new: add missing environment variables and externalize them to .env f…

…iles
lowcoder-org · FalkWolsky · May 25, 2025 · Apr 5, 2025 · Apr 5, 2025 · Apr 5, 2025
commit d17b3382d0aa5384dd14db945bd0ea93c1cbf4fe
diff --git a/deploy/docker/README.md b/deploy/docker/README.md
@@ -4,6 +4,7 @@ Included Dockerfile can be used to build an **all-in-one** image with all requir
 
 For examples on running the all-in-one image or the multi image deployment see **deploy/docker/docker-compose.yaml** and **deploy/docker/docker-compose-multi.yaml**
 
+Environment variables used to configure various aspects of the services are stored in **default.env**, **default-multi.env** and **override.env**. Look into the **default** files to see which variables can be set and what are the default values. To change the defaults, use **override.env**. You don't have to use **--env-file** parameter with **doker compose** because the files are loaded from within `docker-compose.yaml` and `docker-compose-multi.yaml`.
 
 ## all-in-one image
 
@@ -50,14 +51,18 @@ Image can be configured by setting environment variables.
 | `LOWCODER_MAX_DEVELOPERS`           | Default maximum developers                                              | `100`                                                 |
 | `LOWCODER_WORKSPACE_MODE`           | SAAS to activate, ENTERPRISE to switch off - Workspaces                 | `SAAS`                                                |
 | `LOWCODER_EMAIL_SIGNUP_ENABLED`     | Control if users create their own Workspace automatic when Sign Up      | `true`                                                |
+| `LOWCODER_EMAIL_AUTH_ENABLED`       | Controls whether authentication via email is enabled                    | `true`                                                |
 | `LOWCODER_CREATE_WORKSPACE_ON_SIGNUP` | IF LOWCODER_WORKSPACE_MODE = SAAS, controls if a own workspace is created for the user after sign up   | `true`               |
 | `LOWCODER_MARKETPLACE_PRIVATE_MODE` | Control if not to show Apps on the local Marketplace to anonymous users | `true`                                                |
 | `LOWCODER_SUPERUSER_USERNAME`       | Username of the Super-User of an Lowcoder Installation | `admin@localhost`                                                      |
 | `LOWCODER_SUPERUSER_PASSWORD`       | Password of the Super-User, if not present or empty, it will be generated | `generated and printed into log file                |
-
+| `LOWCODER_PLUGINS_DIR`              | Directory holding lowcoder plugins                                      | `/lowcoder-stacks/plugins`                            |
+| `LOWCODER_COOKIE_NAME`              | Name of the lowcoder application cookie                                 | `LOWCODER_CE_SELFHOST_TOKEN`                          |
+| `LOWCODER_COOKIE_MAX_AGE`           | Lowcoder application cookie max age in hours                            | `24`                                                  |
+| `LOWCODER_APP_SNAPSHOT_RETENTIONTIME` | Application snapshots retention time in days                          | `30`                                                  |
 
 Also you should set the API-KEY secret, whcih should be a string of at least 32 random characters. (from Lowcoder v2.3.x on)
-On linux/mac, generate one eg. with: head /dev/urandom | head -c 30 | shasum -a 256
+On linux/mac, generate one eg. with: `head /dev/urandom | head -c 30 | shasum -a 256`
 
 | Environment variable                | Description                                                             | Default-Value                                         |
 |-------------------------------------| ----------------------------------------------------------------------- | ----------------------------------------------------- |
@@ -76,7 +81,7 @@ To enable secure Password Reset flow for the users, you need to configure your o
 | `LOWCODER_ADMIN_SMTP_SSL_ENABLED`         | Enable SSL encryption                                   | `false`              |
 | `LOWCODER_ADMIN_SMTP_STARTTLS_ENABLED`    | Enable STARTTLS encryption                              | `true`               |
 | `LOWCODER_ADMIN_SMTP_STARTTLS_REQUIRED`   | Require STARTTLS encryption                             | `true`               |
-| `LOWCODER_LOST_PASSWORD_EMAIL_SENDER`     | "from" Email address of the password Reset Email Sender | `service@lowcoder.cloud` |
+| `LOWCODER_EMAIL_NOTIFICATIONS_SENDER`     | "from" Email address of the password Reset Email Sender | `info@localhost` |
 
