diff --git a/README.md b/README.md index 8cd0af217..f5117abd0 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,8 @@ · Website · + Documentation + · Issues · Upcoming Releases @@ -146,45 +148,7 @@ npm run d ### Manual Setup -Follow these steps to setup Documenso on your local machine: - -1. [Fork this repository](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/about-forks) to your GitHub account. - -After forking the repository, clone it to your local device by using the following command: - -```sh -git clone https://github.com//documenso -``` - -2. Run `npm i` in the root directory - -3. Create your `.env` from the `.env.example`. You can use `cp .env.example .env` to get started with our handpicked defaults. - -4. Set the following environment variables: - - - NEXTAUTH_SECRET - - NEXT_PUBLIC_WEBAPP_URL - - NEXT_PRIVATE_DATABASE_URL - - NEXT_PRIVATE_DIRECT_DATABASE_URL - - NEXT_PRIVATE_SMTP_FROM_NAME - - NEXT_PRIVATE_SMTP_FROM_ADDRESS - -5. Create the database schema by running `npm run prisma:migrate-dev` - -6. Run `npm run translate:compile` in the root directory to compile lingui - -7. Run `npm run dev` in the root directory to start - -8. Register a new user at http://localhost:3000/signup - ---- - -- Optional: Seed the database using `npm run prisma:seed -w @documenso/prisma` to create a test user and document. -- Optional: Create your own signing certificate. - - To generate your own using these steps and a Linux Terminal or Windows Subsystem for Linux (WSL), see **[Create your own signing certificate](./SIGNING.md)**. -- Optional: Configure job provider for document reminders. - - The default local job provider does not support scheduled jobs required for document reminders. - - To enable reminders, set `NEXT_PRIVATE_JOBS_PROVIDER=inngest` and provide `NEXT_PRIVATE_INNGEST_EVENT_KEY` in your `.env` file. +Follow the [manual setup guide](https://docs.documenso.com/docs/developers/local-development/manual) to configure Documenso on your local machine. ### Run in Gitpod @@ -204,139 +168,44 @@ If you're a visual learner and prefer to watch a video walkthrough of setting up ## Docker -We provide a Docker container for Documenso, which is published on both DockerHub and GitHub Container Registry. +We provide official Docker images on [DockerHub](https://hub.docker.com/r/documenso/documenso) and [GitHub Container Registry](https://ghcr.io/documenso/documenso). -- DockerHub: [https://hub.docker.com/r/documenso/documenso](https://hub.docker.com/r/documenso/documenso) -- GitHub Container Registry: [https://ghcr.io/documenso/documenso](https://ghcr.io/documenso/documenso) - -You can pull the Docker image from either of these registries and run it with your preferred container hosting provider. - -Please note that you will need to provide environment variables for connecting to the database, mailserver, and so forth. - -For detailed instructions on how to configure and run the Docker container, please refer to the [Docker README](./docker/README.md) in the `docker` directory. +For setup instructions, see the [Docker Deployment](https://docs.documenso.com/docs/self-hosting/deployment/docker) and [Docker Compose](https://docs.documenso.com/docs/self-hosting/deployment/docker-compose) guides. ## Self Hosting -We support a variety of deployment methods, and are actively working on adding more. Stay tuned for updates! +We support a variety of deployment methods including Docker, Docker Compose, Railway, Kubernetes, and manual deployment. -### Fetch, configure, and build +For full instructions, requirements, and configuration details, see the [Self Hosting documentation](https://docs.documenso.com/docs/self-hosting). -First, clone the code from Github: +### One-Click Deploys -``` -git clone https://github.com/documenso/documenso.git -``` - -Then, inside the `documenso` folder, copy the example env file: - -``` -cp .env.example .env -``` - -The following environment variables must be set: - -- `NEXTAUTH_SECRET` -- `NEXT_PUBLIC_WEBAPP_URL` -- `NEXT_PRIVATE_DATABASE_URL` -- `NEXT_PRIVATE_DIRECT_DATABASE_URL` -- `NEXT_PRIVATE_SMTP_FROM_NAME` -- `NEXT_PRIVATE_SMTP_FROM_ADDRESS` - -> If you are using a reverse proxy in front of Documenso, don't forget to provide the public URL for the `NEXT_PUBLIC_WEBAPP_URL` variable! - -Now you can install the dependencies and build it: - -``` -npm i -npm run build -npm run prisma:migrate-deploy -``` - -Finally, you can start it with: - -``` -cd apps/remix -npm run start -``` - -This will start the server on `localhost:3000`. For now, any reverse proxy can then do the frontend and SSL termination. - -> If you want to run with another port than 3000, you can start the application with `PORT= npm run start` from the `apps/remix` folder. - -### Run as a service - -You can use a systemd service file to run the app. Here is a simple example of the service running on port 3500 (using 3000 by default): - -```bash -[Unit] -Description=documenso -After=network.target - -[Service] -Environment=PATH=/path/to/your/node/binaries -Type=simple -User=www-data -WorkingDirectory=/var/www/documenso/apps/remix -ExecStart=/usr/bin/env PORT=3500 /usr/bin/npm run start -TimeoutSec=15 -Restart=always - -[Install] -WantedBy=multi-user.target -``` - -### Railway +#### Railway [![Deploy on Railway](https://railway.app/button.svg)](https://railway.app/template/bG6D4p) -### Render +#### Render [![Deploy to Render](https://render.com/images/deploy-to-render-button.svg)](https://render.com/deploy?repo=https://github.com/documenso/documenso) -### Koyeb +#### Koyeb [![Deploy to Koyeb](https://www.koyeb.com/static/images/deploy/button.svg)](https://app.koyeb.com/deploy?type=git&repository=github.com/documenso/documenso&branch=main&name=documenso-app&builder=dockerfile&dockerfile=/docker/Dockerfile) -## Elestio +#### Elestio [![Deploy on Elestio](https://elest.io/images/logos/deploy-to-elestio-btn.png)](https://elest.io/open-source/documenso) ## Troubleshooting +For troubleshooting self-hosted deployments, see the [Troubleshooting guide](https://docs.documenso.com/docs/self-hosting/maintenance/troubleshooting) and [Tips & Common Pitfalls](https://docs.documenso.com/docs/self-hosting/getting-started/tips). + ### I'm not receiving any emails when using the developer quickstart. When using the developer quickstart, an [Inbucket](https://inbucket.org/) server will be spun up in a docker container that will store all outgoing emails locally for you to view. The Web UI can be found at http://localhost:9000, while the SMTP port will be on localhost:2500. -### Support IPv6 - -If you are deploying to a cluster that uses only IPv6, You can use a custom command to pass a parameter to the Remix start command - -For local docker run - -```bash -docker run -it -e HOST=:: documenso/documenso:latest npm run start -``` - -For k8s or docker-compose - -```yaml -containers: - - name: documenso - image: documenso/documenso:latest - imagePullPolicy: IfNotPresent - command: - - npm - env: - - name: HOST - value: "::" - args: - - run - - start - -``` - ### I can't see environment variables in my package scripts. Wrap your package script with the `with:env` script like such: diff --git a/apps/docs/content/docs/developers/local-development/manual.mdx b/apps/docs/content/docs/developers/local-development/manual.mdx index 86ec490af..f87bc99a1 100644 --- a/apps/docs/content/docs/developers/local-development/manual.mdx +++ b/apps/docs/content/docs/developers/local-development/manual.mdx @@ -83,6 +83,15 @@ npm run prisma:seed -w @documenso/prisma + +### Optional: configure job provider + +The default local job provider does not support scheduled jobs required for document reminders. + +See the [Background Jobs](/docs/self-hosting/configuration/background-jobs) page for more information. + + + ### Start the application @@ -105,6 +114,20 @@ Access the Documenso application by visiting `http://localhost:3000` in your web certificate](/docs/developers/local-development/signing-certificate)**. +## Running