diff --git a/.github/workflows/docker-images.yml b/.github/workflows/docker-images.yml
index 7eaeb16a8f..d075f1fdce 100644
--- a/.github/workflows/docker-images.yml
+++ b/.github/workflows/docker-images.yml
@@ -10,8 +10,8 @@ on:
default: 'latest'
options:
- latest
+ - stable
- test
- - 2.4.6
build_allinone:
type: boolean
description: 'Build the All-In-One image'
@@ -41,24 +41,60 @@ jobs:
build:
runs-on: ubuntu-latest
steps:
+ - name: 'Setup jq'
+ uses: dcarbone/install-jq-action@v3
+ with:
+ version: '1.7'
+
- name: Set environment variables
shell: bash
run: |
# Get the short SHA of last commit
echo "SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-7)" >> "${GITHUB_ENV}"
-
+
# Get branch name - we don't use github.ref_head_name since we don't build on PRs
echo "BRANCH_NAME=${{ github.ref_name }}" >> "${GITHUB_ENV}"
-
+
# Set docker image tag
- echo "IMAGE_TAG=${{ inputs.imageTag || github.ref_name }}" >> "${GITHUB_ENV}"
-
+ IMAGE_TAG=${{ inputs.imageTag || github.ref_name }}
+
+ # Check whether it's a release
+ LATEST_TAG=$(
+ curl -s -L \
+ -H "Accept: application/vnd.github+json" \
+ -H "Authorization: Bearer ${{ github.token }}" \
+ https://api.github.com/repos/${{ github.repository }}/releases/latest \
+ | jq -r '.tag_name'
+ )
+ IS_LATEST="false"
+ if [[ "${LATEST_TAG}" == "${{ github.event.release.tag_name }}" ]]; then
+ IS_LATEST="true"
+ fi;
+
# Control which images to build
echo "BUILD_ALLINONE=${{ inputs.build_allinone || true }}" >> "${GITHUB_ENV}"
echo "BUILD_FRONTEND=${{ inputs.build_frontend || true }}" >> "${GITHUB_ENV}"
echo "BUILD_NODESERVICE=${{ inputs.build_nodeservice || true }}" >> "${GITHUB_ENV}"
echo "BUILD_APISERVICE=${{ inputs.build_apiservice || true }}" >> "${GITHUB_ENV}"
+ # Image names
+ ALLINONE_IMAGE_NAMES=lowcoderorg/lowcoder-ce:${IMAGE_TAG}
+ FRONTEND_IMAGE_NAMES=lowcoderorg/lowcoder-ce-frontend:${IMAGE_TAG}
+ APISERVICE_IMAGE_NAMES=lowcoderorg/lowcoder-ce-api-service:${IMAGE_TAG}
+ NODESERVICE_IMAGE_NAMES=lowcoderorg/lowcoder-ce-node-service:${IMAGE_TAG}
+
+ if [[ "${IS_LATEST}" == "true" ]]; then
+ ALLINONE_IMAGE_NAMES="lowcoderorg/lowcoder-ce:latest,${ALLINONE_IMAGE_NAMES}"
+ FRONTEND_IMAGE_NAMES="lowcoderorg/lowcoder-ce-frontend:latest,${FRONTEND_IMAGE_NAMES}"
+ APISERVICE_IMAGE_NAMES="lowcoderorg/lowcoder-ce-api-service:latest,${APISERVICE_IMAGE_NAMES}"
+ NODESERVICE_IMAGE_NAMES="lowcoderorg/lowcoder-ce-node-service:latest,${NODESERVICE_IMAGE_NAMES}"
+ fi;
+
+ echo "ALLINONE_IMAGE_NAMES=${ALLINONE_IMAGE_NAMES}" >> "${GITHUB_ENV}"
+ echo "FRONTEND_IMAGE_NAMES=${FRONTEND_IMAGE_NAMES}" >> "${GITHUB_ENV}"
+ echo "APISERVICE_IMAGE_NAMES=${APISERVICE_IMAGE_NAMES}" >> "${GITHUB_ENV}"
+ echo "NODESERVICE_IMAGE_NAMES=${NODESERVICE_IMAGE_NAMES}" >> "${GITHUB_ENV}"
+
- name: Checkout lowcoder source
uses: actions/checkout@v4
with:
@@ -91,7 +127,7 @@ jobs:
linux/amd64
linux/arm64
push: true
- tags: lowcoderorg/lowcoder-ce:${{ env.IMAGE_TAG }}
+ tags: ${{ env.ALLINONE_IMAGE_NAMES }}
- name: Build and push the frontend image
if: ${{ env.BUILD_FRONTEND == 'true' }}
@@ -108,7 +144,7 @@ jobs:
linux/amd64
linux/arm64
push: true
- tags: lowcoderorg/lowcoder-ce-frontend:${{ env.IMAGE_TAG }}
+ tags: ${{ env.FRONTEND_IMAGE_NAMES }}
- name: Build and push the node service image
if: ${{ env.BUILD_NODESERVICE == 'true' }}
@@ -120,7 +156,7 @@ jobs:
linux/amd64
linux/arm64
push: true
- tags: lowcoderorg/lowcoder-ce-node-service:${{ env.IMAGE_TAG }}
+ tags: ${{ env.NODESERVICE_IMAGE_NAMES }}
- name: Build and push the API service image
if: ${{ env.BUILD_APISERVICE == 'true' }}
@@ -132,5 +168,5 @@ jobs:
linux/amd64
linux/arm64
push: true
- tags: lowcoderorg/lowcoder-ce-api-service:${{ env.IMAGE_TAG }}
+ tags: ${{ env.APISERVICE_IMAGE_NAMES }}
diff --git a/deploy/docker/README.md b/deploy/docker/README.md
index dd42643ce9..94eca974ae 100644
--- a/deploy/docker/README.md
+++ b/deploy/docker/README.md
@@ -4,6 +4,7 @@ Included Dockerfile can be used to build an **all-in-one** image with all requir
For examples on running the all-in-one image or the multi image deployment see **deploy/docker/docker-compose.yaml** and **deploy/docker/docker-compose-multi.yaml**
+Environment variables used to configure various aspects of the services are stored in **default.env**, **default-multi.env** and **override.env**. Look into the **default** files to see which variables can be set and what are the default values. To change the defaults, use **override.env**. You don't have to use **--env-file** parameter with **doker compose** because the files are loaded from within `docker-compose.yaml` and `docker-compose-multi.yaml`.
