Self-Host Configuration
Configuring your self-hosted instance of Enclosed allows you to customize the application to better suit your environment and requirements. This guide covers the key environment variables you can set to control various aspects of the application, including port settings, security options, and storage configurations.
Environment Variables
Enclosed is configured primarily through environment variables. Below is a list of the available variables, along with their descriptions and default values.
| Environment variable | Documentation |
|---|---|
PORT |
The port to listen on when using node server. Default value: 8787. |
SERVER_API_ROUTES_TIMEOUT_MS |
The maximum time in milliseconds for a route to complete before timing out. Default value: 5000. |
SERVER_CORS_ORIGINS |
The CORS origin for the api server. |
SERVER_USE_HTTPS |
Whether to enable HTTPS for the server (only in node env). Default value: false. |
SERVER_HTTPS_KEY |
The key for HTTPS (only in node env). |
SERVER_HTTPS_CERT |
The cert for HTTPS (only in node env). |
SERVER_HTTPS_CA |
The CA for HTTPS (only in node env). |
SERVER_HTTPS_PFX |
The pfx for HTTPS (only in node env). |
SERVER_HTTPS_PASSPHRASE |
The passphrase of the PFX cert (only in node env). |
NOTES_MAX_ENCRYPTED_PAYLOAD_LENGTH |
The maximum length of the encrypted payload of a note allowed by the api. Default value: 52428800. |
TASK_DELETE_EXPIRED_NOTES_ENABLED |
Whether to enable a periodic task to delete expired notes (not available for cloudflare). Default value: true. |
TASK_DELETE_EXPIRED_NOTES_CRON |
The frequency with which to run the task to delete expired notes (cron syntax). Default value: 0 * * * *. |
TASK_DELETE_EXPIRED_NOTES_RUN_ON_STARTUP |
Whether the task to delete expired notes should run on startup. Default value: true. |
STORAGE_DRIVER_FS_LITE_PATH |
The path to the directory where the data will be stored (only in node env). Default value: ./.data. |
STORAGE_DRIVER_CLOUDFLARE_KV_BINDING |
The name of the Cloudflare KV binding to use (only in cloudflare env). Default value: notes. |
PUBLIC_BASE_API_URL |
The base URL of the public api, can be an absolute URL (like https://example.com/enclosed) or a path (like /enclosed). Default value: /. |
PUBLIC_DEFAULT_DELETE_NOTE_AFTER_READING |
The default value for the Delete note after reading checkbox in the note creation form. Default value: false. |
PUBLIC_DEFAULT_NOTE_TTL_SECONDS |
The default value for the expiration time of a note in seconds, the value must be one of: 3600 (1 hour), 86400 (1 day), 604800 (1 week), 2592000 (1 month). Default value: 3600. |
PUBLIC_IS_SETTING_NO_EXPIRATION_ALLOWED |
Whether to allow the user to set the note to never expire. Default value: true. |
PUBLIC_DEFAULT_NOTE_NO_EXPIRATION |
The default value for the No expiration checkbox in the note creation form (only used if setting no expiration is allowed). Default value: false. |
PUBLIC_IS_AUTHENTICATION_REQUIRED |
Whether to require authentication to access the public api. Default value: false. |
PUBLIC_AUTHENTICATION_IS_USER_REGISTRATION_ALLOWED |
Whether to allow users to register. Effective only if authentication is required. Default value: true. |
AUTHENTICATION_JWT_SECRET |
The secret used to sign the JWT tokens. Default value: change-me. |
AUTHENTICATION_JWT_DURATION_SECONDS |
The duration in seconds for which the JWT token is valid. Default value: 604800. |
AUTHENTICATION_USERS |
The list of users allowed to authenticate. Comma-separated list of email and bcrypt password hash, like: email1:passwordHash1,email2:passwordHash2. Easily generate the value for this env variable here: https://docs.enclosed.cc/self-hosting/users-authentication-key-generator. |
Optional: Native HTTPS Configuration
If you want to use HTTPS without a reverse proxy, you can set the SERVER_USE_HTTPS environment variable to true and provide the necessary certificate and key files.
You can either use a single PFX file or separate key and certificate files. If you use separate files, you can provide the SERVER_HTTPS_KEY, SERVER_HTTPS_CERT, and SERVER_HTTPS_CA environment variables. If you use a PFX file, you can provide the SERVER_HTTPS_PFX and SERVER_HTTPS_PASSPHRASE environment variables.
To generate the necessary key and certificate files, you can use the following command:
openssl req -x509 -newkey rsa:2048 -nodes -sha256 -subj '/CN=localhost' -keyout private-key.pem -out certificate.pemAnd if you want to generate a PFX file, you can use the following command:
openssl pkcs12 -certpbe AES-256-CBC -export -out test_cert.pfx -inkey private-key.pem -in certificate.pem -passout pass:sampleApplying Configuration Changes
To apply your configuration changes, ensure that you have exported the environment variables in your shell or included them in your environment configuration file. Then, restart your Enclosed instance to apply the changes.
For Docker deployments, you can pass the environment variables directly when running the container:
docker run \
-d --name enclosed \
--restart unless-stopped \
-p 8787:8787 \
-v /path/to/local/data:/app/.data \
-e SERVER_CORS_ORIGINS="https://example.com" \
ghcr.io/corentin-th/enclosedNext Steps
Once your instance is configured, you can proceed to explore advanced deployment options or set up monitoring to ensure your Enclosed instance runs smoothly. For a more complex setup, consider using Docker Compose or deploying on a cloud provider.