From 4ce9102f93ae95c7f61d84a55e6ad3be8aab276f Mon Sep 17 00:00:00 2001 From: perf3ct Date: Thu, 21 Aug 2025 02:21:00 +0000 Subject: [PATCH] feat(docs): try to also improve how environment variables are shown in docs --- .../Configuration (config.ini or e.html | 358 ++++++++++++++++-- .../Using Docker.html | 1 + .../Multi-Factor Authentication.html | 15 +- .../TLS Configuration.html | 5 +- .../Configuration (config.ini or e.md | 163 +++++++- .../1. Installing the server/Using Docker.md | 2 + .../Multi-Factor Authentication.md | 10 +- .../Server Installation/TLS Configuration.md | 8 +- 8 files changed, 511 insertions(+), 51 deletions(-) diff --git a/apps/server/src/assets/doc_notes/en/User Guide/User Guide/Advanced Usage/Configuration (config.ini or e.html b/apps/server/src/assets/doc_notes/en/User Guide/User Guide/Advanced Usage/Configuration (config.ini or e.html index 46abd1e24..c5d9d47b3 100644 --- a/apps/server/src/assets/doc_notes/en/User Guide/User Guide/Advanced Usage/Configuration (config.ini or e.html +++ b/apps/server/src/assets/doc_notes/en/User Guide/User Guide/Advanced Usage/Configuration (config.ini or e.html @@ -1,27 +1,335 @@ -

Trilium supports configuration via a file named config.ini and - environment variables. Please review the file named config-sample.ini in - the Trilium repository - to see what values are supported.

-

You can provide the same values via environment variables instead of the config.ini file, - and these environment variables use the following format:

+

Trilium supports configuration via a file named config.ini and environment variables. This document provides a comprehensive reference for all configuration options.

+ +

Configuration Precedence

+

Configuration values are loaded in the following order of precedence (highest to lowest):

    -
  1. Environment variables should be prefixed with TRILIUM_ and - use underscores to represent the INI section structure.
    2. -
  2. The format is: TRILIUM_<SECTION>_<KEY>=<VALUE> -
    3. -
  3. The environment variables will override any matching values from config.ini
    4. +
  4. Environment variables (checked first)
    5. +
  5. config.ini file values
    6. +
  6. Default values
-

For example, if you have this in your config.ini:

[Network]
-host=localhost
-port=8080
-

You can override these values using environment variables:

TRILIUM_NETWORK_HOST=0.0.0.0
-TRILIUM_NETWORK_PORT=9000
-

The code will:

-
    -
  1. First load the config.ini file as before
    2. -
  2. Then scan all environment variables for ones starting with TRILIUM_ -
    3. -
  3. Parse these variables into section/key pairs
    4. -
  4. Merge them with the config from the file, with environment variables taking - precedence
    5. -
\ No newline at end of file + +

Environment Variable Patterns

+

Trilium supports multiple environment variable patterns for flexibility. The primary pattern is: TRILIUM_[SECTION]_[KEY]

+

Where:

+ +

Additionally, shorter aliases are available for common configurations (see Alternative Variables section below).

+ +

Environment Variable Reference

+ +

General Section

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Environment VariableTypeDefaultDescription
TRILIUM_GENERAL_INSTANCENAMEstring""Instance name for API identification
TRILIUM_GENERAL_NOAUTHENTICATIONbooleanfalseDisable authentication (server only)
TRILIUM_GENERAL_NOBACKUPbooleanfalseDisable automatic backups
TRILIUM_GENERAL_NODESKTOPICONbooleanfalseDisable desktop icon creation
TRILIUM_GENERAL_READONLYbooleanfalseEnable read-only mode
+ +

Network Section

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Environment VariableTypeDefaultDescription
TRILIUM_NETWORK_HOSTstring"0.0.0.0"Server host binding
TRILIUM_NETWORK_PORTstring"3000"Server port
TRILIUM_NETWORK_HTTPSbooleanfalseEnable HTTPS
TRILIUM_NETWORK_CERTPATHstring""SSL certificate path
TRILIUM_NETWORK_KEYPATHstring""SSL key path
TRILIUM_NETWORK_TRUSTEDREVERSEPROXYboolean/stringfalseReverse proxy trust settings
TRILIUM_NETWORK_CORSALLOWORIGINstring""CORS allowed origins
TRILIUM_NETWORK_CORSALLOWMETHODSstring""CORS allowed methods
TRILIUM_NETWORK_CORSALLOWHEADERSstring""CORS allowed headers
+ +