## all-in-one image
@@ -43,6 +44,8 @@ Image can be configured by setting environment variables.
| `LOWCODER_API_RATE_LIMIT` | Number of max Request per Second | `100` |
| `LOWCODER_API_SERVICE_URL` | Lowcoder API service URL | `http://localhost:8080` |
| `LOWCODER_NODE_SERVICE_URL` | Lowcoder Node service (js executor) URL | `http://localhost:6060` |
+| `LOWCODER_NODE_SERVICE_SECRET` | Secret used for encrypting communication between API service and Node service - CHANGE IT! | |
+| `LOWCODER_NODE_SERVICE_SALT` | Salt used for encrypting communication between API service and Node service - CHANGE IT! | |
| `LOWCODER_MAX_ORGS_PER_USER` | Default maximum organizations per user | `100` |
| `LOWCODER_MAX_MEMBERS_PER_ORG` | Default maximum members per organization | `1000` |
| `LOWCODER_MAX_GROUPS_PER_ORG` | Default maximum groups per organization | `100` |
@@ -50,14 +53,18 @@ Image can be configured by setting environment variables.
| `LOWCODER_MAX_DEVELOPERS` | Default maximum developers | `100` |
| `LOWCODER_WORKSPACE_MODE` | SAAS to activate, ENTERPRISE to switch off - Workspaces | `SAAS` |
| `LOWCODER_EMAIL_SIGNUP_ENABLED` | Control if users create their own Workspace automatic when Sign Up | `true` |
+| `LOWCODER_EMAIL_AUTH_ENABLED` | Controls whether authentication via email is enabled | `true` |
| `LOWCODER_CREATE_WORKSPACE_ON_SIGNUP` | IF LOWCODER_WORKSPACE_MODE = SAAS, controls if a own workspace is created for the user after sign up | `true` |
| `LOWCODER_MARKETPLACE_PRIVATE_MODE` | Control if not to show Apps on the local Marketplace to anonymous users | `true` |
| `LOWCODER_SUPERUSER_USERNAME` | Username of the Super-User of an Lowcoder Installation | `admin@localhost` |
| `LOWCODER_SUPERUSER_PASSWORD` | Password of the Super-User, if not present or empty, it will be generated | `generated and printed into log file |
-
+| `LOWCODER_PLUGINS_DIR` | Directory holding lowcoder plugins | `/lowcoder-stacks/plugins` |
+| `LOWCODER_COOKIE_NAME` | Name of the lowcoder application cookie | `LOWCODER_CE_SELFHOST_TOKEN` |
+| `LOWCODER_COOKIE_MAX_AGE` | Lowcoder application cookie max age in hours | `24` |
+| `LOWCODER_APP_SNAPSHOT_RETENTIONTIME` | Application snapshots retention time in days | `30` |
Also you should set the API-KEY secret, whcih should be a string of at least 32 random characters. (from Lowcoder v2.3.x on)
-On linux/mac, generate one eg. with: head /dev/urandom | head -c 30 | shasum -a 256
+On linux/mac, generate one eg. with: `head /dev/urandom | head -c 30 | shasum -a 256`
| Environment variable | Description | Default-Value |
|-------------------------------------| ----------------------------------------------------------------------- | ----------------------------------------------------- |
@@ -76,7 +83,7 @@ To enable secure Password Reset flow for the users, you need to configure your o
| `LOWCODER_ADMIN_SMTP_SSL_ENABLED` | Enable SSL encryption | `false` |
| `LOWCODER_ADMIN_SMTP_STARTTLS_ENABLED` | Enable STARTTLS encryption | `true` |
| `LOWCODER_ADMIN_SMTP_STARTTLS_REQUIRED` | Require STARTTLS encryption | `true` |
-| `LOWCODER_LOST_PASSWORD_EMAIL_SENDER` | "from" Email address of the password Reset Email Sender | `service@lowcoder.cloud` |
+| `LOWCODER_EMAIL_NOTIFICATIONS_SENDER` | "from" Email address of the password Reset Email Sender | `info@localhost` |
## Building api-service image
@@ -119,6 +126,12 @@ Image can be configured by setting environment variables.
| `LOWCODER_MARKETPLACE_PRIVATE_MODE` | Control if not to show Apps on the local Marketplace to anonymous users | `true` |
| `LOWCODER_SUPERUSER_USERNAME` | Username of the Super-User of an Lowcoder Installation | `admin@localhost` |
| `LOWCODER_SUPERUSER_PASSWORD` | Password of the Super-User, if not present or empty, it will be generated | `generated and printed into log file |
+| `LOWCODER_PLUGINS_DIR` | Directory holding lowcoder plugins | `/lowcoder-stacks/plugins` |
+| `LOWCODER_COOKIE_NAME` | Name of the lowcoder application cookie | `LOWCODER_CE_SELFHOST_TOKEN` |
+| `LOWCODER_COOKIE_MAX_AGE` | Lowcoder application cookie max age in hours | `24` |
+| `LOWCODER_APP_SNAPSHOT_RETENTIONTIME` | Application snapshots retention time in days | `30` |
+| `LOWCODER_NODE_SERVICE_SECRET` | Secret used for encrypting communication between API service and Node service - CHANGE IT! | |
+| `LOWCODER_NODE_SERVICE_SALT` | Salt used for encrypting communication between API service and Node service - CHANGE IT! | |
Also you should set the API-KEY secret, whcih should be a string of at least 32 random characters. (from Lowcoder v2.3.x on)
On linux/mac, generate one eg. with: head /dev/urandom | head -c 30 | shasum -a 256
@@ -140,7 +153,7 @@ To enable secure Password Reset flow for the users, you need to configure your o
| `LOWCODER_ADMIN_SMTP_SSL_ENABLED` | Enable SSL encryption | `false` |
| `LOWCODER_ADMIN_SMTP_STARTTLS_ENABLED` | Enable STARTTLS encryption | `true` |
| `LOWCODER_ADMIN_SMTP_STARTTLS_REQUIRED` | Require STARTTLS encryption | `true` |
-| `LOWCODER_LOST_PASSWORD_EMAIL_SENDER` | "from" Email address of the password Reset Email Sender | `service@lowcoder.cloud` |
+| `LOWCODER_EMAIL_NOTIFICATIONS_SENDER` | "from" Email address of the password Reset Email Sender | `info@localhost` |
## Building node-service image
@@ -163,6 +176,8 @@ Image can be configured by setting environment variables.
