diff --git a/services/formbricks/.env b/services/formbricks/.env index 0328be3..0167f95 100644 --- a/services/formbricks/.env +++ b/services/formbricks/.env @@ -3,15 +3,15 @@ #COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure. # Service Configuration -SERVICE=formbricks +SERVICE=formbricks # Service name (e.g., adguard). Used as hostname in Tailscale and for container naming (app-${SERVICE}). IMAGE_URL=ghcr.io/formbricks/formbricks:latest # Network Configuration -SERVICEPORT=3000 -DNS_SERVER=9.9.9.9 +SERVICEPORT=3000 # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. +DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable. # Tailscale Configuration -TS_AUTHKEY= +TS_AUTHKEY= # Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions. # Time Zone setting for containers TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones @@ -19,4 +19,205 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim # Optional Service variables # PUID=1000 -#EXAMPLE_VAR="Environment varibale" +# Any Container environment variables are declared below. See https://docs.docker.com/compose/how-tos/environment-variables/ + +######################################################## REQUIRED ######################################################## + +# Your tailnet domain +TS_URL="formbricks..ts.net" + +# The url of your Formbricks instance used in the admin panel +# Set this to your public-facing URL, e.g., https://example.com +WEBAPP_URL=http://${TS_URL}:3000 + +# Required for next-auth. Should be the same as WEBAPP_URL +NEXTAUTH_URL=${WEBAPP_URL} + +# Set the below to your public domain (default is WEBAPP_URL) +PUBLIC_URL=${WEBAPP_URL} + +# PostgreSQL DB for Formbricks to connect to +DATABASE_URL="postgresql://postgres:postgres@postgres:5432/formbricks?schema=public" + +# NextJS Auth +# @see: https://next-auth.js.org/configuration/options#nextauth_secret +# You can use: `openssl rand -hex 32` to generate a new one +NEXTAUTH_SECRET="7b62c37371798cf96dc019f3d4f712a27d1b05d0755ffcf96481b8504697f532" + +# Encryption Key is used for 2FA & Single use URLs for Link Surveys +# You can use: `openssl rand -hex 32` to generate a new one +ENCRYPTION_KEY="i1e284266e3f7ace4772e329e0494aa1d6110fba48db06bd9652e7a9fdd167281" + +# API Secret for running cron jobs. +# You can use: `openssl rand -hex 32` to generate a new one +CRON_SECRET="b5af3d39789e7730004a01bb84922914ea0b478fe67784ce3fa8e4c35096d6b4" + +# Redis URL for caching, rate limiting, and audit logging +# To use external Redis/Valkey: remove the redis service below and update this URL +REDIS_URL="redis://redis:6379" + +# Set the minimum log level(debug, info, warn, error, fatal) +LOG_LEVEL="info" + +############################################# OPTIONAL (ENTERPRISE EDITION) ############################################# + +# Enterprise License Key (More info at: https://formbricks.com/docs/self-hosting/license) +# Required to access Enterprise-only features +# ENTERPRISE_LICENSE_KEY="" + +############################################# OPTIONAL (EMAIL CONFIGURATION) ############################################# + +# Email Configuration +MAIL_FROM="from@some.host" +MAIL_FROM_NAME="from host" +SMTP_HOST="some.host" +SMTP_PORT="587" +SMTP_USER="SMTPUser" +SMTP_PASSWORD="SMTPPassword" +SMTP_AUTHENTICATED="1" + +# (Additional option for TLS (port 465) only) +SMTP_SECURE_ENABLED="0" + +# If set to 0, the