 
 ## Building api-service image
@@ -119,6 +124,10 @@ Image can be configured by setting environment variables.
 | `LOWCODER_MARKETPLACE_PRIVATE_MODE` | Control if not to show Apps on the local Marketplace to anonymous users | `true`                                                |
 | `LOWCODER_SUPERUSER_USERNAME` | Username of the Super-User of an Lowcoder Installation | `admin@localhost`                                                    |
 | `LOWCODER_SUPERUSER_PASSWORD` | Password of the Super-User, if not present or empty, it will be generated | `generated and printed into log file              |
+| `LOWCODER_PLUGINS_DIR`              | Directory holding lowcoder plugins                                      | `/lowcoder-stacks/plugins`                            |
+| `LOWCODER_COOKIE_NAME`              | Name of the lowcoder application cookie                                 | `LOWCODER_CE_SELFHOST_TOKEN`                          |
+| `LOWCODER_COOKIE_MAX_AGE`           | Lowcoder application cookie max age in hours                            | `24`                                                  |
+| `LOWCODER_APP_SNAPSHOT_RETENTIONTIME` | Application snapshots retention time in days                          | `30`                                                  |
 
 Also you should set the API-KEY secret, whcih should be a string of at least 32 random characters. (from Lowcoder v2.3.x on)
 On linux/mac, generate one eg. with: head /dev/urandom | head -c 30 | shasum -a 256
@@ -140,7 +149,7 @@ To enable secure Password Reset flow for the users, you need to configure your o
 | `LOWCODER_ADMIN_SMTP_SSL_ENABLED`         | Enable SSL encryption                                   | `false`              |
 | `LOWCODER_ADMIN_SMTP_STARTTLS_ENABLED`    | Enable STARTTLS encryption                              | `true`               |
 | `LOWCODER_ADMIN_SMTP_STARTTLS_REQUIRED`   | Require STARTTLS encryption                             | `true`               |
-| `LOWCODER_LOST_PASSWORD_EMAIL_SENDER`     | "from" Email address of the password Reset Email Sender | `service@lowcoder.cloud` |
+| `LOWCODER_EMAIL_NOTIFICATIONS_SENDER`     | "from" Email address of the password Reset Email Sender | `info@localhost` |
 