Session Section

+ + + + + + + + + + + + + + + + + +
Environment VariableTypeDefaultDescription
TRILIUM_SESSION_COOKIEMAXAGEinteger1814400Session cookie max age in seconds (21 days)
+ +

Sync Section

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Environment VariableTypeDefaultDescription
TRILIUM_SYNC_SYNCSERVERHOSTstring""Sync server host URL
TRILIUM_SYNC_SYNCSERVERTIMEOUTstring"120000"Sync server timeout in milliseconds
TRILIUM_SYNC_SYNCPROXYstring""Sync proxy URL
+ +

MultiFactorAuthentication Section

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Environment VariableTypeDefaultDescription
TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHBASEURLstring""OAuth/OpenID base URL
TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHCLIENTIDstring""OAuth client ID
TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHCLIENTSECRETstring""OAuth client secret
TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERBASEURLstring"https://accounts.google.com"OAuth issuer base URL
TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERNAMEstring"Google"OAuth issuer display name
TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERICONstring""OAuth issuer icon URL
+ +

Logging Section

+ + + + + + + + + + + + + + + + + +
Environment VariableTypeDefaultDescription
TRILIUM_LOGGING_RETENTIONDAYSinteger90Number of days to retain log files
+ +

Alternative Environment Variables

+

The following alternative environment variable names are also supported and work identically to their longer counterparts:

+ +

Network CORS Variables

+ + +

Sync Variables

+ + +

OAuth/MFA Variables

+ + +

Logging Variables

+ + +

Boolean Values

+

Boolean environment variables accept the following values:

+ + +

Using Environment Variables

+

Both naming patterns are fully supported and can be used interchangeably:

+ + +

Examples

+ +

Docker Compose Example

+
services:
+  trilium:
+    image: triliumnext/notes
+    environment:
+      # Using full format
+      TRILIUM_GENERAL_INSTANCENAME: "My Trilium Instance"
+      TRILIUM_NETWORK_PORT: "8080"
+      TRILIUM_NETWORK_CORSALLOWORIGIN: "https://myapp.com"
+      TRILIUM_SYNC_SYNCSERVERHOST: "https://sync.example.com"
+      TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHBASEURL: "https://auth.example.com"
+      
+      # Or using shorter alternatives (equally valid)
+      # TRILIUM_NETWORK_CORS_ALLOW_ORIGIN: "https://myapp.com"
+      # TRILIUM_SYNC_SERVER_HOST: "https://sync.example.com"
+      # TRILIUM_OAUTH_BASE_URL: "https://auth.example.com"
+ +

Shell Export Example

+
# Using either format
+export TRILIUM_GENERAL_NOAUTHENTICATION=false
+export TRILIUM_NETWORK_HTTPS=true
+export TRILIUM_NETWORK_CERTPATH=/path/to/cert.pem
+export TRILIUM_NETWORK_KEYPATH=/path/to/key.pem
+export TRILIUM_LOGGING_RETENTIONDAYS=30
+
+# Start Trilium
+npm start
+ +

config.ini Reference

+

For the complete list of configuration options and their INI file format, please review the config-sample.ini file in the Trilium repository.

\ No newline at end of file diff --git a/apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/1. Installing the server/Using Docker.html b/apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/1. Installing the server/Using Docker.html index 53b131799..79c565cea 100644 --- a/apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/1. Installing the server/Using Docker.html +++ b/apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/1. Installing the server/Using Docker.html @@ -134,6 +134,7 @@ docker run -d --name trilium -p 8080:8080 --user $(id -u):$(id -g) -v ~/trilium-
  • TRILIUM_DATA_DIR: Path to the data directory inside the container (default: /home/node/trilium-data)
    • +

    For a complete list of configuration environment variables (network settings, authentication, sync, etc.), see Configuration (config.ini or environment variables).

