC_URL`, - `NC_REDIS_URL` -| Variable | Comments | If absent | -|------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------| -| NC_DB | See our example database URLs [here](https://github.com/nocodb/nocodb#docker). | A local SQLite will be created in root folder if `NC_DB` is not provided | -| NC_DB_JSON | Can be used instead of `NC_DB` and value should be valid knex connection JSON | | -| NC_DB_JSON_FILE | Can be used instead of `NC_DB` and value should be a valid path to knex connection JSON | | -| DATABASE_URL | Can be used instead of `NC_DB` and value should be in JDBC URL format | | -| DATABASE_URL_FILE | Can be used instead of `DATABASE_URL` and value should be a valid path to file containing JDBC URL format. | | -| NC_AUTH_JWT_SECRET | JWT secret used for auth and storing other secrets | A random secret will be generated | -| PORT | For setting app running port | `8080` | -| DB_QUERY_LIMIT_DEFAULT | Pagination limit | 25 | -| DB_QUERY_LIMIT_GROUP_BY_GROUP | Group per page limit | 10 | -| DB_QUERY_LIMIT_GROUP_BY_RECORD | Record per group limit | 10 | -| DB_QUERY_LIMIT_MAX | Maximum allowed pagination limit | 1000 | -| DB_QUERY_LIMIT_MIN | Minimum allowed pagination limit | 1 | -| NC_TOOL_DIR | App directory to keep metadata and app related files | Defaults to current working directory. In docker maps to `/usr/app/data/` for mounting volume. | -| NC_PUBLIC_URL | Used for sending Email invitations | Best guess from http request params | -| NC_JWT_EXPIRES_IN | JWT token expiry time | `10h` | -| NC_CONNECT_TO_EXTERNAL_DB_DISABLED | Disable Project creation with external database | | -| NC_INVITE_ONLY_SIGNUP | Removed since version 0.99.0 and now it's recommended to use [super admin settings menu](/account-settings/oss-specific-details#enable--disable-signup). Allow users to signup only via invite URL, value should be any non-empty string. | | -| NUXT_PUBLIC_NC_BACKEND_URL | Custom Backend URL | ``http://localhost:8080`` will be used | -| NC_REQUEST_BODY_SIZE | Request body size [limit](https://expressjs.com/en/resources/middleware/body-parser.html#limit) | `1048576` | -| NC_EXPORT_MAX_TIMEOUT | After NC_EXPORT_MAX_TIMEOUT, CSV gets downloaded in batches | Default value 5000(in millisecond) will be used | -| NC_DISABLE_TELE | Disable telemetry | | -| NC_DASHBOARD_URL | Custom dashboard URL path | `/dashboard` | -| NC_GOOGLE_CLIENT_ID | Google client ID to enable Google authentication | | -| NC_GOOGLE_CLIENT_SECRET | Google client secret to enable Google authentication | | -| NC_MIGRATIONS_DISABLED | Disable NocoDB migration | | -| NC_MIN | If set to any non-empty string the default splash screen(initial welcome animation) and matrix screensaver will disable | | -| NC_SENTRY_DSN | For Sentry monitoring | | -| NC_REDIS_URL | Custom Redis URL. Example: `redis://:authpassword@127.0.0.1:6380/4` | Meta data will be stored in memory | -| NC_DISABLE_ERR_REPORT | Disable error reporting | | -| NC_DISABLE_CACHE | To be used only while debugging. On setting this to `true` - meta data be fetched from db instead of redis/cache. | `false` | -| AWS_ACCESS_KEY_ID | For Litestream - S3 access key id | If Litestream is configured and `NC_DB` is not present. SQLite gets backed up to S3 | -| AWS_SECRET_ACCESS_KEY | For Litestream - S3 secret access key | If Litestream is configured and `NC_DB` is not present. SQLite gets backed up to S3 | -| AWS_BUCKET | For Litestream - S3 bucket | If Litestream is configured and `NC_DB` is not present. SQLite gets backed up to S3 | -| AWS_BUCKET_PATH | For Litestream - S3 bucket path (like folder within S3 bucket) | If Litestream is configured and `NC_DB` is not present. SQLite gets backed up to S3 | -| NC_SMTP_FROM | For SMTP plugin - Email sender address | | -| NC_SMTP_HOST | For SMTP plugin - SMTP host value | | -| NC_SMTP_PORT | For SMTP plugin - SMTP port value | | -| NC_SMTP_USERNAME | For SMTP plugin (Optional) - SMTP username value for authentication | | -| NC_SMTP_PASSWORD | For SMTP plugin (Optional) - SMTP password value for authentication | | -| NC_SMTP_SECURE | For SMTP plugin (Optional) - To enable secure set value as `true` any other value treated as false | | -| NC_SMTP_IGNORE_TLS | For SMTP plugin (Optional) - To ignore tls set value as `true` any other value treated as false. For more info visit https://nodemailer.com/smtp/ | | -| NC_S3_BUCKET_NAME | For S3 storage plugin - AWS S3 bucket name | | -| NC_S3_REGION | For S3 storage plugin - AWS S3 region | | -| NC_S3_ACCESS_KEY | For S3 storage plugin - AWS access key credential for accessing resource | | -| NC_S3_ACCESS_SECRET | For S3 storage plugin - AWS access secret credential for accessing resource | | -| NC_ATTACHMENT_FIELD_SIZE | For setting the attachment field size(in Bytes) | Defaults to 20MB | -| NC_MAX_ATTACHMENTS_ALLOWED | Maximum Number of attachments per cell | | -| NC_ADMIN_EMAIL | For updating/creating super admin with provided email and password | | -| NC_ADMIN_PASSWORD | For updating/creating super admin with provided email and password. Your password should have at least 8 letters with one uppercase, one number and one special letter(Allowed special chars $&+,:;=?@#\|'.^*()%!_-" ) | | -| NODE_OPTIONS | For passing Node.js [options](https://nodejs.org/api/cli.html#node_optionsoptions) to instance | | -| NC_MINIMAL_DBS | Create a new SQLite file for each project. All the db files are stored in `nc_minimal_dbs` folder in current working directory. (This option restricts project creation on external sources) | | -| NC_DISABLE_AUDIT | Disable Audit Log | `false` | -| NC_AUTOMATION_LOG_LEVEL | Possible Values: `OFF`, `ERROR`, `ALL`. See [Webhooks](/automation/webhook/create-webhook#call-log) for details. | `OFF` | -| NC_SECURE_ATTACHMENTS | Allow accessing attachments only through presigned urls. To enable set value as `true` any other value treated as false. (⚠ this will make existing links inaccessible ⚠) | `false` | -| NC_ATTACHMENT_EXPIRE_SECONDS | How many seconds before expiring presigned attachment urls. (Attachments will expire in at least set seconds and at most 10mins after set time) | 7200 (2 hours) | -| NC_ALLOW_LOCAL_HOOKS | To enable set value as `true` any other value treated as false. (⚠ this will allow webhooks to call local links which can raise security issues ⚠) | `false` | -| NC_SANITIZE_COLUMN_NAME | Sanitize the column name during column creation. To enable set value as `true` any other value treated as false. | `true` | +| Variable | Description | If absent | +| -------- | ----------- | --------- | +| `NC_DB` | See our example database URLs [here](https://github.com/nocodb/nocodb#docker). | A local SQLite database will be created in root folder if `NC_DB` is not provided | +| `NC_DB_JSON` | Can be used instead of `NC_DB` and value should be valid knex connection JSON | | +| `NC_DB_JSON_FILE` | Can be used instead of `NC_DB` and value should be a valid path to knex connection JSON | | +| `DATABASE_URL` | Can be used instead of `NC_DB` and value should be in JDBC URL format | | +| `DATABASE_URL_FILE` | Can be used instead of `DATABASE_URL` and value should be a valid path to file containing JDBC URL format. | | +| `NC_AUTH_JWT_SECRET` | JWT secret used for auth and storing other secrets | A random secret will be generated | +| `PORT` | For setting app running port | `8080` | +| `DB_QUERY_LIMIT_DEFAULT` | Pagination limit | `25` | +| `DB_QUERY_LIMIT_GROUP_BY_GROUP` | Group per page limit | `10` | +| `DB_QUERY_LIMIT_GROUP_BY_RECORD` | Record per group limit | `10` | +| `DB_QUERY_LIMIT_MAX` | Maximum allowed pagination limit | `1000` | +| `DB_QUERY_LIMIT_MIN` | Minimum allowed pagination limit | `1` | +| `NC_TOOL_DIR` | App directory to keep metadata and app related files | Defaults to current working directory. In docker maps to `/usr/app/data/` for mounting volume. | +| `NC_PUBLIC_URL` | Used for sending Email invitations | Best guess from http request params | +| `NC_JWT_EXPIRES_IN` | JWT token expiry time | `10h` | +| `NC_CONNECT_TO_EXTERNAL_DB_DISABLED` | Disable Project creation with external database | | +| `NC_INVITE_ONLY_SIGNUP` | Removed since version 0.99.0 and now it's recommended to use [super admin settings menu](/account-settings/oss-specific-details#enable--disable-signup). Allow users to signup only via invite URL, value should be any non-empty string. | | +| `NUXT_PUBLIC_NC_BACKEND_URL` | Custom Backend URL | `http://localhost:8080` will