server will accept connections without requiring authorization from the list of supplied CAs (default is 1). +SMTP_REJECT_UNAUTHORIZED_TLS="1" + +############################################## OPTIONAL (APP CONFIGURATION) ############################################## + +# Set the below to 0 to enable Email Verification for new signups (will required Email Configuration) +EMAIL_VERIFICATION_DISABLED="1" + +# Set the below to 0 to enable Password Reset (will required Email Configuration) +PASSWORD_RESET_DISABLED="1" + +# Set the below to 1 to disable logins with email +EMAIL_AUTH_DISABLED="0" + +# Set the below to 1 to disable invites +INVITE_DISABLED="0" + +# Set the below if you want to ship JS & CSS files from a complete URL instead of the current domain +# ASSET_PREFIX_URL="" + +# Set the below to your Unsplash API Key for their Survey Backgrounds +# UNSPLASH_ACCESS_KEY="" + +# The SENTRY_DSN is used for error tracking and performance monitoring with Sentry. + +# SENTRY_DSN="" + +# It's used for authentication when uploading source maps to Sentry, to make errors more readable. +# SENTRY_AUTH_TOKEN="" + +# The SENTRY_ENVIRONMENT is used to identify the environment in Sentry. +# SENTRY_ENVIRONMENT="" + +################################################### OPTIONAL (STORAGE) ################################################### + +# Set S3 Storage configuration (required for the file upload in serverless environments like Vercel) +# S3_ACCESS_KEY="" +# S3_SECRET_KEY="" +# S3_REGION="" +# S3_BUCKET_NAME="" + +# Set a third party S3 compatible storage service endpoint like StorJ leave empty if you use Amazon S3 +# S3_ENDPOINT_URL="" + +# Force path style for S3 compatible storage (0 for disabled, 1 for enabled) +S3_FORCE_PATH_STYLE="0" + +############################################# OPTIONAL (OAUTH CONFIGURATION) ############################################# + +# Set the below from Cloudflare Turnstile if you want to enable turnstile in signups +# TURNSTILE_SITE_KEY="" +# TURNSTILE_SECRET_KEY="" + +# Set the below keys to enable recaptcha V3 for survey responses bot protection(only available in the Enterprise Edition) +# RECAPTCHA_SITE_KEY="" +# RECAPTCHA_SECRET_KEY="" + +# Set the below from GitHub if you want to enable GitHub OAuth +# GITHUB_ID="" +# GITHUB_SECRET="" + +# Set the below from Google if you want to enable Google OAuth +# GOOGLE_CLIENT_ID="" +# GOOGLE_CLIENT_SECRET="" + +# Set the below from Azure Active Directory Login if you want to enable Azure AD OAuth +# AZUREAD_CLIENT_ID="" +# AZUREAD_CLIENT_SECRET="" +# AZUREAD_TENANT_ID="" + +# Set the below to OpenID Connect Provider if you want to enable OIDC +# OIDC_CLIENT_ID="" +# OIDC_CLIENT_SECRET="" +# OIDC_ISSUER="" +# OIDC_DISPLAY_NAME="" +# OIDC_SIGNING_ALGORITHM="" + +# Set the below to SAML Provider if you want to enable SAML +# SAML_DATABASE_URL="postgresql://postgres:postgres@postgres:5432/formbricks-saml?sslmode=disable" + +########################################## OPTIONAL (THIRD PARTY INTEGRATIONS) ########################################### + +# Oauth credentials for Notion Integration +# NOTION_OAUTH_CLIENT_ID="" +# NOTION_OAUTH_CLIENT_SECRET="" + +# Oauth credentials for Google Sheet Integration +# GOOGLE_SHEETS_CLIENT_ID="" +# GOOGLE_SHEETS_CLIENT_SECRET="" +# GOOGLE_SHEETS_REDIRECT_URL="" + +# Oauth credentials for Airtable Integration +# AIRTABLE_CLIENT_ID="" + +# Oauth credentials for Slack Integration +# SLACK_CLIENT_ID="" +# SLACK_CLIENT_SECRET="" + +############################################### OPTIONAL (LEGAL INFORMATION) ################################################ + +# Set the below to have your own Privacy Page URL on auth & link survey page +# PRIVACY_URL="" + +# Set the below to have your own Terms Page URL on auth & link survey page +# TERMS_URL="" + +# Set the below to have your own Imprint Page URL on auth & link survey page +# IMPRINT_URL="" + +# Set the below to have your own Address on email footer +# IMPRINT_ADDRESS="" + +########################################## OPTIONAL (SERVER CONFIGURATION) ########################################### + +# Set the below to 1 to disable Rate Limiting across Formbricks +RATE_LIMITING_DISABLED="1" + +# Set the below to send OpenTelemetry data for tracing +# OPENTELEMETRY_LISTENER_URL="http://localhost:4318/v1/traces" + +########################################## OPTIONAL (AUDIT LOGGING) ########################################### + +# Set the below to 1 to enable audit logging. +AUDIT_LOG_ENABLED="1" + +# Set the below to get the ip address of the user from the request headers +AUDIT_LOG_GET_USER_IP="1" + +############################################# OPTIONAL (OTHER) ############################################# + +# signup is disabled by default for self-hosted instances, users can only signup using an invite link, in order to allow signup from SSO(without invite), set the below to 1 +AUTH_SKIP_INVITE_FOR_SSO="0" + +# Set the below to automatically assign new users to a specific team, insert an existing team id +# (Role Management is an Enterprise feature) +# AUTH_SSO_DEFAULT_TEAM_ID="" + +# Configure the minimum role for user management from UI(owner, manager, disabled) +USER_MANAGEMENT_MINIMUM_ROLE="manager" + +# Configure the maximum age for the session in seconds. Default is 86400 (24 hours) +SESSION_MAX_AGE="86400" diff --git a/services/formbricks/compose.yaml b/services/formbricks/compose.yaml index b8a2e97..9e9b19e 100644 --- a/services/formbricks/compose.yaml +++ b/services/formbricks/compose.yaml @@ -8,7 +8,7 @@ configs: "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}} services: -# Make sure you have updated/checked the .env file with the correct variables. +# Make sure you have updated/checked the .env file with the correct variables. # All the ${ xx } need to be defined there. # Tailscale Sidecar Configuration tailscale: @@ -37,7 +37,7 @@ services: #ports: # - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below - #dns: + #dns: # - ${DNS_SERVER} healthcheck: test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational @@ -66,205 +66,79 @@ services: network_mode: service:tailscale container_name: app-${SERVICE} environment: - ######################################################## REQUIRED ######################################################## - - # The url of your Formbricks instance used in the admin panel - # Set this to your public-facing URL, e.g., https://example.com - WEBAPP_URL: "https://formbricks..ts.net" - - # Required for next-auth. Should be the same as WEBAPP_URL - NEXTAUTH_URL: "https://formbricks..ts.net" - - # PostgreSQL DB for Formbricks to connect to - DATABASE_URL: "postgresql://postgres:postgres@postgres:5432/formbricks?schema=public" - - # NextJS Auth - # @see: https://next-auth.js.org/configuration/options#nextauth_secret - # You can use: `openssl rand -hex 32` to generate one - NEXTAUTH_SECRET: "" - - # Encryption Key is used for 2FA & Single use URLs for Link Surveys - # You can use: $(openssl rand -hex 32) to generate one - ENCRYPTION_KEY: "" - - # API Secret for running cron jobs. - # You can use: $(openssl rand -hex 32) to generate a secure one - CRON_SECRET: "" - - # Redis URL for caching, rate limiting, and audit logging - # To use external Redis/Valkey: remove the redis service below and update this URL - REDIS_URL: "redis://redis:6379" - - # Set the minimum log level(debug, info, warn, error, fatal) - # LOG_LEVEL: "info" - - ############################################# OPTIONAL (ENTERPRISE EDITION) ############################################# - - # Enterprise License Key (More info at: https://formbricks.com/docs/self-hosting/license) - # Required to access Enterprise-only features - # ENTERPRISE_LICENSE_KEY: "" - - ############################################# OPTIONAL (EMAIL CONFIGURATION) ############################################# - - # Email Configuration - # MAIL_FROM: "" - # MAIL_FROM_NAME: "" - # SMTP_HOST: "" - # SMTP_PORT: "" - # SMTP_USER: "" - # SMTP_PASSWORD: "" - # SMTP_AUTHENTICATED: "" - - # (Additional option for TLS (port 465) only) - # SMTP_SECURE_ENABLED: "" - - # If set to 0, the server will accept connections without requiring authorization from the list of supplied CAs (default is 1). - # SMTP_REJECT_UNAUTHORIZED_TLS: "0" - - ############################################## OPTIONAL (APP CONFIGURATION) ############################################## - - # Set the below to 0 to enable Email Verification for new signups (will required Email Configuration) - EMAIL_VERIFICATION_DISABLED: "1" - - # Set the below to 0 to enable Password Reset (will required Email Configuration) - PASSWORD_RESET_DISABLED: "1" - - # Set the below to 1 to disable logins with email - # EMAIL_AUTH_DISABLED: "" - - # Set the below to 1 to disable invites - # INVITE_DISABLED: "" - - # Set the below if you want to ship JS & CSS files from a complete URL instead of the current domain - # ASSET_PREFIX_URL: "" - - # Set the below to your Unsplash API Key for their Survey Backgrounds - # UNSPLASH_ACCESS_KEY: "" - - # Set the below to your public domain (default is WEBAPP_URL) - # PUBLIC_URL: "" - - # The SENTRY_DSN is used for error tracking and performance monitoring with Sentry. - # SENTRY_DSN: "" - # It's used for authentication when uploading source maps to Sentry, to make errors more readable. - # SENTRY_AUTH_TOKEN: "" - # The SENTRY_ENVIRONMENT is used to identify the environment in Sentry. - # SENTRY_ENVIRONMENT: "" - - ################################################### OPTIONAL (STORAGE) ################################################### - - # Set S3 Storage configuration (required for the file upload in serverless environments like Vercel) - # S3_ACCESS_KEY: "" - # S3_SECRET_KEY: "" - # S3_REGION: "" - # S3_BUCKET_NAME: "" - - # Set a third party S3 compatible storage service endpoint like StorJ leave empty if you use Amazon S3 - # S3_ENDPOINT_URL: "" - - # Force path style for S3 compatible storage (0 for disabled, 1 for enabled) - # S3_FORCE_PATH_STYLE: "0" - - ############################################# OPTIONAL (OAUTH CONFIGURATION) ############################################# - - # Set