Scripts with Environment Variables + +If a package script does not automatically load your `.env` and `.env.local` files, wrap it with the `with:env` script: + +```bash +npm run with:env -- npm run myscript +``` + +The same works for `npx` when running bin scripts: + +```bash +npm run with:env -- npx myscript +``` + ## See Also - [Developer Quickstart](/docs/developers/local-development/quickstart) - Quick Docker-based setup diff --git a/apps/docs/content/docs/self-hosting/deployment/docker.mdx b/apps/docs/content/docs/self-hosting/deployment/docker.mdx index 90159be0f..7d6d4b9cd 100644 --- a/apps/docs/content/docs/self-hosting/deployment/docker.mdx +++ b/apps/docs/content/docs/self-hosting/deployment/docker.mdx @@ -26,8 +26,14 @@ docker --version ## Pulling the Docker Image +The Documenso image is available on both DockerHub and GitHub Container Registry: + ```bash +# DockerHub docker pull documenso/documenso:latest + +# GitHub Container Registry +docker pull ghcr.io/documenso/documenso:latest ``` ### Available Tags @@ -196,6 +202,14 @@ Documenso provides health check endpoints for monitoring: | `/api/health` | Checks database connectivity and certificate status | | `/api/certificate-status` | Returns whether a signing certificate is configured and usable | +Both endpoints return a JSON response with a `status` field: + +| Status | Meaning | +| ----------- | -------------------------------------------------------------------- | +| `"ok"` | Everything is working properly | +| `"warning"` | Application is running but there are certificate issues | +| `"error"` | Critical issues (database unreachable, missing configuration, etc.) | + ### Docker Health Check Add a health check to your container: diff --git a/apps/docs/content/docs/self-hosting/getting-started/index.mdx b/apps/docs/content/docs/self-hosting/getting-started/index.mdx index edd614ff8..33fd7a321 100644 --- a/apps/docs/content/docs/self-hosting/getting-started/index.mdx +++ b/apps/docs/content/docs/self-hosting/getting-started/index.mdx @@ -3,6 +3,8 @@ title: Getting Started description: Requirements and quick start guide for self-hosting Documenso. --- +import { Callout } from 'fumadocs-ui/components/callout'; + + + + **You must generate a signing certificate.** Documenso does not ship with one. Without a + certificate, the application starts normally but document signing will fail on completion with + errors. + + Please see all the [requirements](/docs/self-hosting/getting-started/requirements) before proceeding. + diff --git a/apps/docs/content/docs/self-hosting/getting-started/requirements.mdx b/apps/docs/content/docs/self-hosting/getting-started/requirements.mdx index e4ca2a71f..13b2b75ab 100644 --- a/apps/docs/content/docs/self-hosting/getting-started/requirements.mdx +++ b/apps/docs/content/docs/self-hosting/getting-started/requirements.mdx @@ -7,14 +7,29 @@ import { Callout } from 'fumadocs-ui/components/callout'; ## What You Need -Documenso requires the following external services: +Documenso requires the following items and external services: | Service | Purpose | Minimum Version | | ------------- | ---------------------------- | --------------- | +| Signing certificate | Digital signature for documents | N/A | | PostgreSQL | Primary database | 14+ | | SMTP server | Sending emails to recipients | Any | | Reverse proxy | SSL termination, routing | Any | + +### Signing Certificate + + + Documenso does not ship with a signing certificate. Without one, the application starts normally + but all document signing will fail. You must generate or provide a `.p12` certificate before going + to production. + + +Every completed document is digitally signed using an X.509 certificate. You can generate a self-signed certificate for free or use one from a Certificate Authority (CA). + +- [Generate a local certificate](/docs/self-hosting/configuration/signing-certificate/local) — step-by-step instructions to create a `.p12` certificate +- [All