 ## Building node-service image
 

diff --git a/deploy/docker/default-multi.env b/deploy/docker/default-multi.env
@@ -0,0 +1,21 @@
+#####################################################################
+##                                                                 ##
+##  Lowcoder environment variables override for multi image        ##
+##  installation.                                                  ##
+##                                                                 ##
+##  !!! PLEASE DO NOT CHANGE THIS FILE !!!                         ##
+##                                                                 ##
+##  To change the variables use file: override.env                 ##
+##                                                                 ##
+##  It will be loaded automatically and will override the defaults ##
+##  You don't have to copy the whole default.env, only the changed ##
+##  environment variables.                                         ##
+##                                                                 ##
+#####################################################################
+
+# Update individual service URLs to match the multi setup
+LOWCODER_MONGODB_URL="mongodb://lowcoder:secret123@mongodb/lowcoder?authSource=admin"
+LOWCODER_REDIS_URL="redis://redis:6379"
+LOWCODER_NODE_SERVICE_URL="http://lowcoder-node-service:6060"
+LOWCODER_API_SERVICE_URL="http://lowcoder-api-service:8080"
+
diff --git a/deploy/docker/default.env b/deploy/docker/default.env
@@ -0,0 +1,152 @@
+#####################################################################
+##                                                                 ##
+##  Default lowcoder environment variables.                        ##
+##                                                                 ##
+##  !!! PLEASE DO NOT CHANGE THIS FILE !!!                         ##
+##                                                                 ##
+##  To change the variables use file: override.env                 ##
+##                                                                 ##
+##  It will be loaded automatically and will override the defaults ##
+##  You don't have to copy the whole default.env, only the changed ##
+##  environment variables.                                         ##
+##                                                                 ##
+#####################################################################
+
+
+##
+## Enable services (applies to all-in-one deployment) ##
+##   - you can disable them in favor of external services
+#
+# If true redis server is started in the container
+LOWCODER_REDIS_ENABLED="true"
+# If true mongo database is started in the container
+LOWCODER_MONGODB_ENABLED="true"
+# If true lowcoder api-service is started in the container 
+LOWCODER_API_SERVICE_ENABLED="true"
+# If true lowcoder node-service is started in the container
+LOWCODER_NODE_SERVICE_ENABLED="true"
+# If true lowcoder web frontend is started in the container
+LOWCODER_FRONTEND_ENABLED="true"
+# 
+# Set LOWCODER_MONGODB_EXPOSED to "true" and uncomment mongodb port
+# to make internal mongo database accessible from host
+# (applies to all-in-one deployment)
+#
+LOWCODER_MONGODB_EXPOSED="false"
+
+##
+## Generic parameters
+##
+#
+# URL of the public User Interface 
+LOWCODER_PUBLIC_URL="http://localhost:3000/"
+
+# ID of user running services. It will own all created logs and data.
+LOWCODER_PUID="1000"
+# ID of group of the user running services
+LOWCODER_PGID="1000"
+
+##
+## api-service parameters
+##
+# Name of the lowcoder application cookie
+LOWCODER_COOKIE_NAME=LOWCODER_CE_SELFHOST_TOKEN
+# Lowcoder application cookie max age in hours
+LOWCODER_COOKIE_MAX_AGE=24
+# Default maximum organizations per user
+LOWCODER_MAX_ORGS_PER_USER=100
+# Default maximum members per organization