be used | +| `NC_REQUEST_BODY_SIZE` | Request body size [limit](https://expressjs.com/en/resources/middleware/body-parser.html#limit) | `1048576` | +| `NC_EXPORT_MAX_TIMEOUT` | After `NC_EXPORT_MAX_TIMEOUT`, CSV gets downloaded in batches | Default value `5000` (in milliseconds) will be used | +| `NC_DISABLE_TELE` | Disable telemetry | | +| `NC_DASHBOARD_URL` | Custom dashboard URL path | `/dashboard` | +| `NC_GOOGLE_CLIENT_ID` | Google client ID to enable Google authentication | | +| `NC_GOOGLE_CLIENT_SECRET` | Google client secret to enable Google authentication | | +| `NC_MIGRATIONS_DISABLED` | Disable NocoDB migration | | +| `NC_MIN` | If set to any non-empty string the default splash screen (initial welcome animation) and matrix screensaver will disable | | +| `NC_SENTRY_DSN` | For Sentry monitoring | | +| `NC_REDIS_URL` | Custom Redis URL. Example: `redis://:authpassword@127.0.0.1:6380/4` | Meta data will be stored in memory | +| `NC_DISABLE_ERR_REPORT` | Disable error reporting | | +| `NC_DISABLE_CACHE` | To be used only while debugging. On setting this to `true` - meta data be fetched from db instead of redis/cache. | `false` | +| `NC_SMTP_FROM` | For SMTP plugin - Email sender address | | +| `NC_SMTP_HOST` | For SMTP plugin - SMTP host value | | +| `NC_SMTP_PORT` | For SMTP plugin - SMTP port value | | +| `NC_SMTP_USERNAME` | For SMTP plugin (Optional) - SMTP username value for authentication | | +| `NC_SMTP_PASSWORD` | For SMTP plugin (Optional) - SMTP password value for authentication | | +| `NC_SMTP_SECURE` | For SMTP plugin (Optional) - To enable secure set value as `true` any other value treated as false | | +| `NC_SMTP_IGNORE_TLS` | For SMTP plugin (Optional) - To ignore tls set value as `true` any other value treated as false. For more info visit https://nodemailer.com/smtp/ | | +| `NC_S3_BUCKET_NAME` | For S3 storage plugin - AWS S3 bucket name | | +| `NC_S3_REGION` | For S3 storage plugin - AWS S3 region | | +| `NC_S3_ACCESS_KEY` | For S3 storage plugin - AWS access key credential for accessing resource | | +| `NC_S3_ACCESS_SECRET` | For S3 storage plugin - AWS access secret credential for accessing resource | | +| `NC_ATTACHMENT_FIELD_SIZE` | For setting the attachment field size(in Bytes) | Defaults to 20MB | +| `NC_MAX_ATTACHMENTS_ALLOWED` | Maximum Number of attachments per cell | | +| `NC_ADMIN_EMAIL` | For updating/creating super admin with provided email and password | | +| `NC_ADMIN_PASSWORD` | For updating/creating super admin with provided email and password. Your password should have at least 8 letters with one uppercase, one number and one special letter. Allowed special characters include `$&+,:;=?@#\|'.^*()%!_-"`. ) | | +| `NODE_OPTIONS` | For passing Node.js [options](https://nodejs.org/api/cli.html#node_optionsoptions) to instance | | +| `NC_MINIMAL_DBS` | Create a new SQLite file for each project. All the db files are stored in `nc_minimal_dbs` folder in current working directory. (This option restricts project creation on external sources) | | +| `NC_DISABLE_AUDIT` | Disable Audit Log | `false` | +| `NC_AUTOMATION_LOG_LEVEL` | Possible Values: `OFF`, `ERROR`, `ALL`. See [Webhooks](/automation/webhook/create-webhook#call-log) for details. | `OFF` | +| `NC_SECURE_ATTACHMENTS` | Allow accessing attachments only through presigned urls. To enable set value as `true` any other value treated as false. (⚠ this will make existing links inaccessible ⚠) | `false` | +| `NC_ATTACHMENT_EXPIRE_SECONDS` | How many seconds before expiring presigned attachment urls. (Attachments will expire in at least set seconds and at most 10mins after set time) | 7200 (2 hours) | +| `NC_ALLOW_LOCAL_HOOKS` | To enable set value as `true` any other value treated as false. (⚠ this will allow webhooks to call local links which can raise security issues ⚠) | `false` | +| `NC_SANITIZE_COLUMN_NAME` | Sanitize the column name during column creation. To enable set value as `true` any other value treated as false. | `true` | +| `LITESTREAM_S3_ENDPOINT` | URL of an S3-compatible object storage service endpoint like `s3.eu-central-1.amazonaws.com`. | *Litestream replication is disabled if this variable is not set.* | +| `LITESTREAM_S3_BUCKET` | Name of the S3-compatible object storage bucket to store the Litestream replication in. | *Litestream replication is disabled if this variable is not set.* | +| `LITESTREAM_S3_PATH` | Directory path to use within the Litestream replication bucket. | Defaults to `nocodb`. | +| `LITESTREAM_S3_ACCESS_KEY_ID` | Litestream authentication key for the S3 replica. | *Litestream replication is disabled if this variable is not set.* | +| `LITESTREAM_S3_SECRET_ACCESS_KEY` | Litestream authentication key for the S3 replica. | *Litestream replication is disabled if this variable is not set.* | +| `LITESTREAM_S3_SKIP_VERIFY` | Whether to disable TLS verification. This is useful when testing against a local node such as MinIO and you are using self-signed certificates. | Defaults to `false`. | +| `LITESTREAM_RETENTION` | Amount of time Litestream snapshot and WAL files are kept. After the retention period, a new snapshot is created and the old one is removed. WAL files that exist before the oldest snapshot will also be removed. | Defaults to `1440h` (60 days). | +| `LITESTREAM_RETENTION_CHECK_INTERVAL` | Frequency in which Litestream will check if retention needs to be enforced. | Defaults to `72h` (3 days). | +| `LITESTREAM_SNAPSHOT_INTERVAL` | Frequency in which new Litestream snapshots are created. A higher frequency reduces the time to restore since newer snapshots will have fewer WAL frames to apply. Retention still applies to these snapshots. | Defaults to `24h` (1 day). | +| `LITESTREAM_SYNC_INTERVAL` | Frequency in which frames are pushed to the Litestream replica. Increasing this frequency can increase object storage costs significantly. | Defaults to `60s` (1 minute). | diff --git a/packages/nocodb/Dockerfile b/packages/nocodb/Dockerfile index 5a31b6f6ab..0b7e56eceb 100644 --- a/packages/nocodb/Dockerfile +++ b/packages/nocodb/Dockerfile @@ -52,17 +52,24 @@ RUN pnpm install --prod --shamefully-hoist \ FROM alpine:3.19 WORKDIR /usr/src/app -ENV NC_DOCKER 0.6 -ENV NODE_ENV production -ENV PORT 8080 -ENV NC_TOOL_DIR=/usr/app/data/ +ENV LITESTREAM_S3_SKIP_VERIFY=false \ + LITESTREAM_S3_PATH=nocodb \ + LITESTREAM_RETENTION=1440h \ + LITESTREAM_RETENTION_CHECK_INTERVAL=72h \ + LITESTREAM_SNAPSHOT_INTERVAL=24h \ + LITESTREAM_SYNC_INTERVAL=60s \ + NC_DOCKER=0.6 \ + NC_TOOL_DIR=/usr/app/data/ \ + NODE_ENV=production \ + PORT=8080 RUN apk --update --no-cache add \ nodejs \ dumb-init -# Copy litestream binary +# Copy litestream binary and config file COPY --from=lt-builder /usr/src/lt /usr/local/bin/litestream +COPY ./docker/litestream.yml /etc/litestream.yml # Copy production code & main entry file COPY --from=builder /usr/src/app/ /usr/src/app/ COPY --from=builder /usr/src/appEntry/ /usr/src/appEntry/ diff --git a/packages/nocodb/docker/litestream.yml b/packages/nocodb/docker/litestream.yml new file mode 100644 index 0000000000..4306b7b21b --- /dev/null +++ b/packages/nocodb/docker/litestream.yml @@ -0,0 +1,22 @@ +# Docs: https://litestream.io/reference/config/ + +dbs: + - path: ${NC_TOOL_DIR}noco.db + replicas: + - type: s3 + endpoint: ${LITESTREAM_S3_ENDPOINT} + force-path-style: true + skip-verify: ${LITESTREAM_S3_SKIP_VERIFY} + bucket: ${LITESTREAM_S3_BUCKET} + path: ${LITESTREAM_S3_PATH} + access-key-id: ${LITESTREAM_S3_ACCESS_KEY_ID} + secret-access-key: ${LITESTREAM_S3_SECRET_ACCESS_KEY} + retention: ${LITESTREAM_RETENTION} + retention-check-interval: ${LITESTREAM_RETENTION_CHECK_INTERVAL} + snapshot-interval: ${LITESTREAM_SNAPSHOT_INTERVAL} + sync-interval: ${LITESTREAM_SYNC_INTERVAL} + # age: + # identities: + # - ${LITESTREAM_AGE_SECRET_KEY} + # recipients: + # - ${LITESTREAM_AGE_PUBLIC_KEY} diff --git a/packages/nocodb/docker/start-litestream.sh b/packages/nocodb/docker/start-litestream.sh index db5987faef..da66e5480b 100644 --- a/packages/nocodb/docker/start-litestream.sh +++ b/packages/nocodb/docker/start-litestream.sh @@ -6,21 +6,21 @@ if [ -n "${NC_TOOL_DIR}" ]; then mkdir -p "$NC_TOOL_DIR" fi -if [ -n "${AWS_ACCESS_KEY_ID}" ] && [ -n "${AWS_SECRET_ACCESS_KEY}" ] && [ -n "${AWS_BUCKET}" ] && [ -n "${AWS_BUCKET_PATH}" ]; then +if [ -n "${LITESTREAM_S3_ENDPOINT}" ] && [ -n "${LITESTREAM_S3_BUCKET}" ] && [ -n "${LITESTREAM_ACCESS_KEY_ID}" ] && [ -n "${LITESTREAM_SECRET_ACCESS_KEY}" ] ; then - if [ -f "${NC_TOOL_DIR}noco.db" ] - then + if [ -f "${NC_TOOL_DIR}noco.db" ] ; then rm "${NC_TOOL_DIR}noco.db" rm "${NC_TOOL_DIR}noco.db-shm" rm "${NC_TOOL_DIR}noco.db-wal" fi - litestream restore -o "${NC_TOOL_DIR}noco.db" "s3://$AWS_BUCKET/$AWS_BUCKET_PATH" - if [ ! -f "${NC_TOOL_DIR}noco.db" ] - then + litestream restore "${NC_TOOL_DIR}noco.db" + + if [ ! -f "${NC_TOOL_DIR}noco.db" ] ; then touch "${NC_TOOL_DIR}noco.db" fi - litestream replicate "${NC_TOOL_DIR}noco.db" "s3://$AWS_BUCKET/$AWS_BUCKET_PATH" & + + litestream replicate & fi node docker/main.js diff --git a/packages/nocodb/litestream/Dockerfile b/packages/nocodb/litestream/Dockerfile index 116dc8ea1f..ec45e80e7f 100644 --- a/packages/nocodb/litestream/Dockerfile +++ b/packages/nocodb/litestream/Dockerfile @@ -38,12 +38,6 @@ RUN chmod +x /usr/src/appEntry/start.sh FROM alpine:3.19 -#ENV AWS_ACCESS_KEY_ID= -#ENV AWS_SECRET_ACCESS_KEY= -#ENV AWS_BUCKET= - - - #WORKDIR /usr/src/ # ## Install go lang @@ -68,10 +62,15 @@ FROM alpine:3.19 WORKDIR /usr/src/app -ENV NC_DOCKER 0.6 -ENV PORT 8080 -ENV NC_TOOL_DIR=/usr/app/data/ - +ENV LITESTREAM_S3_SKIP_VERIFY=false \ + LITESTREAM_S3_PATH=nocodb \ + LITESTREAM_RETENTION=1440h \ + LITESTREAM_RETENTION_CHECK_INTERVAL=72h \ + LITESTREAM_SNAPSHOT_INTERVAL=24h \ + LITESTREAM_SYNC_INTERVAL=60s \ + NC_DOCKER=0.6 \ + NC_TOOL_DIR=/usr/app/data/ \ + PORT=8080 # Copy application dependency manifests to the container image. # A wildcard is used to ensure both package.json AND package-lock.json are copied. @@ -84,8 +83,9 @@ RUN apk --update --no-cache add \ nodejs \ tar -# Copy litestream binary +# Copy litestream binary and config file COPY --from=lt /usr/src/lt /usr/local/bin/litestream +COPY ./docker/litestream.yml /etc/litestream.yml # Copy production code & main entry file COPY --from=builder /usr/src/app/ /usr/src/app/ COPY --from=builder /usr/src/appEntry/ /usr/src/appEntry/ From 8ad3624b2493d95380d6cd465d739f6303a0793d Mon Sep 17 00:00:00 2001 From: Salim B Date: Wed, 15 May 2024 23:57:10 +0200 Subject: [PATCH 03/14] fix: make start scripts more robust --- packages/nocodb/docker/start-litestream.sh | 8 +++----- packages/nocodb/docker/start-local.sh | 2 +- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/packages/nocodb/docker/start-litestream.sh b/packages/nocodb/docker/start-litestream.sh index da66e5480b..046a841a47 100644 --- a/packages/nocodb/docker/start-litestream.sh +++ b/packages/nocodb/docker/start-litestream.sh @@ -1,8 +1,6 @@ #!/bin/sh -#sleep 5 - -if [ -n "${NC_TOOL_DIR}" ]; then +if [ ! -d "${NC_TOOL_DIR}" ] ; then mkdir -p "$NC_TOOL_DIR" fi @@ -10,8 +8,8 @@ if [ -n "${LITESTREAM_S3_ENDPOINT}" ] && [ -n "${LITESTREAM_S3_BUCKET}" ] && [ - if [ -f "${NC_TOOL_DIR}noco.db" ] ; then rm "${NC_TOOL_DIR}noco.db" - rm "${NC_TOOL_DIR}noco.db-shm" - rm "${NC_TOOL_DIR}noco.db-wal" + rm -f "${NC_TOOL_DIR}noco.db-shm" + rm -f "${NC_TOOL_DIR}noco.db-wal" fi litestream restore "${NC_TOOL_DIR}noco.db" diff --git a/packages/nocodb/docker/start-local.sh b/packages/nocodb/docker/start-local.sh index 3dd17d0d04..faaeece178 100644 --- a/packages/nocodb/docker/start-local.sh +++ b/packages/nocodb/docker/start-local.sh @@ -1,6 +1,6 @@ #!/bin/sh -if [ -n "${NC_TOOL_DIR}" ]; then +if [ ! -d "${NC_TOOL_DIR}" ]; then mkdir -p "$NC_TOOL_DIR" fi From 75bfcbbfbcce6e9656af9e4e170be4b6da9de2bc Mon Sep 17 00:00:00 2001 From: Salim B Date: Wed, 15 May 2024 23:58:44 +0200 Subject: [PATCH 04/14] chore: make Dockerfiles more idiomatic --- packages/nocodb/Dockerfile | 11 +++++------ packages/nocodb/Dockerfile.local | 12 +++++++----- packages/nocodb/litestream/Dockerfile | 12 ++++++------ 3 files changed, 18 insertions(+), 17 deletions(-) diff --git a/packages/nocodb/Dockerfile b/packages/nocodb/Dockerfile index 0b7e56eceb..7ba7952633 100644 --- a/packages/nocodb/Dockerfile +++ b/packages/nocodb/Dockerfile @@ -1,7 +1,9 @@ +# syntax=docker/dockerfile:1 + ########### # Litestream Builder ########### -FROM golang:alpine3.18 as lt-builder +FROM golang:alpine3.19 as lt-builder WORKDIR /usr/src/ @@ -9,12 +11,9 @@ RUN apk add --no-cache git make musl-dev gcc # build litestream RUN git clone https://github.com/benbjohnson/litestream.git litestream -RUN cd litestream ; go install ./cmd/litestream - +RUN cd litestream && go install ./cmd/litestream RUN cp $GOPATH/bin/litestream /usr/src/lt - - ########### # Builder ########### @@ -63,7 +62,7 @@ ENV LITESTREAM_S3_SKIP_VERIFY=false \ NODE_ENV=production \ PORT=8080 -RUN apk --update --no-cache add \ +RUN apk add --update --no-cache \ nodejs \ dumb-init diff --git a/packages/nocodb/Dockerfile.local b/packages/nocodb/Dockerfile.local index 72504ddfe5..04e470a80c 100644 --- a/packages/nocodb/Dockerfile.local +++ b/packages/nocodb/Dockerfile.local @@ -1,3 +1,5 @@ +# syntax=docker/dockerfile:1 + ########### # Builder ########### @@ -36,12 +38,12 @@ RUN pnpm install --prod --shamefully-hoist --reporter=silent \ FROM alpine:3.19 WORKDIR /usr/src/app -ENV NC_DOCKER 0.6 -ENV NODE_ENV production -ENV PORT 8080 -ENV NC_TOOL_DIR=/usr/app/data/ +ENV NC_DOCKER=0.6 \ + NC_TOOL_DIR=/usr/app/data/ \ + NODE_ENV=production \ + PORT=8080 -RUN apk --update --no-cache add \ +RUN apk add --update --no-cache \ nodejs \ dumb-init \ curl \ diff --git a/packages/nocodb/litestream/Dockerfile b/packages/nocodb/litestream/Dockerfile index ec45e80e7f..310315729b 100644 --- a/packages/nocodb/litestream/Dockerfile +++ b/packages/nocodb/litestream/Dockerfile @@ -1,4 +1,6 @@ -FROM golang:alpine3.18 as lt +# syntax=docker/dockerfile:1 + +FROM golang:alpine3.19 as lt WORKDIR /usr/src/ @@ -6,12 +8,10 @@ RUN apk add --no-cache git make musl-dev gcc # build litestream RUN git clone https://github.com/benbjohnson/litestream.git litestream -RUN cd litestream ; go install ./cmd/litestream - +RUN cd litestream && go install ./cmd/litestream RUN cp $GOPATH/bin/litestream /usr/src/lt - FROM node:18.19.1-alpine as builder WORKDIR /usr/src/app @@ -36,6 +36,7 @@ RUN pnpm dlx modclean --patterns="default:*" --ignore="nc-lib-gui/**,dayjs/**,ex RUN rm -rf ./node_modules/sqlite3/deps RUN chmod +x /usr/src/appEntry/start.sh + FROM alpine:3.19 #WORKDIR /usr/src/ @@ -55,7 +56,6 @@ FROM alpine:3.19 #RUN git clone https://github.com/benbjohnson/litestream.git litestream #RUN cd litestream ; go install ./cmd/litestream - # Bug fix for segfault ( Convert PT_GNU_STACK program header into PT_PAX_FLAGS ) #RUN apk --update --no-cache add paxctl \ # && paxctl -cm $(which node) @@ -79,7 +79,7 @@ ENV LITESTREAM_S3_SKIP_VERIFY=false \ #COPY ./docker/main.js ./docker/main.js #COPY ./package.json ./ -RUN apk --update --no-cache add \ +RUN apk add --update --no-cache \ nodejs \ tar From 30fe1f0ff62e842172c430df28e6b682bf27eee2 Mon Sep 17 00:00:00 2001 From: Salim B Date: Thu, 16 May 2024 00:11:18 +0200 Subject: [PATCH 05/14] chore: use `COPY --link` in Dockerfiles cf. https://docs.docker.com/reference/dockerfile/#copy---link --- packages/nocodb/Dockerfile | 17 ++++++++--------- packages/nocodb/Dockerfile.local | 14 +++++++------- packages/nocodb/litestream/Dockerfile | 21 ++++++++++----------- 3 files changed, 25 insertions(+), 27 deletions(-) diff --git a/packages/nocodb/Dockerfile b/packages/nocodb/Dockerfile index 7ba7952633..30831def3f 100644 --- a/packages/nocodb/Dockerfile +++ b/packages/nocodb/Dockerfile @@ -27,11 +27,10 @@ RUN apk add --no-cache python3 make g++ RUN corepack enable && corepack prepare pnpm@latest --activate # Copy application dependency manifests to the container image. -COPY ./package.json ./package.json -COPY ./docker/main.js ./docker/main.js -#COPY ./docker/start.sh /usr/src/appEntry/start.sh -COPY ./docker/start-litestream.sh /usr/src/appEntry/start.sh -COPY src/public/ ./docker/public/ +COPY --link ./package.json ./package.json +COPY --link ./docker/main.js ./docker/main.js +COPY --link ./docker/start-litestream.sh /usr/src/appEntry/start.sh +COPY --link src/public/ ./docker/public/ # for pnpm to generate a flat node_modules without symlinks # so that modclean could work as expected @@ -67,11 +66,11 @@ RUN apk add --update --no-cache \ dumb-init # Copy litestream binary and config file -COPY --from=lt-builder /usr/src/lt /usr/local/bin/litestream -COPY ./docker/litestream.yml /etc/litestream.yml +COPY --link --from=lt-builder /usr/src/lt /usr/local/bin/litestream +COPY --link ./docker/litestream.yml /etc/litestream.yml # Copy production code & main