certificate options](/docs/self-hosting/configuration/signing-certificate) — self-signed, CA-issued, and Google Cloud HSM + ### PostgreSQL Database Documenso uses PostgreSQL for all data storage including documents, users, and audit logs. You cannot use MySQL, SQLite, or other databases. diff --git a/apps/docs/content/docs/self-hosting/getting-started/tips.mdx b/apps/docs/content/docs/self-hosting/getting-started/tips.mdx index 4673ae6aa..7fe640ab3 100644 --- a/apps/docs/content/docs/self-hosting/getting-started/tips.mdx +++ b/apps/docs/content/docs/self-hosting/getting-started/tips.mdx @@ -154,6 +154,34 @@ See [Background Jobs Configuration](/docs/self-hosting/configuration/background- --- +## IPv6-Only Deployments + +If you are deploying to an environment that uses only IPv6, set the `HOST` environment variable to `::` so the application binds to all IPv6 addresses: + +**Docker:** + +```bash +docker run -it -e HOST=:: documenso/documenso:latest npm run start +``` + +**Kubernetes or Docker Compose:** + +```yaml +containers: + - name: documenso + image: documenso/documenso:latest + command: + - npm + args: + - run + - start + env: + - name: HOST + value: '::' +``` + +--- + ## Docker File Permissions The Documenso container runs as a non-root user (UID 1001). If you mount files into the container (certificates, configuration), ensure they're readable: diff --git a/apps/docs/content/docs/self-hosting/index.mdx b/apps/docs/content/docs/self-hosting/index.mdx index 14e5442a8..4263d30d4 100644 --- a/apps/docs/content/docs/self-hosting/index.mdx +++ b/apps/docs/content/docs/self-hosting/index.mdx @@ -3,6 +3,8 @@ title: Self-Hosting description: Deploy and manage your own Documenso instance for complete control over your data, compliance, and customization. --- +import { Callout } from 'fumadocs-ui/components/callout'; + ## Getting Started @@ -18,6 +20,13 @@ description: Deploy and manage your own Documenso instance for complete control /> + + **You must generate a signing certificate.** Documenso does not ship with one. Without a + certificate, the application starts normally but document signing will fail. + + Please see all the [requirements](/docs/self-hosting/getting-started/requirements) before proceeding. + + --- ## Deployment Options diff --git a/docker/README.md b/docker/README.md index f6c549760..1b990e02e 100644 --- a/docker/README.md +++ b/docker/README.md @@ -1,261 +1,8 @@ # Docker Setup for Documenso -The following guide will walk you through setting up Documenso using Docker. You can choose between a production setup using Docker Compose or a standalone container. +For full instructions on running Documenso with Docker, see the official documentation: -## Prerequisites - -Before you begin, ensure that you have the following installed: - -- Docker -- Docker Compose (if using the Docker Compose setup) - -## Option 1: Production Docker Compose Setup - -This setup includes a PostgreSQL database and the Documenso application. You will need to provide your own SMTP details via environment variables. - -1. Download the Docker Compose file from the Documenso repository: [compose.yml](https://raw.githubusercontent.com/documenso/documenso/release/docker/production/compose.yml) -2. Navigate to the directory containing the `compose.yml` file. -3. Create a `.env` file in the same directory and add your SMTP details as well as a few extra environment variables, following the example below: - -``` -# Generate random secrets (you can use: openssl rand -hex 32) -NEXTAUTH_SECRET="" -NEXT_PRIVATE_ENCRYPTION_KEY="" -NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY="" - -# Your application URL -NEXT_PUBLIC_WEBAPP_URL="" - -# SMTP Configuration -NEXT_PRIVATE_SMTP_TRANSPORT="smtp-auth" -NEXT_PRIVATE_SMTP_HOST="" -NEXT_PRIVATE_SMTP_PORT= -NEXT_PRIVATE_SMTP_USERNAME="" -NEXT_PRIVATE_SMTP_PASSWORD="" -NEXT_PRIVATE_SMTP_FROM_NAME="" -NEXT_PRIVATE_SMTP_FROM_ADDRESS="" - -# Certificate passphrase (required) -NEXT_PRIVATE_SIGNING_PASSPHRASE="" -``` - -4. Set