the below from Cloudflare Turnstile if you want to enable turnstile in signups - # TURNSTILE_SITE_KEY: "" - # TURNSTILE_SECRET_KEY: "" - - # Set the below keys to enable recaptcha V3 for survey responses bot protection(only available in the Enterprise Edition) - # RECAPTCHA_SITE_KEY: "" - # RECAPTCHA_SECRET_KEY: "" - - # Set the below from GitHub if you want to enable GitHub OAuth - # GITHUB_ID: "" - # GITHUB_SECRET: "" - - # Set the below from Google if you want to enable Google OAuth - # GOOGLE_CLIENT_ID: "" - # GOOGLE_CLIENT_SECRET: "" - - # Set the below from Azure Active Directory Login if you want to enable Azure AD OAuth - # AZUREAD_CLIENT_ID: "" - # AZUREAD_CLIENT_SECRET: "" - # AZUREAD_TENANT_ID: "" - - # Set the below to OpenID Connect Provider if you want to enable OIDC - # OIDC_CLIENT_ID: "" - # OIDC_CLIENT_SECRET: "" - # OIDC_ISSUER: "" - # OIDC_DISPLAY_NAME: "" - # OIDC_SIGNING_ALGORITHM: "" - - # Set the below to SAML Provider if you want to enable SAML - # SAML_DATABASE_URL: "postgresql://postgres:postgres@postgres:5432/formbricks-saml?sslmode=disable" - - ########################################## OPTIONAL (THIRD PARTY INTEGRATIONS) ########################################### - - # Oauth credentials for Notion Integration - # NOTION_OAUTH_CLIENT_ID: "" - # NOTION_OAUTH_CLIENT_SECRET: "" - - # Oauth credentials for Google Sheet Integration - # GOOGLE_SHEETS_CLIENT_ID: "" - # GOOGLE_SHEETS_CLIENT_SECRET: "" - # GOOGLE_SHEETS_REDIRECT_URL: "" - - # Oauth credentials for Airtable Integration - # AIRTABLE_CLIENT_ID: "" - - # Oauth credentials for Slack Integration - # SLACK_CLIENT_ID: "" - # SLACK_CLIENT_SECRET: "" - - ############################################### OPTIONAL (LEGAL INFORMATION) ################################################ - - # Set the below to have your own Privacy Page URL on auth & link survey page - # PRIVACY_URL: "" - - # Set the below to have your own Terms Page URL on auth & link survey page - # TERMS_URL: "" - - # Set the below to have your own Imprint Page URL on auth & link survey page - # IMPRINT_URL: "" - - # Set the below to have your own Address on email footer - # IMPRINT_ADDRESS: "" - - ########################################## OPTIONAL (SERVER CONFIGURATION) ########################################### - - # Set the below to 1 to disable Rate Limiting across Formbricks - # RATE_LIMITING_DISABLED: "1" - - # Set the below to send OpenTelemetry data for tracing - # OPENTELEMETRY_LISTENER_URL: "http://localhost:4318/v1/traces" - - ########################################## OPTIONAL (AUDIT LOGGING) ########################################### - - # Set the below to 1 to enable audit logging. - # AUDIT_LOG_ENABLED: "1" - - # Set the below to get the ip address of the user from the request headers - # AUDIT_LOG_GET_USER_IP: "1" - - ############################################# OPTIONAL (OTHER) ############################################# - - # signup is disabled by default for self-hosted instances, users can only signup using an invite link, in order to allow signup from SSO(without invite), set the below to 1 - # AUTH_SKIP_INVITE_FOR_SSO: "1" - - # Set the below to automatically assign new users to a specific team, insert an existing team id - # (Role Management is an Enterprise feature) - # AUTH_SSO_DEFAULT_TEAM_ID: "" - - # Configure the minimum role for user management