| `LOWCODER_PUID` | ID of user running services. It will own all created logs and data. | `9001` |
| `LOWCODER_PGID` | ID of group of the user running services. | `9001` |
| `LOWCODER_API_SERVICE_URL` | Lowcoder API service URL | `http://localhost:8080` |
+| `LOWCODER_NODE_SERVICE_SECRET` | Secret used for encrypting communication between API service and Node service - CHANGE IT! | |
+| `LOWCODER_NODE_SERVICE_SALT` | Salt used for encrypting communication between API service and Node service - CHANGE IT! | |
## Building web frontend image
diff --git a/deploy/docker/default-multi.env b/deploy/docker/default-multi.env
new file mode 100644
index 0000000000..7daba8e66e
--- /dev/null
+++ b/deploy/docker/default-multi.env
@@ -0,0 +1,21 @@
+#####################################################################
+## ##
+## Lowcoder environment variables override for multi image ##
+## installation. ##
+## ##
+## !!! PLEASE DO NOT CHANGE THIS FILE !!! ##
+## ##
+## To change the variables use file: override.env ##
+## ##
+## It will be loaded automatically and will override the defaults ##
+## You don't have to copy the whole default.env, only the changed ##
+## environment variables. ##
+## ##
+#####################################################################
+
+# Update individual service URLs to match the multi setup
+LOWCODER_MONGODB_URL="mongodb://lowcoder:secret123@mongodb/lowcoder?authSource=admin"
+LOWCODER_REDIS_URL="redis://redis:6379"
+LOWCODER_NODE_SERVICE_URL="http://lowcoder-node-service:6060"
+LOWCODER_API_SERVICE_URL="http://lowcoder-api-service:8080"
+
diff --git a/deploy/docker/default.env b/deploy/docker/default.env
new file mode 100644
index 0000000000..8b4445a3d4
--- /dev/null
+++ b/deploy/docker/default.env
@@ -0,0 +1,160 @@
+#####################################################################
+## ##
+## Default lowcoder environment variables. ##
+## ##
+## !!! PLEASE DO NOT CHANGE THIS FILE !!! ##
+## ##
+## To change the variables use file: override.env ##
+## ##
+## It will be loaded automatically and will override the defaults ##
+## You don't have to copy the whole default.env, only the changed ##
+## environment variables. ##
+## ##
+#####################################################################
+
+
+##
+## Enable services (applies to all-in-one deployment) ##
+## - you can disable them in favor of external services
+#
+# If true redis server is started in the container
+LOWCODER_REDIS_ENABLED="true"
+# If true mongo database is started in the container
+LOWCODER_MONGODB_ENABLED="true"
+# If true lowcoder api-service is started in the container
+LOWCODER_API_SERVICE_ENABLED="true"
+# If true lowcoder node-service is started in the container
+LOWCODER_NODE_SERVICE_ENABLED="true"
+# If true lowcoder web frontend is started in the container
+LOWCODER_FRONTEND_ENABLED="true"
+#
+# Set LOWCODER_MONGODB_EXPOSED to "true" and uncomment mongodb port
+# to make internal mongo database accessible from host
+# (applies to all-in-one deployment)
+#
+LOWCODER_MONGODB_EXPOSED="false"
+
+##
+## Generic parameters
+##
+#
+# URL of the public User Interface
+LOWCODER_PUBLIC_URL="http://localhost:3000/"
+
+# ID of user running services. It will own all created logs and data.
+LOWCODER_PUID="1000"
+# ID of group of the user running services
+LOWCODER_PGID="1000"
+
+##
+## api-service parameters
+##
+# Name of the lowcoder application cookie
+LOWCODER_COOKIE_NAME=LOWCODER_CE_SELFHOST_TOKEN
+# Lowcoder application cookie max age in hours
+LOWCODER_COOKIE_MAX_AGE=24
+# Default maximum organizations per user
+LOWCODER_MAX_ORGS_PER_USER=100
+# Default maximum members per organization
+LOWCODER_MAX_MEMBERS_PER_ORG=1000
+# Default maximum groups per organization
+LOWCODER_MAX_GROUPS_PER_ORG=100
+# Default maximum applications per organization
+LOWCODER_MAX_APPS_PER_ORG=1000
+# Default maximum developers
+LOWCODER_MAX_DEVELOPERS=50
+# Mongo database connection string (use the later one in case of multi-image compose)
+LOWCODER_MONGODB_URL="mongodb://localhost:27017/lowcoder?authSource=admin"
+#LOWCODER_MONGODB_URL="mongodb://lowcoder:secret123@mongodb/lowcoder?authSource=admin"
+# Redis server URL
+LOWCODER_REDIS_URL="redis://localhost:6379"
+# Control if users create their own Workspace automatic when Sign Up
+LOWCODER_EMAIL_SIGNUP_ENABLED="true"
+# Controls whether authentication via email is enabled
+LOWCODER_EMAIL_AUTH_ENABLED="true"
+# IF LOWCODER_WORKSPACE_MODE = SAAS, controls if own workspace is created for the user after sign up
+LOWCODER_CREATE_WORKSPACE_ON_SIGNUP="true"
+# Application snapshots retention time in days
+LOWCODER_APP_SNAPSHOT_RETENTIONTIME=30
+#
+# ! PLEASE CHANGE THESE TO SOMETHING UNIQUE !