up your signing certificate. You have three options: - - **Option A: Generate Certificate Inside Container (Recommended)** - - Start your containers first, then generate a self-signed certificate: - - ```bash - # Start containers - docker-compose up -d - - # Set certificate password securely (won't appear in command history) - read -s -p "Enter certificate password: " CERT_PASS - echo - - # Generate certificate inside container using environment variable - docker exec -e CERT_PASS="$CERT_PASS" -it documenso-production-documenso-1 bash -c " - openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ - -keyout /tmp/private.key \ - -out /tmp/certificate.crt \ - -subj '/C=US/ST=State/L=City/O=Organization/CN=localhost' && \ - openssl pkcs12 -export -out /app/certs/cert.p12 \ - -inkey /tmp/private.key -in /tmp/certificate.crt \ - -passout env:CERT_PASS && \ - rm /tmp/private.key /tmp/certificate.crt - " - - # Restart container - docker-compose restart documenso - ``` - - **Option B: Use Existing Certificate** - - If you have an existing `.p12` certificate, update the volume binding in `compose.yml`: - - ```yaml - volumes: - - /path/to/your/cert.p12:/opt/documenso/cert.p12:ro - ``` - -5. Run the following command to start the containers: - -``` -docker-compose --env-file ./.env up -d -``` - -This will start the PostgreSQL database and the Documenso application containers. - -6. Access the Documenso application by visiting `http://localhost:3000` in your web browser. - -## Option 2: Standalone Docker Container - -If you prefer to host the Documenso application on your container provider of choice, you can use the pre-built Docker image from DockerHub or GitHub's Package Registry. Note that you will need to provide your own database and SMTP host. - -1. Pull the Documenso Docker image: - -``` -docker pull documenso/documenso -``` - -Or, if using GitHub's Package Registry: - -``` -docker pull ghcr.io/documenso/documenso -``` - -2. Run the Docker container, providing the necessary environment variables for your database and SMTP host: - -``` -docker run -d \ - -p 3000:3000 \ - -e NEXTAUTH_SECRET="" \ - -e NEXT_PRIVATE_ENCRYPTION_KEY="" \ - -e NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY="" \ - -e NEXT_PUBLIC_WEBAPP_URL="" \ - -e NEXT_PRIVATE_INTERNAL_WEBAPP_URL="http://localhost:3000" \ - -e NEXT_PRIVATE_DATABASE_URL="" \ - -e NEXT_PRIVATE_DIRECT_DATABASE_URL="" \ - -e NEXT_PRIVATE_SMTP_TRANSPORT="" \ - -e NEXT_PRIVATE_SMTP_FROM_NAME="" \ - -e NEXT_PRIVATE_SMTP_FROM_ADDRESS="" \ - -e NEXT_PRIVATE_SIGNING_PASSPHRASE="" \ - -v /path/to/your/cert.p12:/opt/documenso/cert.p12:ro \ - documenso/documenso -``` - -Replace the placeholders with your actual database and SMTP details. - -3. Access the Documenso application by visiting the URL you provided in the `NEXT_PUBLIC_WEBAPP_URL` environment variable in your web browser. - -## Success - -You have now successfully set up Documenso using Docker. You can start organizing and managing your documents efficiently. - -## Troubleshooting - -### Certificate Permission Issues - -If you encounter errors related to certificate access, here are common solutions: - -#### Error: "Failed to read signing certificate" - -1. **Check file exists:** - - ```bash - ls -la /path/to/your/cert.p12 - ``` - -2. **Fix permissions:** - - ```bash - chmod 644 /path/to/your/cert.p12 - chown 1001:1001 /path/to/your/cert.p12 - ``` - -3. **Verify Docker mount:** - ```bash - docker exec -it ls -la /opt/documenso/cert.p12 - ``` - -### Container Logs - -Check application logs for detailed error information: - -```bash -# For Docker Compose -docker-compose logs -f documenso - -# For standalone container -docker logs -f -``` - -### Health Checks - -Check the status of your Documenso instance: - -```bash -# Basic health check (database + certificate) -curl http://localhost:3000/api/health - -# Detailed certificate status -curl http://localhost:3000/api/certificate-status -``` - -The health endpoint will