Skip to content

Self-Host Configuration

Configuring your self-hosted instance of Enclosed allows you to customize the application to better suit your environment and requirements. This guide covers the key environment variables you can set to control various aspects of the application, including port settings, security options, and storage configurations.

Environment Variables

Enclosed is configured primarily through environment variables. Below is a list of the available variables, along with their descriptions and default values.


PORT

The port to listen on when using node server. Default value: 8787.


SERVER_API_ROUTES_TIMEOUT_MS

The maximum time in milliseconds for a route to complete before timing out. Default value: 5000.


SERVER_CORS_ORIGINS

The CORS origin for the api server.


NOTES_MAX_ENCRYPTED_PAYLOAD_LENGTH

The maximum length of the encrypted payload of a note allowed by the api. Default value: 52428800.


TASK_DELETE_EXPIRED_NOTES_ENABLED

Whether to enable a periodic task to delete expired notes (not available for cloudflare). Default value: true.


TASK_DELETE_EXPIRED_NOTES_CRON

The frequency with which to run the task to delete expired notes (cron syntax). Default value: 0 * * * *.


TASK_DELETE_EXPIRED_NOTES_RUN_ON_STARTUP

Whether the task to delete expired notes should run on startup. Default value: true.


STORAGE_DRIVER_FS_LITE_PATH

The path to the directory where the data will be stored (only in node env). Default value: ./.data.


STORAGE_DRIVER_CLOUDFLARE_KV_BINDING

The name of the Cloudflare KV binding to use (only in cloudflare env). Default value: notes.


PUBLIC_IS_AUTHENTICATION_REQUIRED

Whether to require authentication to access the public api. Default value: false.


AUTHENTICATION_JWT_SECRET

The secret used to sign the JWT tokens. Default value: change-me.


AUTHENTICATION_JWT_DURATION_SECONDS

The duration in seconds for which the JWT token is valid. Default value: 604800.


AUTHENTICATION_USERS

The list of users allowed to authenticate. Comma-separated list of email and bcrypt password hash, like: email1:passwordHash1,email2:passwordHash2. Easily generate the value for this env variable here: https://docs.enclosed.cc/self-hosting/users-authentication-key-generator.

Applying Configuration Changes

To apply your configuration changes, ensure that you have exported the environment variables in your shell or included them in your environment configuration file. Then, restart your Enclosed instance to apply the changes.

For Docker deployments, you can pass the environment variables directly when running the container:

bash
docker run \
    -d --name enclosed \
    --restart unless-stopped \
    -p 8787:8787 \
    -v /path/to/local/data:/app/.data \
    -e SERVER_CORS_ORIGINS="https://example.com" \
    ghcr.io/corentin-th/enclosed

Next Steps

Once your instance is configured, you can proceed to explore advanced deployment options or set up monitoring to ensure your Enclosed instance runs smoothly. For a more complex setup, consider using Docker Compose or deploying on a cloud provider.