    Volume Permissions

    If you encounter permission issues with the data volume, ensure that:

      diff --git a/apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/Multi-Factor Authentication.html b/apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/Multi-Factor Authentication.html index 7840255d3..93eba27c0 100644 --- a/apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/Multi-Factor Authentication.html +++ b/apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/Multi-Factor Authentication.html @@ -49,7 +49,12 @@ class="admonition warning"> the config.ini file (check Configuration (config.ini or environment variables) for more information).
        -
      1. You can also setup through environment variables (TRILIUM_OAUTH_BASE_URL, TRILIUM_OAUTH_CLIENT_ID and TRILIUM_OAUTH_CLIENT_SECRET).
        2. +
      2. You can also setup through environment variables: +
          +
        • Standard: TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHBASEURL, TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHCLIENTID, TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHCLIENTSECRET
          • +
        • Legacy (still supported): TRILIUM_OAUTH_BASE_URL, TRILIUM_OAUTH_CLIENT_ID, TRILIUM_OAUTH_CLIENT_SECRET
          • +
        +
      3. oauthBaseUrl should be the link of your Trilium instance server, for example, https://<your-trilium-domain>.
      @@ -64,8 +69,12 @@ class="admonition warning">

      The default OAuth issuer is Google. To use other services such as Authentik or Auth0, you can configure the settings via oauthIssuerBaseUrl, oauthIssuerName, and oauthIssuerIcon in the config.ini file. Alternatively, - these values can be set using environment variables: TRILIUM_OAUTH_ISSUER_BASE_URL, TRILIUM_OAUTH_ISSUER_NAME, - and TRILIUM_OAUTH_ISSUER_ICON. oauthIssuerName and oauthIssuerIcon are + these values can be set using environment variables: +

      + oauthIssuerName and oauthIssuerIcon are required for displaying correct issuer information at the Login page.

      Authentik

      diff --git a/apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/TLS Configuration.html b/apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/TLS Configuration.html index ead34359c..3bd1f0cf2 100644 --- a/apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/TLS Configuration.html +++ b/apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/TLS Configuration.html @@ -26,7 +26,10 @@ https=true certPath=/[username]/.acme.sh/[hostname]/fullchain.cer keyPath=/[username]/.acme.sh/[hostname]/example.com.key

      You can also review the configuration file - to provide all config.ini values as environment variables instead.

      + to provide all config.ini values as environment variables instead. For example, you can configure TLS using environment variables:

      +
      export TRILIUM_NETWORK_HTTPS=true
+export TRILIUM_NETWORK_CERTPATH=/path/to/cert.pem
+export TRILIUM_NETWORK_KEYPATH=/path/to/key.pem

      The above example shows how this is set up in an environment where the certificate was generated using Let's Encrypt's ACME utility. Your paths may differ. For Docker installations, ensure these paths are within a volume diff --git a/docs/User Guide/User Guide/Advanced Usage/Configuration (config.ini or e.md b/docs/User Guide/User Guide/Advanced Usage/Configuration (config.ini or e.md index 6361cd6e1..292451913 100644 --- a/docs/User Guide/User Guide/Advanced Usage/Configuration (config.ini or e.md +++ b/docs/User Guide/User Guide/Advanced Usage/Configuration (config.ini or e.md @@ -1,30 +1,155 @@ # Configuration (config.ini or environment variables) -Trilium supports configuration via a file named `config.ini` and environment variables. Please review the file named [config-sample.ini](https://github.com/TriliumNext/Trilium/blob/main/apps/server/src/assets/config-sample.ini) in the [Trilium](https://github.com/TriliumNext/Trilium) repository to see what values are supported. -You can provide the same values via environment variables instead of the `config.ini` file, and these environment variables use the following format: +Trilium supports configuration via a file named `config.ini` and environment variables. This document provides a comprehensive reference for all configuration options. -1. Environment variables should be prefixed with `TRILIUM_` and use underscores to represent the INI section structure. -2. The format is: `TRILIUM_