+#
+# LOWCODER_DB_ENCRYPTION_PASSWORD and LOWCODER_DB_ENCRYPTION_SALT is used
+# to encrypt sensitive data in mongo database so it is important to change the defaults
+#
+LOWCODER_DB_ENCRYPTION_PASSWORD="lowcoder.org"
+LOWCODER_DB_ENCRYPTION_SALT="lowcoder.org"
+
+# CORS allowed domains
+LOWCODER_CORS_DOMAINS="*"
+#
+# API-KEY secret - should be a string of at least 32 random characters
+# - on linux/mac, generate one eg. with: head /dev/urandom | head -c 30 | shasum -a 256
+#
+LOWCODER_API_KEY_SECRET="5a41b090758b39b226603177ef48d73ae9839dd458ccb7e66f7e7cc028d5a50b"
+
+##
+## api and node service parameters
+##
+# Directory holding lowcoder plugins
+LOWCODER_PLUGINS_DIR="../plugins"
+# Number of max Request per Second - set to 0 to disable rate limiting
+LOWCODER_API_RATE_LIMIT=100
+# Lowcoder API service URL
+LOWCODER_API_SERVICE_URL="http://localhost:8080"
+# Lowcoder Node service URL
+LOWCODER_NODE_SERVICE_URL="http://localhost:6060"
+
+#
+# ! PLEASE CHANGE THESE TO SOMETHING UNIQUE !
+#
+# Secret and salt used for encrypting comunication between API service and NODE service
+#
+LOWCODER_NODE_SERVICE_SECRET="62e348319ab9f5c43c3b5a380b4d82525cdb68740f21140e767989b509ab0aa2"
+LOWCODER_NODE_SERVICE_SECRET_SALT="lowcoder.org"
+
+##
+## Frontend parameters
+##
+# Lowcoder max request size
+LOWCODER_MAX_REQUEST_SIZE=20m
+# Lowcoder max query timeout (in seconds)
+LOWCODER_MAX_QUERY_TIMEOUT=120
+# Default lowcoder query timeout
+LOWCODER_DEFAULT_QUERY_TIMEOUT=10
+# SAAS to activate, ENTERPRISE to switch off - Workspaces
+LOWCODER_WORKSPACE_MODE=SAAS
+# Controls whether to show Apps on the local Marketplace to anonymous users
+# - if true, apps are not shown to anonymous users
+LOWCODER_MARKETPLACE_PRIVATE_MODE="true"
+
+##
+## Lowcoder notification emails setup
+##
+# Mail server host
+LOWCODER_ADMIN_SMTP_HOST=localhost
+# Mail server port
+LOWCODER_ADMIN_SMTP_PORT=587
+# Use authentication when sending email
+LOWCODER_ADMIN_SMTP_AUTH="true"
+# Username (email) used for authentication
+LOWCODER_ADMIN_SMTP_USERNAME=
+# Password used for authentication
+LOWCODER_ADMIN_SMTP_PASSWORD=
+# Enable SSL for connetion to the mail server
+LOWCODER_ADMIN_SMTP_SSL_ENABLED="false"
+# Enable STARTTLS
+LOWCODER_ADMIN_SMTP_STARTTLS_ENABLED="true"
+# Require STARTTLS
+LOWCODER_ADMIN_SMTP_STARTTLS_REQUIRED="true"
+
+# Email used in notifications from lowcoder
+LOWCODER_EMAIL_NOTIFICATIONS_SENDER=info@localhost
+
+# Lowcoder superuser username
+LOWCODER_SUPERUSER_USERNAME=admin@localhost
+# Lowcoder superuser password
+# If left blank, a password will be generated and written into log (lowcoder-stacks/logs/api-service/api-service.log)
+LOWCODER_SUPERUSER_PASSWORD=
+
+
diff --git a/deploy/docker/docker-compose-multi.yaml b/deploy/docker/docker-compose-multi.yaml
index 63bbf421dc..08f2987dd9 100644
--- a/deploy/docker/docker-compose-multi.yaml
+++ b/deploy/docker/docker-compose-multi.yaml
@@ -48,56 +48,13 @@ services:
# Enabled ports to be able to access backend from host
# ports:
# - "8080:8080"
- environment:
- LOWCODER_PUBLIC_URL: "http://localhost:3000/"
- LOWCODER_PUID: "9001"
- LOWCODER_PGID: "9001"
- LOWCODER_MONGODB_URL: "mongodb://lowcoder:secret123@mongodb/lowcoder?authSource=admin"
- LOWCODER_REDIS_URL: "redis://redis:6379"
- LOWCODER_NODE_SERVICE_URL: "http://lowcoder-node-service:6060"
- LOWCODER_MAX_QUERY_TIMEOUT: 120
- LOWCODER_MAX_REQUEST_SIZE: 20m
- LOWCODER_EMAIL_AUTH_ENABLED: "true"
- LOWCODER_EMAIL_SIGNUP_ENABLED: "true"
- LOWCODER_CREATE_WORKSPACE_ON_SIGNUP: "true"
- #
- # ! PLEASE CHANGE THESE TO SOMETHING UNIQUE !