show: - -- `status: "ok"` - Everything working properly -- `status: "warning"` - App running but certificate issues -- `status: "error"` - Critical issues (database down, etc.) - -### Common Issues - -1. **Port already in use:** Change the port mapping in compose.yml or your docker run command -2. **Database connection issues:** Ensure your database is running and accessible -3. **SMTP errors:** Verify your email server settings in the .env file - -If you encounter any issues or have further questions, please refer to the official Documenso documentation or seek assistance from the community. - -## Advanced Configuration - -The environment variables listed above are a subset of those that are available for configuring Documenso. For a complete list of environment variables and their descriptions, refer to the table below: - -Here's a markdown table documenting all the provided environment variables: - -| Variable | Description | -| -------------------------------------------------------------- | --------------------------------------------------------------------------------------------------- | -| `PORT` | The port to run the Documenso application on, defaults to `3000`. | -| `NEXTAUTH_SECRET` | The secret key used by NextAuth.js for encryption and signing. | -| `NEXT_PRIVATE_ENCRYPTION_KEY` | The primary encryption key for symmetric encryption and decryption (at least 32 characters). | -| `NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY` | The secondary encryption key for symmetric encryption and decryption (at least 32 characters). | -| `NEXT_PRIVATE_GOOGLE_CLIENT_ID` | The Google client ID for Google authentication (optional). | -| `NEXT_PRIVATE_GOOGLE_CLIENT_SECRET` | The Google client secret for Google authentication (optional). | -| `NEXT_PUBLIC_WEBAPP_URL` | The URL for the web application. | -| `NEXT_PRIVATE_DATABASE_URL` | The URL for the primary database connection (with connection pooling). | -| `NEXT_PRIVATE_DIRECT_DATABASE_URL` | The URL for the direct database connection (without connection pooling). | -| `NEXT_PRIVATE_SIGNING_TRANSPORT` | The signing transport to use. Available options: local (default), gcloud-hsm | -| `NEXT_PRIVATE_SIGNING_PASSPHRASE` | The passphrase for the key file. | -| `NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS` | The base64-encoded contents of the key file, will be used instead of file path. | -| `NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH` | The path to the key file, default `/opt/documenso/cert.p12`. | -| `NEXT_PRIVATE_SIGNING_GCLOUD_HSM_KEY_PATH` | The Google Cloud HSM key path for the gcloud-hsm signing transport. | -| `NEXT_PRIVATE_SIGNING_GCLOUD_HSM_PUBLIC_CRT_FILE_PATH` | The path to the Google Cloud HSM public certificate file for the gcloud-hsm transport. | -| `NEXT_PRIVATE_SIGNING_GCLOUD_HSM_PUBLIC_CRT_FILE_CONTENTS` | The base64-encoded Google Cloud HSM public certificate for the gcloud-hsm transport. | -| `NEXT_PRIVATE_SIGNING_GCLOUD_APPLICATION_CREDENTIALS_CONTENTS` | The base64-encoded Google Cloud Credentials for the gcloud-hsm transport. | -| `NEXT_PRIVATE_SIGNING_GCLOUD_HSM_CERT_CHAIN_FILE_PATH` | The path to the certificate chain file for the gcloud-hsm transport. | -| `NEXT_PRIVATE_SIGNING_GCLOUD_HSM_CERT_CHAIN_CONTENTS` | The base64-encoded certificate chain for the gcloud-hsm transport. | -| `NEXT_PRIVATE_SIGNING_GCLOUD_HSM_SECRET_MANAGER_CERT_PATH` | The Google Secret Manager path to retrieve the certificate for the gcloud-hsm transport. | -| `NEXT_PRIVATE_SIGNING_TIMESTAMP_AUTHORITY` | Comma-separated list of timestamp authority URLs for PDF signing (enables LTV). | -| `NEXT_PUBLIC_SIGNING_CONTACT_INFO` | Contact info to embed in PDF signatures. Defaults to the webapp URL. | -| `NEXT_PRIVATE_USE_LEGACY_SIGNING_SUBFILTER` | Set to "true" to use legacy adbe.pkcs7.detached subfilter instead of ETSI.CAdES.detached. | -| `NEXT_PUBLIC_UPLOAD_TRANSPORT` | The transport to use for file uploads (database or s3). | -| `NEXT_PRIVATE_UPLOAD_ENDPOINT` | The endpoint for the S3 storage transport (for third-party S3-compatible providers). | -| `NEXT_PRIVATE_UPLOAD_FORCE_PATH_STYLE` | Whether to force path-style URLs for the S3 storage transport. | -| `NEXT_PRIVATE_UPLOAD_REGION` | The region for the S3 storage transport (defaults to us-east-1). | -| `NEXT_PRIVATE_UPLOAD_BUCKET` | The bucket to use for the S3 storage transport. | -| `NEXT_PRIVATE_UPLOAD_ACCESS_KEY_ID` | The access key ID for the S3 storage transport. | -| `NEXT_PRIVATE_UPLOAD_SECRET_ACCESS_KEY` | The secret access key for the S3 storage transport. | -| `NEXT_PRIVATE_SMTP_TRANSPORT` | The transport to use for sending emails (smtp-auth, smtp-api, resend, or mailchannels). | -| `NEXT_PRIVATE_SMTP_HOST` | The host for the SMTP server for SMTP transports. | -| `NEXT_PRIVATE_SMTP_PORT` | The port for the SMTP server for SMTP transports. | -| `NEXT_PRIVATE_SMTP_USERNAME` | The username for the SMTP server for the `smtp-auth` transport. | -| `NEXT_PRIVATE_SMTP_PASSWORD` | The password for the SMTP server for the `smtp-auth` transport. | -| `NEXT_PRIVATE_SMTP_APIKEY_USER` | The API key user for the SMTP server for the `smtp-api` transport. | -| `NEXT_PRIVATE_SMTP_APIKEY` | The API key for the SMTP server for the `smtp-api` transport. | -| `NEXT_PRIVATE_SMTP_SECURE` | Whether to force the use of TLS for the SMTP server for SMTP transports. | -| `NEXT_PRIVATE_SMTP_UNSAFE_IGNORE_TLS` | If true, then no TLS will be used (even if STARTTLS is supported) | -| `NEXT_PRIVATE_SMTP_FROM_ADDRESS` | The email address for the "from" address. | -| `NEXT_PRIVATE_SMTP_FROM_NAME` | The sender name for the "from" address. | -| `NEXT_PRIVATE_RESEND_API_KEY` | The API key for Resend.com for the `resend` transport. | -| `NEXT_PRIVATE_MAILCHANNELS_API_KEY` | The optional API key for MailChannels (if using a proxy) for the `mailchannels` transport. | -| `NEXT_PRIVATE_MAILCHANNELS_ENDPOINT` | The optional endpoint for the MailChannels API (if using a proxy) for the `mailchannels` transport. | -| `NEXT_PRIVATE_MAILCHANNELS_DKIM_DOMAIN` | The domain for DKIM signing with MailChannels for the `mailchannels` transport. | -| `NEXT_PRIVATE_MAILCHANNELS_DKIM_SELECTOR` | The selector for DKIM signing with MailChannels for the `mailchannels` transport. | -| `NEXT_PRIVATE_MAILCHANNELS_DKIM_PRIVATE_KEY` | The private key for DKIM signing with MailChannels for the `mailchannels` transport. | -| `NEXT_PUBLIC_DOCUMENT_SIZE_UPLOAD_LIMIT` | The maximum document upload limit displayed to the user (in MB). | -| `NEXT_PUBLIC_POSTHOG_KEY` | The optional PostHog key for analytics and feature flags. | -| `NEXT_PUBLIC_DISABLE_SIGNUP` | Master switch. Set to `true` to disable all signup methods (incl. organisation OIDC portal). | -| `NEXT_PUBLIC_DISABLE_EMAIL_PASSWORD_SIGNUP` | Set to `true` to disable email/password signup only. SSO signup is unaffected. | -| `NEXT_PUBLIC_DISABLE_GOOGLE_SIGNUP` | Set to `true` to block new accounts via Google. Existing Google-linked users can still sign in. | -| `NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNUP` | Set to `true` to block new accounts via Microsoft. Existing linked users can still sign in. | -| `NEXT_PUBLIC_DISABLE_OIDC_SIGNUP` | Set to `true` to block new accounts via OIDC (incl. organisation portal). Existing users unaffected.| -| `NEXT_PRIVATE_ALLOWED_SIGNUP_DOMAINS` | Comma-separated list of email domains allowed to sign up (e.g., `example.com,acme.org`). | +- [Docker Deployment](https://docs.documenso.com/docs/self-hosting/deployment/docker) — Standalone container with an external database +- [Docker Compose Deployment](https://docs.documenso.com/docs/self-hosting/deployment/docker-compose) — Production setup with PostgreSQL included +- [Environment Variables](https://docs.documenso.com/docs/self-hosting/configuration/environment) — Full configuration reference +- [Signing Certificate](https://docs.documenso.com/docs/self-hosting/configuration/signing-certificate) — Set up document signing