entry file -COPY --from=builder /usr/src/app/ /usr/src/app/ -COPY --from=builder /usr/src/appEntry/ /usr/src/appEntry/ +COPY --link --from=builder /usr/src/app/ /usr/src/app/ +COPY --link --from=builder /usr/src/appEntry/ /usr/src/appEntry/ EXPOSE 8080 ENTRYPOINT ["/usr/bin/dumb-init", "--"] diff --git a/packages/nocodb/Dockerfile.local b/packages/nocodb/Dockerfile.local index 04e470a80c..94cf1a4975 100644 --- a/packages/nocodb/Dockerfile.local +++ b/packages/nocodb/Dockerfile.local @@ -13,11 +13,11 @@ RUN apk add --no-cache python3 make g++ RUN corepack enable && corepack prepare pnpm@latest --activate # Copy application dependency manifests to the container image. -COPY ./package.json ./package.json -COPY ./docker/nc-gui/ ./docker/nc-gui/ -COPY ./docker/main.js ./docker/index.js -COPY ./docker/start-local.sh /usr/src/appEntry/start.sh -COPY src/public/ ./docker/public/ +COPY --link ./package.json ./package.json +COPY --link ./docker/nc-gui/ ./docker/nc-gui/ +COPY --link ./docker/main.js ./docker/index.js +COPY --link ./docker/start-local.sh /usr/src/appEntry/start.sh +COPY --link src/public/ ./docker/public/ # for pnpm to generate a flat node_modules without symlinks # so that modclean could work as expected @@ -50,8 +50,8 @@ RUN apk add --update --no-cache \ jq # Copy production code & main entry file -COPY --from=builder /usr/src/app/ /usr/src/app/ -COPY --from=builder /usr/src/appEntry/ /usr/src/appEntry/ +COPY --link --from=builder /usr/src/app/ /usr/src/app/ +COPY --link --from=builder /usr/src/appEntry/ /usr/src/appEntry/ EXPOSE 8080 ENTRYPOINT ["/usr/bin/dumb-init", "--"] diff --git a/packages/nocodb/litestream/Dockerfile b/packages/nocodb/litestream/Dockerfile index 310315729b..80c9d68f34 100644 --- a/packages/nocodb/litestream/Dockerfile +++ b/packages/nocodb/litestream/Dockerfile @@ -19,10 +19,9 @@ WORKDIR /usr/src/app RUN corepack enable && corepack prepare pnpm@latest --activate # Copy application dependency manifests to the container image. -COPY ./package*.json ./ -COPY ./docker/main.js ./docker/main.js -#COPY ./docker/start.sh /usr/src/appEntry/start.sh -COPY ./docker/start-litestream.sh /usr/src/appEntry/start.sh +COPY --link ./package*.json ./ +COPY --link ./docker/main.js ./docker/main.js +COPY --link ./docker/start-litestream.sh /usr/src/appEntry/start.sh # for pnpm to generate a flat node_modules without symlinks # so that modclean could work as expected @@ -75,20 +74,20 @@ ENV LITESTREAM_S3_SKIP_VERIFY=false \ # Copy application dependency manifests to the container image. # A wildcard is used to ensure both package.json AND package-lock.json are copied. # Copying this separately prevents re-running npm install on every code change. -#COPY ./build/ ./build/ -#COPY ./docker/main.js ./docker/main.js -#COPY ./package.json ./ +#COPY --link ./build/ ./build/ +#COPY --link ./docker/main.js ./docker/main.js +#COPY --link ./package.json ./ RUN apk add --update --no-cache \ nodejs \ tar # Copy litestream binary and config file -COPY --from=lt /usr/src/lt /usr/local/bin/litestream -COPY ./docker/litestream.yml /etc/litestream.yml +COPY --link --from=lt /usr/src/lt /usr/local/bin/litestream +COPY --link ./docker/litestream.yml /etc/litestream.yml # Copy production code & main entry file -COPY --from=builder /usr/src/app/ /usr/src/app/ -COPY --from=builder /usr/src/appEntry/ /usr/src/appEntry/ +COPY --link --from=builder /usr/src/app/ /usr/src/app/ +COPY --link --from=builder /usr/src/appEntry/ /usr/src/appEntry/ # Run the web service on container startup. From 2e503348c3df159dfaf0b6d87bf779533da5cafe Mon Sep 17 00:00:00 2001 From: Salim B Date: Thu, 16 May 2024 01:56:49 +0200 Subject: [PATCH 06/14] fix: only use Litestream with default SQLite DB --- packages/nocodb/docker/start-litestream.sh | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/packages/nocodb/docker/start-litestream.sh b/packages/nocodb/docker/start-litestream.sh index 046a841a47..8d75d5a4ef 100644 --- a/packages/nocodb/docker/start-litestream.sh +++ b/packages/nocodb/docker/start-litestream.sh @@ -4,7 +4,20 @@ if [ ! -d "${NC_TOOL_DIR}" ] ; then mkdir -p "$NC_TOOL_DIR" fi -if [ -n "${LITESTREAM_S3_ENDPOINT}" ] && [ -n "${LITESTREAM_S3_BUCKET}" ] && [ -n "${LITESTREAM_ACCESS_KEY_ID}" ] && [ -n "${LITESTREAM_SECRET_ACCESS_KEY}" ] ; then +use_litestream() { + [ -z "${NC_DB}" ] \ + && [ -z "${NC_DB_JSON}" ] \ + && [ -z "${NC_DB_JSON_FILE}" ] \ + && [ -z "${DATABASE_URL}" ] \ + && [ -z "${DATABASE_URL_FILE}" ] \ + && [ -z "${NC_MINIMAL_DBS}" ] \ + && [ -n "${LITESTREAM_S3_ENDPOINT}" ] \ + && [ -n "${LITESTREAM_S3_BUCKET}" ] \ + && [ -n "${LITESTREAM_ACCESS_KEY_ID}" ] \ + && [ -n "${LITESTREAM_SECRET_ACCESS_KEY}" ] +} + +if use_litestream ; then if [ -f "${NC_TOOL_DIR}noco.db" ] ; then rm "${NC_TOOL_DIR}noco.db" From db342f50cd03585187934875b314a78d8efd9c5b Mon Sep 17 00:00:00 2001 From: Salim B Date: Thu, 16 May 2024 01:59:48 +0200 Subject: [PATCH 07/14] doc: tweak env var section --- .../020.environment-variables.md | 127 +++++++++--------- 1 file changed, 64 insertions(+), 63 deletions(-) diff --git a/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md b/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md index 186a0f33cd..6943a3b60b 100644 --- a/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md +++ b/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md @@ -6,73 +6,74 @@ tags: ['Open Source'] keywords : ['NocoDB environment variables', 'NocoDB env variables', 'NocoDB envs', 'NocoDB env'] --- -For production use-cases, it is **recommended** to configure -- `NC_DB`, -- `NC_AUTH_JWT_SECRET`, -- `NC_PUBLIC_URL`, +For production use cases, it is **recommended** to set at least: + +- `NC_DB` +- `NC_AUTH_JWT_SECRET` +- `NC_PUBLIC_URL` - `NC_REDIS_URL` | Variable | Description | If absent | | -------- | ----------- | --------- | -| `NC_DB` | See our example database URLs [here](https://github.com/nocodb/nocodb#docker). | A local SQLite database will be created in root folder if `NC_DB` is not provided | -| `NC_DB_JSON` | Can be used instead of `NC_DB` and value should be valid knex connection JSON | | -| `NC_DB_JSON_FILE` | Can be used instead of `NC_DB` and value should be a valid path to knex connection JSON | | -| `DATABASE_URL` | Can be used instead of `NC_DB` and value should be in JDBC URL format | | -| `DATABASE_URL_FILE` | Can be used instead of `DATABASE_URL` and value should be a valid path to file containing JDBC URL format. | | -| `NC_AUTH_JWT_SECRET` | JWT secret used for auth and storing other secrets | A random secret will be generated | -| `PORT` | For setting app running port | `8080` | -| `DB_QUERY_LIMIT_DEFAULT` | Pagination limit | `25` | -| `DB_QUERY_LIMIT_GROUP_BY_GROUP` | Group per page limit | `10` | -| `DB_QUERY_LIMIT_GROUP_BY_RECORD` | Record per group limit | `10` | -| `DB_QUERY_LIMIT_MAX` | Maximum allowed pagination limit | `1000` | -| `DB_QUERY_LIMIT_MIN` | Minimum allowed pagination limit | `1` | -| `NC_TOOL_DIR` | App directory to keep metadata and app related files | Defaults to current working directory. In docker maps to `/usr/app/data/` for mounting volume. | -| `NC_PUBLIC_URL` | Used for sending Email invitations | Best guess from http request params | -| `NC_JWT_EXPIRES_IN` | JWT token expiry time | `10h` | -| `NC_CONNECT_TO_EXTERNAL_DB_DISABLED` | Disable Project creation with external database | | -| `NC_INVITE_ONLY_SIGNUP` | Removed since version 0.99.0 and now it's recommended to use [super admin settings menu](/account-settings/oss-specific-details#enable--disable-signup). Allow users to signup only via invite URL, value should be any non-empty string. | | -| `NUXT_PUBLIC_NC_BACKEND_URL` | Custom Backend URL | `http://localhost:8080` will be used | -| `NC_REQUEST_BODY_SIZE` | Request body size [limit](https://expressjs.com/en/resources/middleware/body-parser.html#limit) | `1048576` | -| `NC_EXPORT_MAX_TIMEOUT` | After `NC_EXPORT_MAX_TIMEOUT`, CSV gets downloaded in batches | Default value `5000` (in milliseconds) will be used | -| `NC_DISABLE_TELE` | Disable telemetry | | -| `NC_DASHBOARD_URL` | Custom dashboard URL path | `/dashboard` | -| `NC_GOOGLE_CLIENT_ID` | Google client ID to enable Google authentication | | -| `NC_GOOGLE_CLIENT_SECRET` | Google client secret to enable Google authentication | | -| `NC_MIGRATIONS_DISABLED` | Disable NocoDB migration | | -| `NC_MIN` | If set to any non-empty string the default splash screen (initial welcome