- #
- # LOWCODER_DB_ENCRYPTION_PASSWORD and LOWCODER_DB_ENCRYPTION_SALT is used
- # to encrypt sensitive data in database so it is important to change the defaults
- #
- LOWCODER_DB_ENCRYPTION_PASSWORD: "lowcoder.org"
- LOWCODER_DB_ENCRYPTION_SALT: "lowcoder.org"
- LOWCODER_CORS_DOMAINS: "*"
- LOWCODER_MAX_ORGS_PER_USER: 100
- LOWCODER_MAX_MEMBERS_PER_ORG: 1000
- LOWCODER_MAX_GROUPS_PER_ORG: 100
- LOWCODER_MAX_APPS_PER_ORG: 1000
- LOWCODER_MAX_DEVELOPERS: 50
- #
- # API-KEY secret - should be a string of at least 32 random characters
- # - on linux/mac, generate one eg. with: head /dev/urandom | head -c 30 | shasum -a 256
- #
- LOWCODER_API_KEY_SECRET: "5a41b090758b39b226603177ef48d73ae9839dd458ccb7e66f7e7cc028d5a50b"
- LOWCODER_PLUGINS_DIR: "../plugins"
- LOWCODER_API_RATE_LIMIT: 50
- LOWCODER_WORKSPACE_MODE: SAAS
- LOWCODER_MARKETPLACE_PRIVATE_MODE: "true"
- # Lowcoder notification emails setup
- LOWCODER_ADMIN_SMTP_HOST: smtp.gmail.com
- LOWCODER_ADMIN_SMTP_PORT: 587
- LOWCODER_ADMIN_SMTP_USERNAME:
- LOWCODER_ADMIN_SMTP_PASSWORD:
- LOWCODER_ADMIN_SMTP_AUTH: "true"
- LOWCODER_ADMIN_SMTP_SSL_ENABLED: "false"
- LOWCODER_ADMIN_SMTP_STARTTLS_ENABLED: "true"
- LOWCODER_ADMIN_SMTP_STARTTLS_REQUIRED: "true"
- # Email used as sender in lost password email
- LOWCODER_EMAIL_NOTIFICATIONS_SENDER: info@localhost
- # Lowcoder superuser details
- LOWCODER_SUPERUSER_USERNAME: admin@localhost
- # If left blank, a password will be generated and written into api-service log
- LOWCODER_SUPERUSER_PASSWORD:
+ env_file:
+ - path: ./default.env
+ required: true
+ - path: ./default-multi.env
+ required: true
+ - path: ./override.env
+ required: false
restart: unless-stopped
depends_on:
mongodb:
@@ -122,10 +79,13 @@ services:
# Enabled ports to be able to access backend from host
# ports:
# - "6060:6060"
- environment:
- LOWCODER_PUID: "9001"
- LOWCODER_PGID: "9001"
- LOWCODER_API_SERVICE_URL: "http://lowcoder-api-service:8080"
+ env_file:
+ - path: ./default.env
+ required: true
+ - path: ./default-multi.env
+ required: true
+ - path: ./override.env
+ required: false
restart: unless-stopped
depends_on:
lowcoder-api-service:
@@ -145,13 +105,13 @@ services:
container_name: lowcoder-frontend
ports:
- "3000:3000"
- environment:
- LOWCODER_PUID: "9001"
- LOWCODER_PGID: "9001"
- LOWCODER_MAX_REQUEST_SIZE: 20m
- LOWCODER_MAX_QUERY_TIMEOUT: 120
- LOWCODER_API_SERVICE_URL: "http://lowcoder-api-service:8080"
- LOWCODER_NODE_SERVICE_URL: "http://lowcoder-node-service:6060"
+ env_file:
+ - path: ./default.env
+ required: true
+ - path: ./default-multi.env
+ required: true
+ - path: ./override.env
+ required: false
restart: unless-stopped
depends_on:
lowcoder-node-service:
@@ -162,6 +122,7 @@ services:
restart: true
volumes:
- ./lowcoder-stacks/assets:/lowcoder/assets
+ - ./lowcoder-stacks/ssl:/lowcoder-stacks/ssl
healthcheck:
test: curl --fail http://lowcoder-frontend:3000 || exit 1
interval: 5s
diff --git a/deploy/docker/docker-compose.yaml b/deploy/docker/docker-compose.yaml
index 0ca4306556..6f0b2a8e00 100644
--- a/deploy/docker/docker-compose.yaml
+++ b/deploy/docker/docker-compose.yaml
@@ -1,85 +1,29 @@
-version: "3"
+#####################################################################
+## ##
+## Lowcoder all-in-one compose file. ##
+## ##
+## To run: ##
+## docker compose up -d ##
+## ##
+#####################################################################
+
services:
##
## Start Lowcoder (all-in-one)
##
- lowcoder-api-service:
+ lowcoder-all-in-one:
image: lowcoderorg/lowcoder-ce:latest
container_name: lowcoder
+ env_file:
+ - path: ./default.env
+ required: true
+ - path: ./override.env
+ required: false
ports:
- "3000:3000"
- "3443:3443"
# - "27017:27017"
- environment:
- # Public base url
- LOWCODER_PUBLIC_URL: "http://localhost:3000/"
- # enable services
- LOWCODER_REDIS_ENABLED: "true"
- LOWCODER_MONGODB_ENABLED: "true"
- #
- # Set LOWCODER_MONGODB_EXPOSED to "true" and uncomment mongodb port
- # to make internal mongo database accessible from host
- #
- LOWCODER_MONGODB_EXPOSED: "false"
- LOWCODER_API_SERVICE_ENABLED: "true"
- LOWCODER_NODE_SERVICE_ENABLED: "true"
- LOWCODER_FRONTEND_ENABLED: "true"
- # generic parameters
- # Effective user and group IDs
- LOWCODER_PUID: "1000"
- LOWCODER_PGID: "1000"
- # api-service parameters
- LOWCODER_MAX_ORGS_PER_USER: 100
- LOWCODER_MAX_MEMBERS_PER_ORG: 1000
- LOWCODER_MAX_GROUPS_PER_ORG: 100
- LOWCODER_MAX_APPS_PER_ORG: 1000
- LOWCODER_MAX_DEVELOPERS: 50
- #LOWCODER_MONGODB_URL: "mongodb://lowcoder:secret123@mongodb/lowcoder?authSource=admin"
- LOWCODER_MONGODB_URL: "mongodb://localhost:27017/lowcoder?authSource=admin"
- LOWCODER_REDIS_URL: "redis://localhost:6379"
- LOWCODER_EMAIL_SIGNUP_ENABLED: "true"
- LOWCODER_EMAIL_AUTH_ENABLED: "true"
- LOWCODER_CREATE_WORKSPACE_ON_SIGNUP: "true"
- #
- # ! PLEASE CHANGE THESE TO SOMETHING UNIQUE !