+LOWCODER_MAX_MEMBERS_PER_ORG=1000
+# Default maximum groups per organization
+LOWCODER_MAX_GROUPS_PER_ORG=100
+# Default maximum applications per organization
+LOWCODER_MAX_APPS_PER_ORG=1000
+# Default maximum developers
+LOWCODER_MAX_DEVELOPERS=50
+# Mongo database connection string (use the later one in case of multi-image compose)
+LOWCODER_MONGODB_URL="mongodb://localhost:27017/lowcoder?authSource=admin"
+#LOWCODER_MONGODB_URL="mongodb://lowcoder:secret123@mongodb/lowcoder?authSource=admin"
+# Redis server URL
+LOWCODER_REDIS_URL="redis://localhost:6379"
+# Control if users create their own Workspace automatic when Sign Up
+LOWCODER_EMAIL_SIGNUP_ENABLED="true"
+# Controls whether authentication via email is enabled
+LOWCODER_EMAIL_AUTH_ENABLED="true"
+# IF LOWCODER_WORKSPACE_MODE = SAAS, controls if own workspace is created for the user after sign up
+LOWCODER_CREATE_WORKSPACE_ON_SIGNUP="true"
+# Application snapshots retention time in days
+LOWCODER_APP_SNAPSHOT_RETENTIONTIME=30
+#
+# ! PLEASE CHANGE THESE TO SOMETHING UNIQUE !
+# 
+#    LOWCODER_DB_ENCRYPTION_PASSWORD and LOWCODER_DB_ENCRYPTION_SALT is used 
+#    to encrypt sensitive data in mongo database so it is important to change the defaults
+#
+LOWCODER_DB_ENCRYPTION_PASSWORD="lowcoder.org"
+LOWCODER_DB_ENCRYPTION_SALT="lowcoder.org"
+
+# CORS allowed domains
+LOWCODER_CORS_DOMAINS="*"
+#
+# API-KEY secret - should be a string of at least 32 random characters
+#    - on linux/mac, generate one eg. with: head /dev/urandom | head -c 30 | shasum -a 256
+#
+LOWCODER_API_KEY_SECRET="5a41b090758b39b226603177ef48d73ae9839dd458ccb7e66f7e7cc028d5a50b"
+
+##
+## api and node service parameters
+##
+# Directory holding lowcoder plugins
+LOWCODER_PLUGINS_DIR="../plugins"
+# Number of max Request per Second - set to 0 to disable rate limiting
+LOWCODER_API_RATE_LIMIT=100
+# Lowcoder API service URL
+LOWCODER_API_SERVICE_URL="http://localhost:8080"
+# Lowcoder Node service URL
+LOWCODER_NODE_SERVICE_URL="http://localhost:6060"
+
+##
+## Frontend parameters
+##
+# Lowcoder max request size
+LOWCODER_MAX_REQUEST_SIZE=20m
+# Lowcoder max query timeout (in seconds)
+LOWCODER_MAX_QUERY_TIMEOUT=120
+# Default lowcoder query timeout
+LOWCODER_DEFAULT_QUERY_TIMEOUT=10
+# SAAS to activate, ENTERPRISE to switch off - Workspaces
+LOWCODER_WORKSPACE_MODE=SAAS
+# Controls whether to show Apps on the local Marketplace to anonymous users
+#   - if true, apps are not shown to anonymous users
+LOWCODER_MARKETPLACE_PRIVATE_MODE="true"
+
+##
+## Lowcoder notification emails setup
+##
+# Mail server host
+LOWCODER_ADMIN_SMTP_HOST=localhost
+# Mail server port
+LOWCODER_ADMIN_SMTP_PORT=587
+# Use authentication when sending email
+LOWCODER_ADMIN_SMTP_AUTH="true"
+# Username (email) used for authentication
+LOWCODER_ADMIN_SMTP_USERNAME=
+# Password used for authentication
+LOWCODER_ADMIN_SMTP_PASSWORD=
+# Enable SSL for connetion to the mail server
+LOWCODER_ADMIN_SMTP_SSL_ENABLED="false"
+# Enable STARTTLS
+LOWCODER_ADMIN_SMTP_STARTTLS_ENABLED="true"
+# Require STARTTLS
+LOWCODER_ADMIN_SMTP_STARTTLS_REQUIRED="true"
+
+# Email used in notifications from lowcoder
+LOWCODER_EMAIL_NOTIFICATIONS_SENDER=info@localhost
+
+# Lowcoder superuser username
+LOWCODER_SUPERUSER_USERNAME=admin@localhost
+# Lowcoder superuser password
+# If left blank, a password will be generated and written into log (lowcoder-stacks/logs/api-service/api-service.log)
+LOWCODER_SUPERUSER_PASSWORD=
+
+
diff --git a/deploy/docker/docker-compose-multi.yaml b/deploy/docker/docker-compose-multi.yaml
@@ -48,56 +48,13 @@ services:
     # Enabled ports to be able to access backend from host
     # ports:
     #   - "8080:8080"
-    environment:
-      LOWCODER_PUBLIC_URL: "http://localhost:3000/"
-      LOWCODER_PUID: "9001"
-      LOWCODER_PGID: "9001"
-      LOWCODER_MONGODB_URL: "mongodb://lowcoder:secret123@mongodb/lowcoder?authSource=admin"
-      LOWCODER_REDIS_URL: "redis://redis:6379"
-      LOWCODER_NODE_SERVICE_URL: "http://lowcoder-node-service:6060"
-      LOWCODER_MAX_QUERY_TIMEOUT: 120
-      LOWCODER_MAX_REQUEST_SIZE: 20m
-      LOWCODER_EMAIL_AUTH_ENABLED: "true"
-      LOWCODER_EMAIL_SIGNUP_ENABLED: "true"
-      LOWCODER_CREATE_WORKSPACE_ON_SIGNUP: "true"
-      #
-      # ! PLEASE CHANGE THESE TO SOMETHING UNIQUE !
-      # 
-      #    LOWCODER_DB_ENCRYPTION_PASSWORD and LOWCODER_DB_ENCRYPTION_SALT is used 
-      #    to encrypt sensitive data in database so it is important to change the defaults
-      #
-      LOWCODER_DB_ENCRYPTION_PASSWORD: "lowcoder.org"
-      LOWCODER_DB_ENCRYPTION_SALT: "lowcoder.org"
-      LOWCODER_CORS_DOMAINS: "*"
-      LOWCODER_MAX_ORGS_PER_USER: 100
-      LOWCODER_MAX_MEMBERS_PER_ORG: 1000
-      LOWCODER_MAX_GROUPS_PER_ORG: 100
-      LOWCODER_MAX_APPS_PER_ORG: 1000
-      LOWCODER_MAX_DEVELOPERS: 50
-      #
-      # API-KEY secret - should be a string of at least 32 random characters
-      #    - on linux/mac, generate one eg. with: head /dev/urandom | head -c 30 | shasum -a 256
-      #
-      LOWCODER_API_KEY_SECRET: "5a41b090758b39b226603177ef48d73ae9839dd458ccb7e66f7e7cc028d5a50b"
-      LOWCODER_PLUGINS_DIR: "../plugins"
-      LOWCODER_API_RATE_LIMIT: 50
-      LOWCODER_WORKSPACE_MODE: SAAS
-      LOWCODER_MARKETPLACE_PRIVATE_MODE: "true"
-      # Lowcoder notification emails setup
-      LOWCODER_ADMIN_SMTP_HOST: smtp.gmail.com
-      LOWCODER_ADMIN_SMTP_PORT: 587
-      LOWCODER_ADMIN_SMTP_USERNAME:
-      LOWCODER_ADMIN_SMTP_PASSWORD:
-      LOWCODER_ADMIN_SMTP_AUTH: "true"
-      LOWCODER_ADMIN_SMTP_SSL_ENABLED: "false"
-      LOWCODER_ADMIN_SMTP_STARTTLS_ENABLED: "true"
-      LOWCODER_ADMIN_SMTP_STARTTLS_REQUIRED: "true"
-      # Email used as sender in lost password email
-      LOWCODER_EMAIL_NOTIFICATIONS_SENDER: info@localhost
-      # Lowcoder superuser details
-      LOWCODER_SUPERUSER_USERNAME: admin@localhost
-      # If left blank, a password will be generated and written into api-service log
-      LOWCODER_SUPERUSER_PASSWORD:
+    env_file:
+      - path: ./default.env
+        required: true
+      - path: ./default-multi.env
+        required: true
+      - path: ./override.env
+        required: false
     restart: unless-stopped
     depends_on:
       mongodb:
@@ -122,10 +79,13 @@ services:
     # Enabled ports to be able to access backend from host
     # ports:
     #   - "6060:6060"
-    environment:
-      LOWCODER_PUID: "9001"
-      LOWCODER_PGID: "9001"
-      LOWCODER_API_SERVICE_URL: "http://lowcoder-api-service:8080"
+    env_file:
+      - path: ./default.env
+        required: true
+      - path: ./default-multi.env
+        required: true
+      - path: ./override.env
+        required: false
     restart: unless-stopped
     depends_on:
       lowcoder-api-service:
@@ -145,13 +105,13 @@ services:
     container_name: lowcoder-frontend
     ports:
       - "3000:3000"
-    environment:
-      LOWCODER_PUID: "9001"
-      LOWCODER_PGID: "9001"
-      LOWCODER_MAX_REQUEST_SIZE: 20m
-      LOWCODER_MAX_QUERY_TIMEOUT: 120
-      LOWCODER_API_SERVICE_URL: "http://lowcoder-api-service:8080"
-      LOWCODER_NODE_SERVICE_URL: "http://lowcoder-node-service:6060"
+    env_file:
+      - path: ./default.env
+        required: true
+      - path: ./default-multi.env
+        required: true
+      - path: ./override.env
+        required: false
     restart: unless-stopped
     depends_on:
       lowcoder-node-service:
@@ -162,6 +122,7 @@ services:
         restart: true
     volumes:
       - ./lowcoder-stacks/assets:/lowcoder/assets
+      - ./lowcoder-stacks/ssl:/lowcoder-stacks/ssl
     healthcheck:
       test: curl --fail http://lowcoder-frontend:3000 || exit 1
       interval: 5s