animation) and matrix screensaver will disable | | -| `NC_SENTRY_DSN` | For Sentry monitoring | | -| `NC_REDIS_URL` | Custom Redis URL. Example: `redis://:authpassword@127.0.0.1:6380/4` | Meta data will be stored in memory | -| `NC_DISABLE_ERR_REPORT` | Disable error reporting | | -| `NC_DISABLE_CACHE` | To be used only while debugging. On setting this to `true` - meta data be fetched from db instead of redis/cache. | `false` | -| `NC_SMTP_FROM` | For SMTP plugin - Email sender address | | -| `NC_SMTP_HOST` | For SMTP plugin - SMTP host value | | -| `NC_SMTP_PORT` | For SMTP plugin - SMTP port value | | -| `NC_SMTP_USERNAME` | For SMTP plugin (Optional) - SMTP username value for authentication | | -| `NC_SMTP_PASSWORD` | For SMTP plugin (Optional) - SMTP password value for authentication | | -| `NC_SMTP_SECURE` | For SMTP plugin (Optional) - To enable secure set value as `true` any other value treated as false | | -| `NC_SMTP_IGNORE_TLS` | For SMTP plugin (Optional) - To ignore tls set value as `true` any other value treated as false. For more info visit https://nodemailer.com/smtp/ | | -| `NC_S3_BUCKET_NAME` | For S3 storage plugin - AWS S3 bucket name | | -| `NC_S3_REGION` | For S3 storage plugin - AWS S3 region | | -| `NC_S3_ACCESS_KEY` | For S3 storage plugin - AWS access key credential for accessing resource | | -| `NC_S3_ACCESS_SECRET` | For S3 storage plugin - AWS access secret credential for accessing resource | | -| `NC_ATTACHMENT_FIELD_SIZE` | For setting the attachment field size(in Bytes) | Defaults to 20MB | -| `NC_MAX_ATTACHMENTS_ALLOWED` | Maximum Number of attachments per cell | | -| `NC_ADMIN_EMAIL` | For updating/creating super admin with provided email and password | | -| `NC_ADMIN_PASSWORD` | For updating/creating super admin with provided email and password. Your password should have at least 8 letters with one uppercase, one number and one special letter. Allowed special characters include `$&+,:;=?@#\|'.^*()%!_-"`. ) | | -| `NODE_OPTIONS` | For passing Node.js [options](https://nodejs.org/api/cli.html#node_optionsoptions) to instance | | -| `NC_MINIMAL_DBS` | Create a new SQLite file for each project. All the db files are stored in `nc_minimal_dbs` folder in current working directory. (This option restricts project creation on external sources) | | -| `NC_DISABLE_AUDIT` | Disable Audit Log | `false` | -| `NC_AUTOMATION_LOG_LEVEL` | Possible Values: `OFF`, `ERROR`, `ALL`. See [Webhooks](/automation/webhook/create-webhook#call-log) for details. | `OFF` | -| `NC_SECURE_ATTACHMENTS` | Allow accessing attachments only through presigned urls. To enable set value as `true` any other value treated as false. (⚠ this will make existing links inaccessible ⚠) | `false` | -| `NC_ATTACHMENT_EXPIRE_SECONDS` | How many seconds before expiring presigned attachment urls. (Attachments will expire in at least set seconds and at most 10mins after set time) | 7200 (2 hours) | -| `NC_ALLOW_LOCAL_HOOKS` | To enable set value as `true` any other value treated as false. (⚠ this will allow webhooks to call local links which can raise security issues ⚠) | `false` | -| `NC_SANITIZE_COLUMN_NAME` | Sanitize the column name during column creation. To enable set value as `true` any other value treated as false. | `true` | -| `LITESTREAM_S3_ENDPOINT` | URL of an S3-compatible object storage service endpoint like `s3.eu-central-1.amazonaws.com`. | *Litestream replication is disabled if this variable is not set.* | -| `LITESTREAM_S3_BUCKET` | Name of the S3-compatible object storage bucket to store the Litestream replication in. | *Litestream replication is disabled if this variable is not set.* | -| `LITESTREAM_S3_PATH` | Directory path to use within the Litestream replication bucket. | Defaults to `nocodb`. | -| `LITESTREAM_S3_ACCESS_KEY_ID` | Litestream authentication key for the S3 replica. | *Litestream replication is disabled if this variable is not set.* | -| `LITESTREAM_S3_SECRET_ACCESS_KEY` | Litestream authentication key for the S3 replica. | *Litestream replication is disabled if this variable is not set.* | -| `LITESTREAM_S3_SKIP_VERIFY` | Whether to disable TLS verification. This is useful when testing against a local node such as MinIO and you are using self-signed certificates. | Defaults to `false`. | +| `NC_DB` | See our example database URLs [here](https://github.com/nocodb/nocodb#docker). | A local SQLite database is created in root folder if `NC_DB` is not set. | +| `NC_DB_JSON` | Can be used instead of `NC_DB` and value should be valid knex connection JSON string. | | +| `NC_DB_JSON_FILE` | Can be used instead of `NC_DB` and value should be a valid path to knex connection JSON file. | | +| `DATABASE_URL` | Can be used instead of `NC_DB` and value should be a JDBC URL string. | | +| `DATABASE_URL_FILE` | Can be used instead of `NC_DB` and value should be a valid path to a JDBC URL file. | | +| `NC_AUTH_JWT_SECRET` | JWT secret used for auth and storing other secrets. | A random secret is generated. | +| `PORT` | Network port NocoDB runs on. | Defaults to `8080`. | +| `DB_QUERY_LIMIT_DEFAULT` | Pagination limit. | Defaults to `25`. | +| `DB_QUERY_LIMIT_GROUP_BY_GROUP` | Group per page limit. | Defaults to `10`. | +| `DB_QUERY_LIMIT_GROUP_BY_RECORD` | Record per group limit. | Defaults to `10`. | +| `DB_QUERY_LIMIT_MAX` | Maximum allowed pagination limit. | Defaults to `1000`. | +| `DB_QUERY_LIMIT_MIN` | Minimum allowed pagination limit. | Defaults to `1`. | +| `NC_TOOL_DIR` | App directory to keep metadata and app related files in. | Defaults to the current working directory. In docker, maps to `/usr/app/data/` for mounting volume. | +| `NC_PUBLIC_URL` | Used for sending E-mail invitations. | Best guess from HTTP request params. | +| `NC_JWT_EXPIRES_IN` | JWT token expiry time | Defaults to `10h`. | +| `NC_CONNECT_TO_EXTERNAL_DB_DISABLED` | Disable project creation with external database. | | +| `NC_INVITE_ONLY_SIGNUP` | Removed since version 0.99.0 and now it's recommended to use the [super admin settings menu](/account-settings/oss-specific-details#enable--disable-signup). Disable public signup and allow signup only via invitations. | | +| `NUXT_PUBLIC_NC_BACKEND_URL` | Custom backend URL. | Defaults to `http://localhost:8080`. | +| `NC_REQUEST_BODY_SIZE` | Request body size [limit](https://expressjs.com/en/resources/middleware/body-parser.html#limit) | Defaults to `1048576`. | +| `NC_EXPORT_MAX_TIMEOUT` | After `NC_EXPORT_MAX_TIMEOUT` (in milliseconds), CSV gets downloaded in batches. | Defaults to `5000` (5 seconds). | +| `NC_DISABLE_TELE` | Disable telemetry. | | +| `NC_DASHBOARD_URL` | Custom dashboard URL path | Defaults to `/dashboard`. | +| `NC_GOOGLE_CLIENT_ID` | Google client ID to enable Google authentication. | | +| `NC_GOOGLE_CLIENT_SECRET` | Google client secret to enable Google authentication. | | +| `NC_MIGRATIONS_DISABLED` | Disable NocoDB migrations. | | +| `NC_MIN` | Disable default splash screen (initial welcome animation) and matrix screensaver. | | +| `NC_SENTRY_DSN` | Data Source Name (DSN) for Sentry monitoring. | | +| `NC_REDIS_URL` | Redis URL. Example: `redis://:authpassword@127.0.0.1:6380/4` | Meta data is stored in memory. | +| `NC_DISABLE_ERR_REPORT` | Disable error reporting. | | +| `NC_DISABLE_CACHE` | Disable cache. To be used only while debugging. If `true`, meta data is fetched from database instead of redis/cache. | Defaults to `false`. | +| `NC_SMTP_FROM` | E-mail sender address for SMTP plugin. | *SMTP plugin is disabled if this variable is not set.* | +| `NC_SMTP_HOST` | E-mail server hostname for SMTP plugin. | *SMTP plugin is disabled if this variable is not set.* | +| `NC_SMTP_PORT` | E-mail server network for SMTP plugin. | *SMTP plugin is disabled if this variable is not set.* | +| `NC_SMTP_USERNAME` | User name for authentication in SMTP plugin. | | +| `NC_SMTP_PASSWORD` | User password for authentication in SMTP plugin. | | +| `NC_SMTP_SECURE` | Enable secure authentication in SMTP plugin. Set to `true` to enable, any other value is treated as `false`. | | +| `NC_SMTP_IGNORE_TLS` | Ignore TLS in SMTP plugin. Set to `true` to ignore TLS, any other value is treated as `false`. For more information, visit https://nodemailer.com/smtp/. | | +| `NC_S3_BUCKET_NAME` | AWS S3 bucket name for S3 storage plugin. | | +| `NC_S3_REGION` | AWS S3 region for S3 storage plugin. | | +| `NC_S3_ACCESS_KEY` | AWS access key ID for S3 storage plugin. | | +| `NC_S3_ACCESS_SECRET` | AWS access secret for S3 storage plugin. | | +| `NC_ATTACHMENT_FIELD_SIZE` | Attachment field size limit (in Bytes). | Defaults to 20MB. | +| `NC_MAX_ATTACHMENTS_ALLOWED` | Maximum number of attachments per cell. | | +| `NC_ADMIN_EMAIL` | Super admin e-mail address. | | +| `NC_ADMIN_PASSWORD` | Super admin password. The password should have at least 8 letters with one uppercase, one number and one special letter. Allowed special characters include `$&+,:;=?@#\|'.^*()%!_-"`. | | +| `NODE_OPTIONS` | Node.js [options](https://nodejs.org/api/cli.html#node_optionsoptions) to pass to instance. | | +| `NC_MINIMAL_DBS` | Create a new SQLite file for each project. All the SQLite database files are stored in the `nc_minimal_dbs` folder in the current working directory. This option restricts project creation on external sources. | | +| `NC_DISABLE_AUDIT` | Disable audit log. | Defaults to `false`. | +| `NC_AUTOMATION_LOG_LEVEL` | Possible Values: `OFF`, `ERROR`, `ALL`. See [Webhooks](/automation/webhook/create-webhook#call-log) for details. | Defaults to `OFF`. | +| `NC_SECURE_ATTACHMENTS` | Allow accessing attachments only through presigned URLs. Set to `true` to enable, any other value is treated as `false`. (⚠ this will make existing links inaccessible ⚠) | Defaults to `false`. | +| `NC_ATTACHMENT_EXPIRE_SECONDS` | Number of seconds after which pre-signed attachment URLs will begin to expire. The URLs will expire after `NC_ATTACHMENT_EXPIRE_SECONDS` plus 10 minutes at the very latest. | Defaults to `7200` (2 hours). | +| `NC_ALLOW_LOCAL_HOOKS` | ⚠ Allow webhooks to call local links which can raise security issues. ⚠ Set to `true` to enable, any other value is treated as `false` | Defaults to `false`. | +| `NC_SANITIZE_COLUMN_NAME` | Sanitize the column name during column creation. Set to `true` to enable, any other value is treated as `false` | Defaults to `true`. | +| `LITESTREAM_S3_ENDPOINT` | URL of an S3-compatible object storage service endpoint for [Litestream](https://litestream.io/) replication of NocoDB's default SQLite database. Example: `s3.eu-central-1.amazonaws.com` | *Litestream replication is disabled if this variable is not set.* | +| `LITESTREAM_S3_BUCKET` | Name of the object storage bucket to store the Litestream replication in. | *Litestream replication is disabled if this variable is not set.* | +| `LITESTREAM_S3_PATH` | Directory path to use within the Litestream replication object storage bucket. | Defaults to `nocodb`. | +| `LITESTREAM_S3_ACCESS_KEY_ID` | Authentication key ID for the Litestream replication object storage bucket. | *Litestream replication is disabled if this variable is not set.* | +| `LITESTREAM_S3_SECRET_ACCESS_KEY` | Authentication secret for the Litestream replication object storage bucket. | *Litestream replication is disabled if this variable is not set.* | +| `LITESTREAM_S3_SKIP_VERIFY` | Whether to disable TLS verification for the Litestream replication object storage service. This is useful when testing against a local node such as MinIO and you are using self-signed certificates. | Defaults to `false`. | | `LITESTREAM_RETENTION` | Amount of time Litestream snapshot and WAL files are kept. After the retention period, a new snapshot is created and the old one is removed. WAL files that exist before the oldest snapshot will also be removed. | Defaults to `1440h` (60 days). | | `LITESTREAM_RETENTION_CHECK_INTERVAL` | Frequency in which Litestream will check if retention needs to be enforced. | Defaults to `72h` (3 days). | | `LITESTREAM_SNAPSHOT_INTERVAL` | Frequency in which new Litestream snapshots are created. A higher frequency reduces the time to restore since newer snapshots will have fewer WAL frames to apply. Retention still applies to these snapshots. | Defaults to `24h` (1 day). | From 7f35d7b4ac87e56c3053c3321f1d86ced6f7a113 Mon Sep 17 00:00:00 2001 From: Salim B Date: Thu, 16 May 2024 02:27:28 +0200 Subject: [PATCH 08/14] docs: fix comma Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- .../050.self-hosted/020.environment-variables.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md b/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md index 6943a3b60b..507f6bfac1 100644 --- a/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md +++ b/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md @@ -31,7 +31,7 @@ For production use cases, it is **recommended** to set at least: | `NC_PUBLIC_URL` | Used for sending E-mail invitations. | Best guess from HTTP request params. | | `NC_JWT_EXPIRES_IN` | JWT token expiry time | Defaults to `10h`. | | `NC_CONNECT_TO_EXTERNAL_DB_DISABLED` | Disable project creation with external database. | | -| `NC_INVITE_ONLY_SIGNUP` | Removed since version 0.99.0 and now it's recommended to use the [super admin settings menu](/account-settings/oss-specific-details#enable--disable-signup). Disable public signup and allow signup only via invitations. | | +| `NC_INVITE_ONLY_SIGNUP` | Removed since version 0.99.0, and now it's recommended to use the [super admin settings menu](/account-settings/oss-specific-details#enable--disable-signup). Disable public signup and allow signup only via invitations. | | | `NUXT_PUBLIC_NC_BACKEND_URL` | Custom backend URL. | Defaults to `http://localhost:8080`. | | `NC_REQUEST_BODY_SIZE` | Request body size [limit](https://expressjs.com/en/resources/middleware/body-parser.html#limit) | Defaults to `1048576`. | | `NC_EXPORT_MAX_TIMEOUT` | After `NC_EXPORT_MAX_TIMEOUT` (in milliseconds), CSV gets downloaded in batches. | Defaults to `5000` (5 seconds). | From d44989b0e7e675ecb6d12872b271e12e02e6d087 Mon Sep 17 00:00:00 2001 From: Salim B Date: Thu, 16 May 2024 02:29:26 +0200 Subject: [PATCH 09/14] docs: add link text Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- .../050.self-hosted/020.environment-variables.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md b/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md index 507f6bfac1..8639c947bf 100644 --- a/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md +++ b/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md @@ -51,7 +51,7 @@ For production use cases, it is **recommended** to set at least: | `NC_SMTP_USERNAME` | User name for authentication in SMTP plugin. | | | `NC_SMTP_PASSWORD` | User password for authentication in SMTP plugin. | | | `NC_SMTP_SECURE` | Enable secure authentication in SMTP plugin. Set to `true` to enable, any other value is treated as `false`. | | -| `NC_SMTP_IGNORE_TLS` | Ignore TLS in SMTP plugin. Set to `true` to ignore TLS, any other value is treated as `false`. For more information, visit https://nodemailer.com/smtp/. | | +| `NC_SMTP_IGNORE_TLS` | Ignore TLS in SMTP plugin. Set to `true` to ignore TLS, any other value is treated as `false`. For more information, visit [Nodemailer SMTP documentation](https://nodemailer.com/smtp/). | | | `NC_S3_BUCKET_NAME` | AWS S3 bucket name for S3 storage plugin. | | | `NC_S3_REGION` | AWS S3 region for S3 storage plugin. | | | `NC_S3_ACCESS_KEY` | AWS access key ID for S3 storage plugin. | | From a66b3361f084cd71c59f3807e2f002e6483224dd Mon Sep 17 00:00:00 2001 From: Salim B Date: Thu, 16 May 2024 02:33:55 +0200 Subject: [PATCH 10/14] docs: tweak wording --- .../050.self-hosted/020.environment-variables.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md b/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md index 8639c947bf..2782a8c17b 100644 --- a/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md +++ b/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md @@ -48,8 +48,8 @@ For production use cases, it is **recommended** to set at least: | `NC_SMTP_FROM` | E-mail sender address for SMTP plugin. | *SMTP plugin is disabled if this variable is not set.* | | `NC_SMTP_HOST` | E-mail server hostname for SMTP plugin. | *SMTP plugin is disabled if this variable is not set.* | | `NC_SMTP_PORT` | E-mail server network for SMTP plugin. | *SMTP plugin is disabled if this variable is not set.* | -| `NC_SMTP_USERNAME` | User name for authentication in SMTP plugin. | | -| `NC_SMTP_PASSWORD` | User password for authentication in SMTP plugin. | | +| `NC_SMTP_USERNAME` | Username for authentication in SMTP plugin. | | +| `NC_SMTP_PASSWORD` | Password for authentication in SMTP plugin. | | | `NC_SMTP_SECURE` | Enable secure authentication in SMTP plugin. Set to `true` to enable, any other value is treated as `false`. | | | `NC_SMTP_IGNORE_TLS` | Ignore TLS in SMTP plugin. Set to `true` to ignore TLS, any other value is treated as `false`. For more information, visit [Nodemailer SMTP documentation](https://nodemailer.com/smtp/). | | | `NC_S3_BUCKET_NAME` | AWS S3 bucket name for S3 storage plugin. | | From 5f0dae005b547640267138bfb7804eef25b361f2 Mon Sep 17 00:00:00 2001 From: Salim B Date: Thu, 16 May 2024 11:38:17 +0200 Subject: [PATCH 11/14] chore: remove obsolete Litestream Dockerfile --- packages/nocodb/litestream/Dockerfile | 95 --------------------------- 1 file changed, 95 deletions(-) delete mode 100644 packages/nocodb/litestream/Dockerfile diff --git a/packages/nocodb/litestream/Dockerfile b/packages/nocodb/litestream/Dockerfile deleted file mode 100644 index 80c9d68f34..0000000000 --- a/packages/nocodb/litestream/Dockerfile +++ /dev/null @@ -1,95 +0,0 @@ -# syntax=docker/dockerfile:1 - -FROM golang:alpine3.19 as lt - -WORKDIR /usr/src/ - -RUN apk add --no-cache git make musl-dev gcc - -# build litestream -RUN git clone https://github.com/benbjohnson/litestream.git litestream -RUN cd litestream && go install ./cmd/litestream -RUN cp $GOPATH/bin/litestream /usr/src/lt - - -FROM node:18.19.1-alpine as builder -WORKDIR /usr/src/app - -# install pnpm -RUN corepack enable && corepack prepare pnpm@latest --activate - -# Copy application dependency manifests to the container image. -COPY --link ./package*.json ./ -COPY --link ./docker/main.js ./docker/main.js -COPY --link ./docker/start-litestream.sh /usr/src/appEntry/start.sh - -# for pnpm to generate a flat node_modules without symlinks -# so that modclean could work as expected -RUN echo "node-linker=hoisted" > .npmrc - -# install production dependencies, -# reduce node_module size with modclean & removing sqlite deps, -# and add execute permission to start.sh -RUN pnpm install --prod --shamefully-hoist --reporter=silent -RUN pnpm dlx modclean --patterns="default:*" --ignore="nc-lib-gui/**,dayjs/**,express-status-monitor/**" --run -RUN rm -rf ./node_modules/sqlite3/deps -RUN chmod +x /usr/src/appEntry/start.sh - - -FROM alpine:3.19 - -#WORKDIR /usr/src/ -# -## Install go lang -#RUN apk add --no-cache git make musl-dev go -# -## Configure Go -#ENV GOROOT /usr/lib/go -#ENV GOPATH /go -#ENV PATH /go/bin:$PATH -# -#RUN mkdir -p ${GOPATH}/src ${GOPATH}/bin -# -## build litestream -# -#RUN git clone https://github.com/benbjohnson/litestream.git litestream -#RUN cd litestream ; go install ./cmd/litestream - -# Bug fix for segfault ( Convert PT_GNU_STACK program header into PT_PAX_FLAGS ) -#RUN apk --update --no-cache add paxctl \ -# && paxctl -cm $(which node) - -WORKDIR /usr/src/app - -ENV LITESTREAM_S3_SKIP_VERIFY=false \ - LITESTREAM_S3_PATH=nocodb \ - LITESTREAM_RETENTION=1440h \ - LITESTREAM_RETENTION_CHECK_INTERVAL=72h \ - LITESTREAM_SNAPSHOT_INTERVAL=24h \ - LITESTREAM_SYNC_INTERVAL=60s \ - NC_DOCKER=0.6 \ - NC_TOOL_DIR=/usr/app/data/ \ - PORT=8080 - -# Copy application dependency manifests to the container image. -# A wildcard is used to ensure both package.json AND package-lock.json are copied. -# Copying this separately prevents re-running npm install on every code change. -#COPY --link ./build/ ./build/ -#COPY --link ./docker/main.js ./docker/main.js -#COPY --link ./package.json ./ - -RUN apk add --update --no-cache \ - nodejs \ - tar - -# Copy litestream binary and config file -COPY --link --from=lt /usr/src/lt /usr/local/bin/litestream -COPY --link ./docker/litestream.yml /etc/litestream.yml -# Copy production code & main entry file -COPY --link --from=builder /usr/src/app/ /usr/src/app/ -COPY --link --from=builder /usr/src/appEntry/ /usr/src/appEntry/ - - -# Run the web service on container startup. -#CMD [ "node", "docker/index.js" ] -ENTRYPOINT ["sh", "/usr/src/appEntry/start.sh"] From 08e6adeec40030f88089fe378821875b658bfe4f Mon Sep 17 00:00:00 2001 From: Salim B Date: Thu, 16 May 2024 17:14:47 +0200 Subject: [PATCH 12/14] chore: tweak env var documentation - harmonize attachment-specific env var descriptions - re-arrange env vars in table more logically - document `NC_MAX_ATTACHMENTS_ALLOWED`'s default value - minor nitpicks --- .../050.self-hosted/020.environment-variables.md | 16 ++++++++-------- .../050.custom-types/010.attachment.md | 11 ++++++----- 2 files changed, 14 insertions(+), 13 deletions(-) diff --git a/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md b/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md index 2782a8c17b..d4202f125b 100644 --- a/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md +++ b/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md @@ -21,6 +21,8 @@ For production use cases, it is **recommended** to set at least: | `DATABASE_URL` | Can be used instead of `NC_DB` and value should be a JDBC URL string. | | | `DATABASE_URL_FILE` | Can be used instead of `NC_DB` and value should be a valid path to a JDBC URL file. | | | `NC_AUTH_JWT_SECRET` | JWT secret used for auth and storing other secrets. | A random secret is generated. | +| `NC_ADMIN_EMAIL` | Super admin e-mail address. | | +| `NC_ADMIN_PASSWORD` | Super admin password. The password should have at least 8 letters with one uppercase, one number and one special letter. Allowed special characters include `$&+,:;=?@#\|'.^*()%!_-"`. | | | `PORT` | Network port NocoDB runs on. | Defaults to `8080`. | | `DB_QUERY_LIMIT_DEFAULT` | Pagination limit. | Defaults to `25`. | | `DB_QUERY_LIMIT_GROUP_BY_GROUP` | Group per page limit. | Defaults to `10`. | @@ -51,23 +53,21 @@ For production use cases, it is **recommended** to set at least: | `NC_SMTP_USERNAME` | Username for authentication in SMTP plugin. | | | `NC_SMTP_PASSWORD` | Password for authentication in SMTP plugin. | | | `NC_SMTP_SECURE` | Enable secure authentication in SMTP plugin. Set to `true` to enable, any other value is treated as `false`. | | -| `NC_SMTP_IGNORE_TLS` | Ignore TLS in SMTP plugin. Set to `true` to ignore TLS, any other value is treated as `false`. For more information, visit [Nodemailer SMTP documentation](https://nodemailer.com/smtp/). | | +| `NC_SMTP_IGNORE_TLS` | Ignore TLS in SMTP plugin. Set to `true` to ignore TLS, any other value is treated as `false`. For more information, visit [Nodemailer's SMTP documentation](https://nodemailer.com/smtp/). | | | `NC_S3_BUCKET_NAME` | AWS S3 bucket name for S3 storage plugin. | | | `NC_S3_REGION` | AWS S3 region for S3 storage plugin. | | | `NC_S3_ACCESS_KEY` | AWS access key ID for S3 storage plugin. | | | `NC_S3_ACCESS_SECRET` | AWS access secret for S3 storage plugin. | | -| `NC_ATTACHMENT_FIELD_SIZE` | Attachment field size limit (in Bytes). | Defaults to 20MB. | -| `NC_MAX_ATTACHMENTS_ALLOWED` | Maximum number of attachments per cell. | | -| `NC_ADMIN_EMAIL` | Super admin e-mail address. | | -| `NC_ADMIN_PASSWORD` | Super admin password. The password should have at least 8 letters with one uppercase, one number and one special letter. Allowed special characters include `$&+,:;=?@#\|'.^*()%!_-"`. | | -| `NODE_OPTIONS` | Node.js [options](https://nodejs.org/api/cli.html#node_optionsoptions) to pass to instance. | | +| `NC_ATTACHMENT_FIELD_SIZE` | Maximum file size for [attachments](/fields/field-types/custom-types/attachment/) in bytes. | Defaults to `20971520` (20 MiB). | +| `NC_MAX_ATTACHMENTS_ALLOWED` | Maximum number of attachments per cell. | Defaults to `10`. | +| `NC_SECURE_ATTACHMENTS` | Allow accessing attachments only through pre-signed URLs. Set to `true` to enable, any other value is treated as `false`. (⚠ this will make existing links inaccessible ⚠) | Defaults to `false`. | +| `NC_ATTACHMENT_EXPIRE_SECONDS` | Number of seconds after which pre-signed attachment URLs will begin to expire. The URLs will expire after `NC_ATTACHMENT_EXPIRE_SECONDS` plus 10 minutes at the very latest. | Defaults to `7200` (2 hours). | | `NC_MINIMAL_DBS` | Create a new SQLite file for each project. All the SQLite database files are stored in the `nc_minimal_dbs` folder in the current working directory. This option restricts project creation on external sources. | | | `NC_DISABLE_AUDIT` | Disable audit log. | Defaults to `false`. | | `NC_AUTOMATION_LOG_LEVEL` | Possible Values: `OFF`, `ERROR`, `ALL`. See [Webhooks](/automation/webhook/create-webhook#call-log) for details. | Defaults to `OFF`. | -| `NC_SECURE_ATTACHMENTS` | Allow accessing attachments only through presigned URLs. Set to `true` to enable, any other value is treated as `false`. (⚠ this will make existing links inaccessible ⚠) | Defaults to `false`. | -| `NC_ATTACHMENT_EXPIRE_SECONDS` | Number of seconds after which pre-signed attachment URLs will begin to expire. The URLs will expire after `NC_ATTACHMENT_EXPIRE_SECONDS` plus 10 minutes at the very latest. | Defaults to `7200` (2 hours). | | `NC_ALLOW_LOCAL_HOOKS` | ⚠ Allow webhooks to call local links which can raise security issues. ⚠ Set to `true` to enable, any other value is treated as `false` | Defaults to `false`. | | `NC_SANITIZE_COLUMN_NAME` | Sanitize the column name during column creation. Set to `true` to enable, any other value is treated as `false` | Defaults to `true`. | +| `NODE_OPTIONS` | Node.js [options](https://nodejs.org/api/cli.html#node_optionsoptions) to pass to instance. | | | `LITESTREAM_S3_ENDPOINT` | URL of an S3-compatible object storage service endpoint for [Litestream](https://litestream.io/) replication of NocoDB's default SQLite database. Example: `s3.eu-central-1.amazonaws.com` | *Litestream replication is disabled if this variable is not set.* | | `LITESTREAM_S3_BUCKET` | Name of the object storage bucket to store the Litestream replication in. | *Litestream replication is disabled if this variable is not set.* | | `LITESTREAM_S3_PATH` | Directory path to use within the Litestream replication object storage bucket. | Defaults to `nocodb`. | diff --git a/packages/noco-docs/docs/070.fields/040.field-types/050.custom-types/010.attachment.md b/packages/noco-docs/docs/070.fields/040.field-types/050.custom-types/010.attachment.md index 3465267164..7c893efb00 100644 --- a/packages/noco-docs/docs/070.fields/040.field-types/050.custom-types/010.attachment.md +++ b/packages/noco-docs/docs/070.fields/040.field-types/050.custom-types/010.attachment.md @@ -62,12 +62,13 @@ Rename file only renames the file in NocoDB display (expand record & tool tip on ::: ## Environment variables -In self-hosted version, you can configure the following environment variables to customize the behavior of `Attachment` field. -- NC_ATTACHMENT_FIELD_SIZE: Max size of attachment file in bytes. Default: 20MB -- NC_SECURE_ATTACHMENTS: Allow accessing attachments only through pre-signed URLs. Default: false -- NC_ATTACHMENT_EXPIRE_SECONDS: Expiry time for pre-signed URLs. Default: 7200 +In self-hosted version, you can configure the following environment variables to customize the behavior of `Attachment` field: +- `NC_ATTACHMENT_FIELD_SIZE`: Maximum size of attachment files in bytes. Default: `20971520` (20 MiB) +- `NC_MAX_ATTACHMENTS_ALLOWED`: Maximum number of attachments per cell. Default: `10` +- `NC_SECURE_ATTACHMENTS`: Allow accessing attachments only through pre-signed URLs. Default: `false` +- `NC_ATTACHMENT_EXPIRE_SECONDS`: Expiry time for pre-signed URLs. Default: `7200` (2 hours) -Find more about environment variables [here](/getting-started/self-hosted/environment-variables) +All supported environment variables are described [here](/getting-started/self-hosted/environment-variables). ## Related articles - [Attaching a file from mobile](/views/view-types/form#attaching-a-file-from-mobile-device) From 6a3aec9b867817750a8443f1ca336af712c81bec Mon Sep 17 00:00:00 2001 From: Salim B Date: Thu, 16 May 2024 17:24:17 +0200 Subject: [PATCH 13/14] docs: add missing comma Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- .../050.self-hosted/020.environment-variables.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md b/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md index d4202f125b..7c34d440d2 100644 --- a/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md +++ b/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md @@ -65,7 +65,7 @@ For production use cases, it is **recommended** to set at least: | `NC_MINIMAL_DBS` | Create a new SQLite file for each project. All the SQLite database files are stored in the `nc_minimal_dbs` folder in the current working directory. This option restricts project creation on external sources. | | | `NC_DISABLE_AUDIT` | Disable audit log. | Defaults to `false`. | | `NC_AUTOMATION_LOG_LEVEL` | Possible Values: `OFF`, `ERROR`, `ALL`. See [Webhooks](/automation/webhook/create-webhook#call-log) for details. | Defaults to `OFF`. | -| `NC_ALLOW_LOCAL_HOOKS` | ⚠ Allow webhooks to call local links which can raise security issues. ⚠ Set to `true` to enable, any other value is treated as `false` | Defaults to `false`. | +| `NC_ALLOW_LOCAL_HOOKS` | ⚠ Allow webhooks to call local links, which can raise security issues. ⚠ Set to `true` to enable, any other value is treated as `false` | Defaults to `false`. | | `NC_SANITIZE_COLUMN_NAME` | Sanitize the column name during column creation. Set to `true` to enable, any other value is treated as `false` | Defaults to `true`. | | `NODE_OPTIONS` | Node.js [options](https://nodejs.org/api/cli.html#node_optionsoptions) to pass to instance. | | | `LITESTREAM_S3_ENDPOINT` | URL of an S3-compatible object storage service endpoint for [Litestream](https://litestream.io/) replication of NocoDB's default SQLite database. Example: `s3.eu-central-1.amazonaws.com` | *Litestream replication is disabled if this variable is not set.* | From 28f3f28078b76924dbe2a1c0566628ee1b78eaa4 Mon Sep 17 00:00:00 2001 From: Salim B Date: Thu, 16 May 2024 17:55:25 +0200 Subject: [PATCH 14/14] docs: improve env var descriptions --- .../050.self-hosted/020.environment-variables.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md b/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md index d4202f125b..ab0866eb55 100644 --- a/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md +++ b/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md @@ -32,7 +32,8 @@ For production use cases, it is **recommended** to set at least: | `NC_TOOL_DIR` | App directory to keep metadata and app related files in. | Defaults to the current working directory. In docker, maps to `/usr/app/data/` for mounting volume. | | `NC_PUBLIC_URL` | Used for sending E-mail invitations. | Best guess from HTTP request params. | | `NC_JWT_EXPIRES_IN` | JWT token expiry time | Defaults to `10h`. | -| `NC_CONNECT_TO_EXTERNAL_DB_DISABLED` | Disable project creation with external database. | | +| `NC_CONNECT_TO_EXTERNAL_DB_DISABLED` | Disable base creation on external databases. | | +| `NC_MINIMAL_DBS` | Create a new SQLite file for each base. All the SQLite database files are stored in the `nc_minimal_dbs` folder in the current working directory. Enabling this option automatically sets `NC_CONNECT_TO_EXTERNAL_DB_DISABLED`, i.e. disables base creation on external databases. | | | `NC_INVITE_ONLY_SIGNUP` | Removed since version 0.99.0, and now it's recommended to use the [super admin settings menu](/account-settings/oss-specific-details#enable--disable-signup). Disable public signup and allow signup only via invitations. | | | `NUXT_PUBLIC_NC_BACKEND_URL` | Custom backend URL. | Defaults to `http://localhost:8080`. | | `NC_REQUEST_BODY_SIZE` | Request body size [limit](https://expressjs.com/en/resources/middleware/body-parser.html#limit) | Defaults to `1048576`. | @@ -62,7 +63,6 @@ For production use cases, it is **recommended** to set at least: | `NC_MAX_ATTACHMENTS_ALLOWED` | Maximum number of attachments per cell. | Defaults to `10`. | | `NC_SECURE_ATTACHMENTS` | Allow accessing attachments only through pre-signed URLs. Set to `true` to enable, any other value is treated as `false`. (⚠ this will make existing links inaccessible ⚠) | Defaults to `false`. | | `NC_ATTACHMENT_EXPIRE_SECONDS` | Number of seconds after which pre-signed attachment URLs will begin to expire. The URLs will expire after `NC_ATTACHMENT_EXPIRE_SECONDS` plus 10 minutes at the very latest. | Defaults to `7200` (2 hours). | -| `NC_MINIMAL_DBS` | Create a new SQLite file for each project. All the SQLite database files are stored in the `nc_minimal_dbs` folder in the current working directory. This option restricts project creation on external sources. | | | `NC_DISABLE_AUDIT` | Disable audit log. | Defaults to `false`. | | `NC_AUTOMATION_LOG_LEVEL` | Possible Values: `OFF`, `ERROR`, `ALL`. See [Webhooks](/automation/webhook/create-webhook#call-log) for details. | Defaults to `OFF`. | | `NC_ALLOW_LOCAL_HOOKS` | ⚠ Allow webhooks to call local links which can raise security issues. ⚠ Set to `true` to enable, any other value is treated as `false` | Defaults to `false`. |