- #
- # LOWCODER_DB_ENCRYPTION_PASSWORD and LOWCODER_DB_ENCRYPTION_SALT is used
- # to encrypt sensitive data in database so it is important to change the defaults
- #
- LOWCODER_DB_ENCRYPTION_PASSWORD: "lowcoder.org"
- LOWCODER_DB_ENCRYPTION_SALT: "lowcoder.org"
- LOWCODER_CORS_DOMAINS: "*"
- #
- # API-KEY secret - should be a string of at least 32 random characters
- # - on linux/mac, generate one eg. with: head /dev/urandom | head -c 30 | shasum -a 256
- #
- LOWCODER_API_KEY_SECRET: "5a41b090758b39b226603177ef48d73ae9839dd458ccb7e66f7e7cc028d5a50b"
- # api and node service parameters
- LOWCODER_PLUGINS_DIR: "../plugins"
- LOWCODER_API_RATE_LIMIT: 50
- LOWCODER_API_SERVICE_URL: "http://localhost:8080"
- LOWCODER_NODE_SERVICE_URL: "http://localhost:6060"
- # frontend parameters
- LOWCODER_MAX_REQUEST_SIZE: 20m
- LOWCODER_MAX_QUERY_TIMEOUT: 120
- LOWCODER_WORKSPACE_MODE: SAAS
- LOWCODER_MARKETPLACE_PRIVATE_MODE: "true"
- # Lowcoder notification emails setup
- LOWCODER_ADMIN_SMTP_HOST: localhost
- LOWCODER_ADMIN_SMTP_PORT: 587
- LOWCODER_ADMIN_SMTP_USERNAME:
- LOWCODER_ADMIN_SMTP_PASSWORD:
- LOWCODER_ADMIN_SMTP_AUTH: "true"
- LOWCODER_ADMIN_SMTP_SSL_ENABLED: "false"
- LOWCODER_ADMIN_SMTP_STARTTLS_ENABLED: "true"
- LOWCODER_ADMIN_SMTP_STARTTLS_REQUIRED: "true"
- # Email used as sender in lost password email
- LOWCODER_EMAIL_NOTIFICATIONS_SENDER: info@localhost
- # Lowcoder superuser details
- LOWCODER_SUPERUSER_USERNAME: admin@localhost
- # If left blank, a password will be generated and written into log (lowcoder-stacks/logs/api-service/api-service.log)
- LOWCODER_SUPERUSER_PASSWORD:
volumes:
- ./lowcoder-stacks:/lowcoder-stacks
- ./lowcoder-stacks/assets:/lowcoder/assets
diff --git a/deploy/docker/override.env b/deploy/docker/override.env
new file mode 100644
index 0000000000..8785627b8c
--- /dev/null
+++ b/deploy/docker/override.env
@@ -0,0 +1,9 @@
+#####################################################################
+## ##
+## Use this file to override environment variables for compose ##
+## files. ##
+## Add only variables you want to override. ##
+## ##
+#####################################################################
+
+
diff --git a/deploy/helm/Chart.yaml b/deploy/helm/Chart.yaml
index a99cee36ee..7b3bf927d0 100644
--- a/deploy/helm/Chart.yaml
+++ b/deploy/helm/Chart.yaml
@@ -4,10 +4,10 @@ description: A Helm chart for Kubernetes for installing lowcoder
type: application
# Chart version (change every time you make changes to the chart)
-version: 1.0.0
+version: 2.7.0
# Lowcoder version
-appVersion: "latest"
+appVersion: "2.7.0"
# Dependencies needed for Lowcoder deployment
dependencies:
diff --git a/deploy/helm/README.md b/deploy/helm/README.md
index b7dd8555b2..098aaf6bd0 100644
--- a/deploy/helm/README.md
+++ b/deploy/helm/README.md
@@ -42,23 +42,46 @@ $ helm delete -n lowcoder my-lowcoder
| Name | Description | Value |
| --------------------------------------- | --------------------------------------------------------------------------------- | -------------- |
+| `global.config.publicUrl` | URL of the public User Interface (used eg. in invitation links) | `https://somedomain.com/` |
+| `global.config.createWorkspaceOnSignup` | If workspaceMode = SAAS, controls if own workspace is created for the user after sign up | `true` |
| `global.config.workspaceMode` | Sets the workspace mode. Possible types are: SAAS, ENTERPRISE | `SAAS` |
| `global.config.userId` | User ID of user running Lowcoder server application in container | `9001` |
| `global.config.groupId` | Group ID of user running Lowcoder server application in container | `9001` |
| `global.config.corsAllowedDomains` | CORS allowed domains | `*` |
| `global.config.enableUserSignUp` | Enable users signing up to lowcoder via login page | `true` |
+| `global.config.enableEmailAuth` | Controls whether authentication via email is enabled | `true` |
+| `global.config.emailNotificationSender` | Email used in notifications from lowcoder | `info@localhost` |
| `global.config.encryption.password` | Encryption password - CHANGE IT! | `lowcoder.org` |
| `global.config.encryption.salt` | Encryption salt - CHANGE IT! | `lowcoder.org` |
-| `global.config.apiKeySecret` | API-KEY secret, should be a string of at least 32 random characters - CHANGE IT | `5a41b090758b39b226603177ef48d73ae9839dd458ccb7e66f7e7cc028d5a50b` |
+| `global.config.superuser.username` | Lowcoder superadmin username | `admin@localhost` |
+| `global.config.superuser.password` | Lowcoder superadmin password - if not supplied, it will be generated | |
+| `global.config.apiKeySecret` | API-KEY secret, should be a string of at least 32 random characters - CHANGE IT | `5a41b0905...` |
| `global.config.maxQueryTimeout` | Maximum query timeout in seconds | `120` |