from UI(owner, manager, disabled) - # USER_MANAGEMENT_MINIMUM_ROLE: "manager" - - # Configure the maximum age for the session in seconds. Default is 86400 (24 hours) - # SESSION_MAX_AGE: "86400" - - # Container/host settings - PUID: "1000" - PGID: "1000" - TZ: Europe/Amsterdam + - PUID=1000 + - PGID=1000 + - TZ=${TZ} + - WEBAPP_URL=${WEBAPP_URL} + - NEXTAUTH_URL=${NEXTAUTH_URL} + - DATABASE_URL=${DATABASE_URL} + - NEXTAUTH_SECRET=${NEXTAUTH_SECRET} + - ENCRYPTION_KEY=${ENCRYPTION_KEY} + - CRON_SECRET=${CRON_SECRET} + - REDIS_URL=${REDIS_URL} + - LOG_LEVEL=${LOG_LEVEL} + - ENTERPRISE_LICENSE_KEY=${ENTERPRISE_LICENSE_KEY} + - MAIL_FROM=${MAIL_FROM} + - MAIL_FROM_NAME=${MAIL_FROM_NAME} + - SMTP_HOST=${SMTP_HOST} + - SMTP_PORT=${SMTP_PORT} + - SMTP_USER=${SMTP_USER} + - SMTP_PASSWORD=${SMTP_PASSWORD} + - SMTP_AUTHENTICATED=${SMTP_AUTHENTICATED} + - SMTP_SECURE_ENABLED=${SMTP_SECURE_ENABLED} + - SMTP_REJECT_UNAUTHORIZED_TLS=${SMTP_REJECT_UNAUTHORIZED_TLS} + - EMAIL_VERIFICATION_DISABLED=${EMAIL_VERIFICATION_DISABLED} + - PASSWORD_RESET_DISABLED=${PASSWORD_RESET_DISABLED} + - EMAIL_AUTH_DISABLED=${EMAIL_AUTH_DISABLED} + - INVITE_DISABLED=${INVITE_DISABLED} + - ASSET_PREFIX_URL=${ASSET_PREFIX_URL} + - UNSPLASH_ACCESS_KEY=${UNSPLASH_ACCESS_KEY} + - PUBLIC_URL=${PUBLIC_URL} + - SENTRY_DSN=${SENTRY_DSN} + - SENTRY_AUTH_TOKEN=${SENTRY_AUTH_TOKEN} + - SENTRY_ENVIRONMENT=${SENTRY_ENVIRONMENT} + - S3_ACCESS_KEY=${S3_ACCESS_KEY} + - S3_SECRET_KEY=${S3_SECRET_KEY} + - S3_REGION=${S3_REGION} + - S3_BUCKET_NAME=${S3_BUCKET_NAME} + - S3_ENDPOINT_URL=${S3_ENDPOINT_URL} + - S3_FORCE_PATH_STYLE=${S3_FORCE_PATH_STYLE} + - TURNSTILE_SITE_KEY=${TURNSTILE_SITE_KEY} + - TURNSTILE_SECRET_KEY=${TURNSTILE_SECRET_KEY} + - RECAPTCHA_SITE_KEY=${RECAPTCHA_SITE_KEY} + - RECAPTCHA_SECRET_KEY=${RECAPTCHA_SECRET_KEY} + - GITHUB_ID=${GITHUB_ID} + - GITHUB_SECRET=${GITHUB_SECRET} + - GOOGLE_CLIENT_ID=${GOOGLE_CLIENT_ID} + - GOOGLE_CLIENT_SECRET=${GOOGLE_CLIENT_SECRET} + - AZUREAD_CLIENT_ID=${AZUREAD_CLIENT_ID} + - AZUREAD_CLIENT_SECRET=${AZUREAD_CLIENT_SECRET} + - AZUREAD_TENANT_ID=${AZUREAD_TENANT_ID} + - OIDC_CLIENT_ID=${OIDC_CLIENT_ID} + - OIDC_CLIENT_SECRET=${OIDC_CLIENT_SECRET} + - OIDC_ISSUER=${OIDC_ISSUER} + - OIDC_DISPLAY_NAME=${OIDC_DISPLAY_NAME} + - OIDC_SIGNING_ALGORITHM=${OIDC_SIGNING_ALGORITHM} + - SAML_DATABASE_URL=${SAML_DATABASE_URL} + - NOTION_OAUTH_CLIENT_ID=${NOTION_OAUTH_CLIENT_ID} + - NOTION_OAUTH_CLIENT_SECRET=${NOTION_OAUTH_CLIENT_SECRET} + - GOOGLE_SHEETS_CLIENT_ID=${GOOGLE_SHEETS_CLIENT_ID} + - GOOGLE_SHEETS_CLIENT_SECRET=${GOOGLE_SHEETS_CLIENT_SECRET} + - GOOGLE_SHEETS_REDIRECT_URL=${GOOGLE_SHEETS_REDIRECT_URL} + - AIRTABLE_CLIENT_ID=${AIRTABLE_CLIENT_ID} + - SLACK_CLIENT_ID=${SLACK_CLIENT_ID} + - SLACK_CLIENT_SECRET=${SLACK_CLIENT_SECRET} + - PRIVACY_URL=${PRIVACY_URL} + - TERMS_URL=${TERMS_URL} + - IMPRINT_URL=${IMPRINT_URL} + - IMPRINT_ADDRESS=${IMPRINT_ADDRESS} + - RATE_LIMITING_DISABLED=${RATE_LIMITING_DISABLED} + - AUDIT_LOG_ENABLED=${AUDIT_LOG_ENABLED} + - AUDIT_LOG_GET_USER_IP=${AUDIT_LOG_GET_USER_IP} + - AUTH_SKIP_INVITE_FOR_SSO=${AUTH_SKIP_INVITE_FOR_SSO} + - AUTH_SSO_DEFAULT_TEAM_ID=${AUTH_SSO_DEFAULT_TEAM_ID} + - USER_MANAGEMENT_MINIMUM_ROLE=${USER_MANAGEMENT_MINIMUM_ROLE} + - SESSION_MAX_AGE=${SESSION_MAX_AGE} volumes: - ./${SERVICE}-data/app/config:/config - ./${SERVICE}-data/saml-connection:/home/nextjs/apps/web/saml-connection