      _=` -3. The environment variables will override any matching values from config.ini +## Configuration Precedence -For example, if you have this in your config.ini: +Configuration values are loaded in the following order of precedence (highest to lowest): +1. **Environment variables** (checked first) +2. **config.ini file values** +3. **Default values** -``` -[Network] -host=localhost -port=8080 +## Environment Variable Patterns + +Trilium supports multiple environment variable patterns for flexibility. The primary pattern is: `TRILIUM_[SECTION]_[KEY]` + +Where: +- `SECTION` is the INI section name in UPPERCASE +- `KEY` is the camelCase configuration key converted to UPPERCASE (e.g., `instanceName` → `INSTANCENAME`) + +Additionally, shorter aliases are available for common configurations (see Alternative Variables section below). + +## Environment Variable Reference + +### General Section + +| Environment Variable | Type | Default | Description | +|------------------|------|---------|-------------| +| `TRILIUM_GENERAL_INSTANCENAME` | string | "" | Instance name for API identification | +| `TRILIUM_GENERAL_NOAUTHENTICATION` | boolean | false | Disable authentication (server only) | +| `TRILIUM_GENERAL_NOBACKUP` | boolean | false | Disable automatic backups | +| `TRILIUM_GENERAL_NODESKTOPICON` | boolean | false | Disable desktop icon creation | +| `TRILIUM_GENERAL_READONLY` | boolean | false | Enable read-only mode | + +### Network Section + +| Environment Variable | Type | Default | Description | +|------------------|------|---------|-------------| +| `TRILIUM_NETWORK_HOST` | string | "0.0.0.0" | Server host binding | +| `TRILIUM_NETWORK_PORT` | string | "3000" | Server port | +| `TRILIUM_NETWORK_HTTPS` | boolean | false | Enable HTTPS | +| `TRILIUM_NETWORK_CERTPATH` | string | "" | SSL certificate path | +| `TRILIUM_NETWORK_KEYPATH` | string | "" | SSL key path | +| `TRILIUM_NETWORK_TRUSTEDREVERSEPROXY` | boolean/string | false | Reverse proxy trust settings | +| `TRILIUM_NETWORK_CORSALLOWORIGIN` | string | "" | CORS allowed origins | +| `TRILIUM_NETWORK_CORSALLOWMETHODS` | string | "" | CORS allowed methods | +| `TRILIUM_NETWORK_CORSALLOWHEADERS` | string | "" | CORS allowed headers | + +### Session Section + +| Environment Variable | Type | Default | Description | +|------------------|------|---------|-------------| +| `TRILIUM_SESSION_COOKIEMAXAGE` | integer | 1814400 | Session cookie max age in seconds (21 days) | + +### Sync Section + +| Environment Variable | Type | Default | Description | +|------------------|------|---------|-------------| +| `TRILIUM_SYNC_SYNCSERVERHOST` | string | "" | Sync server host URL | +| `TRILIUM_SYNC_SYNCSERVERTIMEOUT` | string | "120000" | Sync server timeout in milliseconds | +| `TRILIUM_SYNC_SYNCPROXY` | string | "" | Sync proxy URL | + +### MultiFactorAuthentication Section + +| Environment Variable | Type | Default | Description | +|------------------|------|---------|-------------| +| `TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHBASEURL` | string | "" | OAuth/OpenID base URL | +| `TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHCLIENTID` | string | "" | OAuth client ID | +| `TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHCLIENTSECRET` | string | "" | OAuth client secret | +| `TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERBASEURL` | string | "https://accounts.google.com" | OAuth issuer base URL | +| `TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERNAME` | string | "Google" | OAuth issuer display name | +| `TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERICON` | string | "" | OAuth issuer icon URL | + +### Logging Section + +| Environment Variable | Type | Default | Description | +|------------------|------|---------|-------------| +| `TRILIUM_LOGGING_RETENTIONDAYS` | integer | 90 | Number of days to retain log files | + +## Alternative Environment Variables + +The following alternative environment variable names are also supported and work identically to their longer counterparts: + +### Network CORS Variables +- `TRILIUM_NETWORK_CORS_ALLOW_ORIGIN` (alternative to `TRILIUM_NETWORK_CORSALLOWORIGIN`) +- `TRILIUM_NETWORK_CORS_ALLOW_METHODS` (alternative to `TRILIUM_NETWORK_CORSALLOWMETHODS`) +- `TRILIUM_NETWORK_CORS_ALLOW_HEADERS` (alternative to `TRILIUM_NETWORK_CORSALLOWHEADERS`) + +### Sync Variables +- `TRILIUM_SYNC_SERVER_HOST` (alternative to `TRILIUM_SYNC_SYNCSERVERHOST`) +- `TRILIUM_SYNC_SERVER_TIMEOUT` (alternative to `TRILIUM_SYNC_SYNCSERVERTIMEOUT`) +- `TRILIUM_SYNC_SERVER_PROXY` (alternative to `TRILIUM_SYNC_SYNCPROXY`) + +### OAuth/MFA Variables +- `TRILIUM_OAUTH_BASE_URL` (alternative to `TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHBASEURL`) +- `TRILIUM_OAUTH_CLIENT_ID` (alternative to `TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHCLIENTID`) +- `TRILIUM_OAUTH_CLIENT_SECRET` (alternative to `TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHCLIENTSECRET`) +- `TRILIUM_OAUTH_ISSUER_BASE_URL` (alternative to `TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERBASEURL`) +- `TRILIUM_OAUTH_ISSUER_NAME` (alternative to `TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERNAME`) +- `TRILIUM_OAUTH_ISSUER_ICON` (alternative to `TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERICON`) + +### Logging Variables +- `TRILIUM_LOGGING_RETENTION_DAYS` (alternative to `TRILIUM_LOGGING_RETENTIONDAYS`) + +## Boolean Values + +Boolean environment variables accept the following values: +- **True**: `"true"`, `"1"`, `1` +- **False**: `"false"`, `"0"`, `0` +- Any other value defaults to `false` + +## Using Environment Variables + +Both naming patterns are fully supported and can be used interchangeably: + +- The longer format follows the section/key pattern for consistency with the INI file structure +- The shorter alternatives provide convenience for common configurations +- You can use whichever format you prefer - both are equally valid + +## Examples + +### Docker Compose Example +```yaml +services: + trilium: + image: triliumnext/notes + environment: + # Using full format + TRILIUM_GENERAL_INSTANCENAME: "My Trilium Instance" + TRILIUM_NETWORK_PORT: "8080" + TRILIUM_NETWORK_CORSALLOWORIGIN: "https://myapp.com" + TRILIUM_SYNC_SYNCSERVERHOST: "https://sync.example.com" + TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHBASEURL: "https://auth.example.com" + + # Or using shorter alternatives (equally valid) + # TRILIUM_NETWORK_CORS_ALLOW_ORIGIN: "https://myapp.com" + # TRILIUM_SYNC_SERVER_HOST: "https://sync.example.com" + # TRILIUM_OAUTH_BASE_URL: "https://auth.example.com" ``` -You can override these values using environment variables: +### Shell Export Example +```bash +# Using either format +export TRILIUM_GENERAL_NOAUTHENTICATION=false +export TRILIUM_NETWORK_HTTPS=true +export TRILIUM_NETWORK_CERTPATH=/path/to/cert.pem +export TRILIUM_NETWORK_KEYPATH=/path/to/key.pem +export TRILIUM_LOGGING_RETENTIONDAYS=30 -``` -TRILIUM_NETWORK_HOST=0.0.0.0 -TRILIUM_NETWORK_PORT=9000 +# Start Trilium +npm start ``` -The code will: +## config.ini Reference -1. First load the `config.ini` file as before -2. Then scan all environment variables for ones starting with `TRILIUM_` -3. Parse these variables into section/key pairs -4. Merge them with the config from the file, with environment variables taking precedence \ No newline at end of file +For the complete list of configuration options and their INI file format, please review the [config-sample.ini](https://github.com/TriliumNext/Trilium/blob/main/apps/server/src/assets/config-sample.ini) file in the Trilium repository \ No newline at end of file diff --git a/docs/User Guide/User Guide/Installation & Setup/Server Installation/1. Installing the server/Using Docker.md b/docs/User Guide/User Guide/Installation & Setup/Server Installation/1. Installing the server/Using Docker.md index 0b4fa5055..b11c079a2 100644 --- a/docs/User Guide/User Guide/Installation & Setup/Server Installation/1. Installing the server/Using Docker.md +++ b/docs/User Guide/User Guide/Installation & Setup/Server Installation/1. Installing the server/Using Docker.md @@ -187,6 +187,8 @@ docker run -d --name trilium -p 8080:8080 --user $(id -u):$(id -g) -v ~/trilium- * `TRILIUM_GID`: GID to use for the container process (passed to Docker's `--user` flag) * `TRILIUM_DATA_DIR`: Path to the data directory inside the container (default: `/home/node/trilium-data`) +For a complete list of configuration environment variables (network settings, authentication, sync, etc.), see Configuration (config.ini or environment variables). + ### Volume Permissions If you encounter permission issues with the data volume, ensure that: diff --git a/docs/User Guide/User Guide/Installation & Setup/Server Installation/Multi-Factor Authentication.md b/docs/User Guide/User Guide/Installation & Setup/Server Installation/Multi-Factor Authentication.md index d90c19434..ee6e93363 100644 --- a/docs/User Guide/User Guide/Installation & Setup/Server Installation/Multi-Factor Authentication.md +++ b/docs/User Guide/User Guide/Installation & Setup/Server Installation/Multi-Factor Authentication.md @@ -37,7 +37,9 @@ MFA can only be set up on a server instance. In order to setup OpenID, you will need to setup a authentication provider. This requires a bit of extra setup. Follow [these instructions](https://developers.google.com/identity/openid-connect/openid-connect) to setup an OpenID service through google. The Redirect URL of Trilium is `https:///callback`. 1. Set the `oauthBaseUrl`, `oauthClientId` and `oauthClientSecret` in the `config.ini` file (check Configuration (config.ini or environment variables) for more information). - 1. You can also setup through environment variables (`TRILIUM_OAUTH_BASE_URL`, `TRILIUM_OAUTH_CLIENT_ID` and `TRILIUM_OAUTH_CLIENT_SECRET`). + 1. You can also setup through environment variables: + - Standard: `TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHBASEURL`, `TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHCLIENTID`, `TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHCLIENTSECRET` + - Legacy (still supported): `TRILIUM_OAUTH_BASE_URL`, `TRILIUM_OAUTH_CLIENT_ID`, `TRILIUM_OAUTH_CLIENT_SECRET` 2. `oauthBaseUrl` should be the link of your Trilium instance server, for example, `https://`. 2. Restart the server 3. Go to "Menu" -> "Options" -> "MFA" @@ -46,7 +48,11 @@ In order to setup OpenID, you will need to setup a authentication provider. This 6. Refresh the page and login through OpenID provider > [!NOTE] -> The default OAuth issuer is Google. To use other services such as Authentik or Auth0, you can configure the settings via `oauthIssuerBaseUrl`, `oauthIssuerName`, and `oauthIssuerIcon` in the `config.ini` file. Alternatively, these values can be set using environment variables: `TRILIUM_OAUTH_ISSUER_BASE_URL`, `TRILIUM_OAUTH_ISSUER_NAME`, and `TRILIUM_OAUTH_ISSUER_ICON`. `oauthIssuerName` and `oauthIssuerIcon` are required for displaying correct issuer information at the Login page. +> The default OAuth issuer is Google. To use other services such as Authentik or Auth0, you can configure the settings via `oauthIssuerBaseUrl`, `oauthIssuerName`, and `oauthIssuerIcon` in the `config.ini` file. Alternatively, these values can be set using environment variables: +> - Standard: `TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERBASEURL`, `TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERNAME`, `TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERICON` +> - Legacy (still supported): `TRILIUM_OAUTH_ISSUER_BASE_URL`, `TRILIUM_OAUTH_ISSUER_NAME`, `TRILIUM_OAUTH_ISSUER_ICON` +> +> `oauthIssuerName` and `oauthIssuerIcon` are required for displaying correct issuer information at the Login page. #### Authentik diff --git a/docs/User Guide/User Guide/Installation & Setup/Server Installation/TLS Configuration.md b/docs/User Guide/User Guide/Installation & Setup/Server Installation/TLS Configuration.md index 67551f115..d4004a8cb 100644 --- a/docs/User Guide/User Guide/Installation & Setup/Server Installation/TLS Configuration.md +++ b/docs/User Guide/User Guide/Installation & Setup/Server Installation/TLS Configuration.md @@ -25,7 +25,13 @@ certPath=/[username]/.acme.sh/[hostname]/fullchain.cer keyPath=/[username]/.acme.sh/[hostname]/example.com.key ``` -You can also review the [configuration](../../Advanced%20Usage/Configuration%20\(config.ini%20or%20e.md) file to provide all `config.ini` values as environment variables instead. +You can also review the [configuration](../../Advanced%20Usage/Configuration%20\(config.ini%20or%20e.md) file to provide all `config.ini` values as environment variables instead. For example, you can configure TLS using environment variables: + +```bash +export TRILIUM_NETWORK_HTTPS=true +export TRILIUM_NETWORK_CERTPATH=/path/to/cert.pem +export TRILIUM_NETWORK_KEYPATH=/path/to/key.pem +``` The above example shows how this is set up in an environment where the certificate was generated using Let's Encrypt's ACME utility. Your paths may differ. For Docker installations, ensure these paths are within a volume or another directory accessible by the Docker container, such as `/home/node/trilium-data/[DIR IN DATA DIRECTORY]`.