| `global.config.maxRequestSize` | Maximum request size | `20m` |
+| `global.config.snapshotRetentionTime` | Lowcoder application snapshot retention time (in days) | `30` |
+| `global.config.marketplacePrivateMode` | Controls whether to show Apps on the local Marketplace to anonymous users | `true` |
| `global.config.nodeServiceUrl` | URL to node-service server if using external one (disabled by default) | |
+| `global.config.nodeServiceSecret` | Secret used for encrypting traffic between API service and Node service - CHANGE IT! | |
+| `global.config.nodeServiceSalt` | Salt used for encrypting traffic between API service and Node service - CHANGE IT! | |
| `global.config.apiServiceUrl` | URL to api-service server if using external one (disabled by default) | |
+| `global.cookie.name` | Name of the lowcoder application cookie | `LOWCODER_CE_SELFHOST_TOKEN` |
+| `global.cookie.maxAge` | Lowcoder application cookie max age in hours | `24` |
| `global.defaults.maxOrgsPerUser` | Maximum allowed organizations per user | `100` |
| `global.defaults.maxMembersPerOrg` | Maximum allowed members per organization | `1000` |
| `global.defaults.maxGroupsPerOrg` | Maximum groups allowed per organization | `100` |
| `global.defaults.maxAppsPerOrg` | Maximum allowed applications per organization | `1000` |
| `global.defaults.maxDevelopers` | Maximum allowed developer accounts | `100` |
+| `global.defaults.apiRateLimit` | Number of max Request per Second - set to 0 to disable rate limiting | `100` |
+| `global.defaults.queryTimeout` | Default lowcoder query timeout | `10` |
+| `global.mailServer.host` | Mail server host (used for sending lowcoder emails) | `localhost` |
+| `global.mailServer.port` | Mail server port | `578` |
+| `global.mailServer.smtpAuth` | Use SMPT authentication when sending mails | `false` |
+| `global.mailServer.authUsername` | Username (email) used for SMTP authentication | |
+| `global.mailServer.authPassword` | Password used for authentication | |
+| `global.mailServer.useSSL` | Enable SSL for connetion to the mail server | `false` |
+| `global.mailServer.useStartTLS` | Enable STARTTLS | `true` |
+| `global.mailServer.requireStartTLS` | Require STARTTLS | `true` |
+| `global.plugins.folder` | Folder from which to load lowcoder plugins | `/plugins` |
### Redis
diff --git a/deploy/helm/templates/api-service/configMap.yaml b/deploy/helm/templates/api-service/configMap.yaml
index 103a78ad0e..4371982a08 100644
--- a/deploy/helm/templates/api-service/configMap.yaml
+++ b/deploy/helm/templates/api-service/configMap.yaml
@@ -38,11 +38,29 @@ data:
LOWCODER_CORS_DOMAINS: {{ .Values.global.config.corsAllowedDomains | default "*" | quote }}
LOWCODER_EMAIL_AUTH_ENABLED: {{ .Values.global.config.enableEmailAuth | default "true" | quote }}
LOWCODER_EMAIL_SIGNUP_ENABLED: {{ .Values.global.config.enableUserSignUp | default "true" | quote }}
+ LOWCODER_EMAIL_NOTIFICATIONS_SENDER: {{ .Values.global.config.emailNotificationSender | default "info@localhost" | quote }}
LOWCODER_MAX_QUERY_TIMEOUT: {{ .Values.global.config.maxQueryTimeout | default "120" | quote }}
+ LOWCODER_MAX_REQUEST_SIZE: {{ .Values.global.config.maxRequestSize | default "20m" | quote }}
LOWCODER_MAX_ORGS_PER_USER: {{ .Values.global.defaults.maxOrgsPerUser | default "100" | quote }}
LOWCODER_MAX_MEMBERS_PER_ORG: {{ .Values.global.defaults.maxMembersPerOrg | default "1000" | quote }}
LOWCODER_MAX_GROUPS_PER_ORG: {{ .Values.global.defaults.maxGroupsPerOrg | default "100" | quote }}
LOWCODER_MAX_APPS_PER_ORG: {{ .Values.global.defaults.maxAppsPerOrg | default "1000" | quote }}
LOWCODER_MAX_DEVELOPERS: {{ .Values.global.defaults.maxDevelopers | default "50" | quote }}
+ LOWCODER_DEFAULT_QUERY_TIMEOUT: {{ .Values.global.defaults.queryTimeout | default "10" | quote }}
LOWCODER_WORKSPACE_MODE: {{ .Values.global.config.workspaceMode | default "SAAS" | quote }}
LOWCODER_CREATE_WORKSPACE_ON_SIGNUP: {{ .Values.global.config.createWorkspaceOnSignup | default "true" | quote }}
+ LOWCODER_ADMIN_SMTP_HOST: {{ .Values.global.mailServer.host | default "localhost" | quote }}
+ LOWCODER_ADMIN_SMTP_PORT: {{ .Values.global.mailServer.port | default "578" | quote }}
+ LOWCODER_ADMIN_SMTP_AUTH: {{ .Values.global.mailServer.smtpAuth | default "false" | quote }}
+ LOWCODER_ADMIN_SMTP_USERNAME: {{ .Values.global.mailServer.authUsername | default "" | quote }}
+ LOWCODER_ADMIN_SMTP_PASSWORD: {{ .Values.global.mailServer.authPassword | default "" | quote }}
+ LOWCODER_ADMIN_SMTP_SSL_ENABLED: {{ .Values.global.mailServer.useSSL | default "false" | quote }}
+ LOWCODER_ADMIN_SMTP_STARTTLS_ENABLED: {{ .Values.global.mailServer.useStartTLS | default "true" | quote }}
+ LOWCODER_ADMIN_SMTP_STARTTLS_REQUIRED: {{ .Values.global.mailServer.requireStartTLS | default "true" | quote }}
+ LOWCODER_API_RATE_LIMIT: {{ .Values.global.defaults.apiRateLimit | default "100" | quote }}
+ LOWCODER_APP_SNAPSHOT_RETENTIONTIME: {{ .Values.global.config.snapshotRetentionTime | default "30" | quote }}
+ LOWCODER_COOKIE_NAME: {{ .Values.global.cookie.name | default "LOWCODER_CE_SELFHOST_TOKEN" | quote }}
+ LOWCODER_COOKIE_MAX_AGE: {{ .Values.global.cookie.maxAge | default "24" | quote }}
+ LOWCODER_MARKETPLACE_PRIVATE_MODE: {{ .Values.global.config.marketplacePrivateMode | default "true" | quote }}
+ LOWCODER_PLUGINS_DIR: {{ .Values.global.plugins.folder | default "/plugins" | quote }}
+ LOWCODER_PUBLIC_URL: {{ .Values.global.config.publicUrl | default "https://somedomain.com/" | quote }}
diff --git a/deploy/helm/templates/api-service/secrets.yaml b/deploy/helm/templates/api-service/secrets.yaml
index eecbe91bae..c1e45ced8e 100644
--- a/deploy/helm/templates/api-service/secrets.yaml
+++ b/deploy/helm/templates/api-service/secrets.yaml
@@ -29,3 +29,8 @@ stringData:
LOWCODER_DB_ENCRYPTION_PASSWORD: {{ .Values.global.config.encryption.password | default "lowcoder.org" | quote }}
LOWCODER_DB_ENCRYPTION_SALT: {{ .Values.global.config.encryption.salt | default "lowcoder.org" | quote }}
LOWCODER_API_KEY_SECRET: "{{ .Values.global.config.apiKeySecret }}"
+ LOWCODER_SUPERUSER_USERNAME: {{ .Values.global.config.superuser.username | default "admin@localhost" | quote }}
+ LOWCODER_SUPERUSER_PASSWORD: {{ .Values.global.config.superuser.password | default "" | quote }}
+ LOWCODER_NODE_SERVICE_SECRET: {{ .values.global.config.nodeServiceSecret | default "62e348319ab9f5c43c3b5a380b4d82525cdb68740f21140e767989b509ab0aa2" | quote }}
+ LOWCODER_NODE_SERVICE_SECRET_SALT: {{ .values.global.config.nodeServiceSalt | default "lowcoder.org" | quote }}
+
diff --git a/deploy/helm/templates/node-service/deployment.yaml b/deploy/helm/templates/node-service/deployment.yaml
index 0bc4035a63..4ec381aa12 100644
--- a/deploy/helm/templates/node-service/deployment.yaml
+++ b/deploy/helm/templates/node-service/deployment.yaml
@@ -36,6 +36,8 @@ spec:
envFrom:
- configMapRef:
name: {{ include "lowcoder.fullname" . }}-node-service
+ - secretRef:
+ name: {{ include "lowcoder.fullname" . }}-node-service
ports:
- name: lowcoder-node
containerPort: 6060
diff --git a/deploy/helm/templates/node-service/secrets.yaml b/deploy/helm/templates/node-service/secrets.yaml
new file mode 100644
index 0000000000..2af6cfa30b
--- /dev/null
+++ b/deploy/helm/templates/node-service/secrets.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+ name: {{ include "lowcoder.fullname" . }}-node-service
+ labels:
+ {{- include "lowcoder.labels" . | nindent 4 }}
+ {{- with .Values.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+stringData:
+ LOWCODER_NODE_SERVICE_SECRET: {{ .values.global.config.nodeServiceSecret | default "62e348319ab9f5c43c3b5a380b4d82525cdb68740f21140e767989b509ab0aa2" | quote }}
+ LOWCODER_NODE_SERVICE_SECRET_SALT: {{ .values.global.config.nodeServiceSalt | default "lowcoder.org" | quote }}
+
diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml
index 52375f00f1..3723fec4b4 100644
--- a/deploy/helm/values.yaml
+++ b/deploy/helm/values.yaml
@@ -11,6 +11,7 @@ fullnameOverride: ""
#
global:
config:
+ publicUrl: "https://somedomain.com/"
# This setting sets workspace mode. Possible values: SAAS, ENTERPRISE
workspaceMode: SAAS
createWorkspaceOnSignup: true
@@ -20,20 +21,44 @@ global:
corsAllowedDomains: "*"
enableEmailAuth: true
enableUserSignUp: true
+ emailNotificationSender: info@localhost
encryption:
password: "lowcoder.org"
salt: "lowcoder.org"
+ superuser:
+ username: admin@localhost
+ password:
#nodeServiceUrl:
#apiServiceUrl:
apiKeySecret: "5a41b090758b39b226603177ef48d73ae9839dd458ccb7e66f7e7cc028d5a50b"
+ nodeServiceSecret: "62e348319ab9f5c43c3b5a380b4d82525cdb68740f21140e767989b509ab0aa2"
+ nodeServiceSalt: "lowcoder.org"
maxQueryTimeout: 120
maxRequestSize: "20m"
+ snapshotRetentionTime: 30
+ marketplacePrivateMode: true
+ cookie:
+ name: LOWCODER_CE_SELFHOST_TOKEN
+ maxAge: 24
defaults:
maxOrgsPerUser: 100
maxMembersPerOrg: 1000
maxGroupsPerOrg: 100
maxAppsPerOrg: 1000
maxDevelopers: 50
+ apiRateLimit: 100
+ queryTimeout: 10
+ mailServer:
+ host: localhost
+ port: 578
+ smtpAuth: false
+ authUsername:
+ authPassword:
+ useSSL: false
+ useStartTLS: true
+ requireStartTLS: true
+ plugins:
+ folder: /plugins
#
# Redis
@@ -92,7 +117,6 @@ apiService:
# Overrides the image tag whose default is the chart appVersion.
#tag: "latest"
-
service:
type: ClusterIP
port: 80
@@ -117,7 +141,6 @@ nodeService:
# Overrides the image tag whose default is the chart appVersion.
#tag: "latest"
-
service:
type: ClusterIP
port: 80
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy