Merge remote-tracking branch 'origin/main'

Author: nevo-david

pages/_app.tsx

@@ -1,3 +1,4 @@
+import Script from "next/script";
 import "../globals.css";
 import { AppProps } from "next/app";
 import { IBM_Plex_Sans } from "next/font/google";
@@ -7,10 +8,16 @@ const plex = IBM_Plex_Sans({
   weight: ["400", "500", "600", "700"],
 });
 
-export default function App({ Component, pageProps }) {
+export default function App({ Component, pageProps }: AppProps) {
   return (
     <main className={plex.className}>
-        <Component {...pageProps} />
+      <Script
+        src="https://crawlchat.app/embed.js"
+        id="crawlchat-script"
+        data-id="68ac269d2961657c4b7924a9"
+        strategy="afterInteractive"
+      />
+      <Component {...pageProps} />
     </main>
   );
 }

pages/installation/development.mdx

@@ -5,7 +5,8 @@ title: Development Environment
 import { Cards, Steps } from 'nextra/components';
 import Prereqs from '../../components/snippets/installation-pre-reqs.mdx';
 
-This is currently the recommended option to install Postiz in a supportable configuration. The docker images are in active and heavy development for now.
+Only use this method if you cannot use docker or want to develop on Postiz.
+(Docker-Compose)[https://docs.postiz.com/installation/docker-compose] is the recommended Method. 
 
 ## Tested configurations
 

pages/installation/docker-compose.mdx

@@ -5,7 +5,6 @@ title: Docker Compose
 import { Callout } from "nextra/components";
 import DockerEnvvarApps from '../../components/snippets/docker-envvar-apps.mdx';
 import { Cards } from 'nextra/components';
-import Prereqs from '../../components/snippets/installation-pre-reqs.mdx';
 
 <Callout>
 Watch the Tutorial for docker-compose install: https://m.youtube.com/watch?v=A6CjAmJOWvA&t=5s
@@ -17,7 +16,48 @@ This guide assumes that you have docker installed, with a reasonable amount of r
 
 - Virtual Machine, Ubuntu 24.04, 2Gb RAM, 2 vCPUs.
 
-<Prereqs />
+## Installation Prerequisites
+
+This section will ask you to install & configure several services exaplained below.
+
+### Network Requirements
+
+#### HTTPS / HTTP Requirement
+
+Postiz marks it's login cookies as Secure, this is called “secure context” in modern web browsers.
+
+If you want to use an secure Login Process, you need to set up an Certificate, which can be done via Reverse Proxy like Caddy or Nginx.
+
+If you cannot use a certificate (HTTPS), add the following environment variable to your `.env` file:
+```env
+NOT_SECURED=true
+```
+**Security Warning**: Setting `NOT_SECURED=true` disables secure cookie requirements. This should only be used in development environments or when you fully understand the security implications. Not recommended for production use.
+
+#### Network Ports
+
+- **5000/tcp**: for a single **single entry point** for postiz when running in a container. This is the one port your reverse proxy should talk to.
+- **4200/tcp**: for the **Frontend** service (the web interface). Most users **do not** need to expose this port publicly.
+- **3000/tcp**: for the **Backend** service (the API). Most users **do not** need to expose this port publicly.
+- **5432/tcp**: for the **Postgres** container. Most users **do not** need to expose this port publicly.
+- **6379/tcp**: for the **Redis** container. Most users **do not** need to expose this port publicly.
+
+If you are using docker images, we recommend just exposing port 5000 to your external proxy. This will reduce the likelihood of misconfiguration, and make it easier to manage your network.
+
+```mermaid
+graph TD;
+	A[Your Browser] -->|HTTPS 443/tcp| B[Your Reverse Proxy]
+	B -->|HTTP 5000/tcp| C["Internal Proxy (Caddy)"]
+
+	subgraph "Postiz Container"
+	C -->|4200/tcp| D[Frontend Service]
+	C -->|3000/tcp| E[Backend Service]
+    C -->|/api| H[uploads]
+	end
+
+	E -->|5432/tcp| F[Postgres Container]
+	E -->|6379/tcp| G[Redis Container]
+```
 
 ### Configuration uses environment variables
 
@@ -41,24 +81,103 @@ services:
     container_name: postiz
     restart: always
     environment:
-      # You must change these. Replace `postiz.your-server.com` with your DNS name - this needs to be exactly the URL you're accessing Postiz on.
+      # === Required Settings
       MAIN_URL: "https://postiz.your-server.com"
       FRONTEND_URL: "https://postiz.your-server.com"
       NEXT_PUBLIC_BACKEND_URL: "https://postiz.your-server.com/api"
       JWT_SECRET: "random string that is unique to every install - just type random characters here!"
-
-      # These defaults are probably fine, but if you change your user/password, update it in the
-      # postiz-postgres or postiz-redis services below.
       DATABASE_URL: "postgresql://postiz-user:postiz-password@postiz-postgres:5432/postiz-db-local"
       REDIS_URL: "redis://postiz-redis:6379"
       BACKEND_INTERNAL_URL: "http://localhost:3000"
-      IS_GENERAL: "true" # Required for self-hosting.
-      DISABLE_REGISTRATION: "false" # Only allow single registration, then disable signup
-      # The container images are pre-configured to use /uploads for file storage.
-      # You probably should not change this unless you have a really good reason!
+      IS_GENERAL: "true"
+      DISABLE_REGISTRATION: "false"
+
+      # === Storage Settings
       STORAGE_PROVIDER: "local"
       UPLOAD_DIRECTORY: "/uploads"
       NEXT_PUBLIC_UPLOAD_DIRECTORY: "/uploads"
+
+      # === Cloudflare (R2) Settings
+      CLOUDFLARE_ACCOUNT_ID: "your-account-id"
+      CLOUDFLARE_ACCESS_KEY: "your-access-key"
+      CLOUDFLARE_SECRET_ACCESS_KEY: "your-secret-access-key"
+      CLOUDFLARE_BUCKETNAME: "your-bucket-name"
+      CLOUDFLARE_BUCKET_URL: "https://your-bucket-url.r2.cloudflarestorage.com/"
+      CLOUDFLARE_REGION: "auto"
+
+      # === Social Media API Settings
+      X_API_KEY: ""
+      X_API_SECRET: ""
+      LINKEDIN_CLIENT_ID: ""
+      LINKEDIN_CLIENT_SECRET: ""
+      REDDIT_CLIENT_ID: ""
+      REDDIT_CLIENT_SECRET: ""
+      GITHUB_CLIENT_ID: ""
+      GITHUB_CLIENT_SECRET: ""
+      BEEHIIVE_API_KEY: ""
+      BEEHIIVE_PUBLICATION_ID: ""
+      THREADS_APP_ID: ""
+      THREADS_APP_SECRET: ""
+      FACEBOOK_APP_ID: ""
+      FACEBOOK_APP_SECRET: ""
+      YOUTUBE_CLIENT_ID: ""
+      YOUTUBE_CLIENT_SECRET: ""
+      TIKTOK_CLIENT_ID: ""
+      TIKTOK_CLIENT_SECRET: ""
+      PINTEREST_CLIENT_ID: ""
+      PINTEREST_CLIENT_SECRET: ""
+      DRIBBBLE_CLIENT_ID: ""
+      DRIBBBLE_CLIENT_SECRET: ""
+      DISCORD_CLIENT_ID: ""
+      DISCORD_CLIENT_SECRET: ""
+      DISCORD_BOT_TOKEN_ID: ""
+      SLACK_ID: ""
+      SLACK_SECRET: ""
+      SLACK_SIGNING_SECRET: ""
+      MASTODON_URL: "https://mastodon.social"
+      MASTODON_CLIENT_ID: ""
+      MASTODON_CLIENT_SECRET: ""
+
+      # === OAuth & Authentik Settings
+      NEXT_PUBLIC_POSTIZ_OAUTH_DISPLAY_NAME: "Authentik"
+      NEXT_PUBLIC_POSTIZ_OAUTH_LOGO_URL: "https://raw.githubusercontent.com/walkxcode/dashboard-icons/master/png/authentik.png"
+      POSTIZ_GENERIC_OAUTH: "false"
+      POSTIZ_OAUTH_URL: "https://auth.example.com"
+      POSTIZ_OAUTH_AUTH_URL: "https://auth.example.com/application/o/authorize"
+      POSTIZ_OAUTH_TOKEN_URL: "https://auth.example.com/application/o/token"
+      POSTIZ_OAUTH_USERINFO_URL: "https://authentik.example.com/application/o/userinfo"
+      POSTIZ_OAUTH_CLIENT_ID: ""
+      POSTIZ_OAUTH_CLIENT_SECRET: ""
+      # POSTIZ_OAUTH_SCOPE: "openid profile email"  # Optional: uncomment to override default scope
+
+      # === Misc Settings
+      OPENAI_API_KEY: ""
+      NEXT_PUBLIC_DISCORD_SUPPORT: ""
+      NEXT_PUBLIC_POLOTNO: ""
+      API_LIMIT: 30
+
+      # === Payment / Stripe Settings
+      FEE_AMOUNT: 0.05
+      STRIPE_PUBLISHABLE_KEY: ""
+      STRIPE_SECRET_KEY: ""
+      STRIPE_SIGNING_KEY: ""
+      STRIPE_SIGNING_KEY_CONNECT: ""
+
+      # === Developer Settings
+      NX_ADD_PLUGINS: false
+
+      # === Short Link Service Settings (Optional - leave blank if unused)
+      # DUB_TOKEN: ""
+      # DUB_API_ENDPOINT: "https://api.dub.co"
+      # DUB_SHORT_LINK_DOMAIN: "dub.sh"
+      # SHORT_IO_SECRET_KEY: ""
+      # KUTT_API_KEY: ""
+      # KUTT_API_ENDPOINT: "https://kutt.it/api/v2"
+      # KUTT_SHORT_LINK_DOMAIN: "kutt.it"
+      # LINK_DRIP_API_KEY: ""
+      # LINK_DRIP_API_ENDPOINT: "https://api.linkdrip.com/v1/"
+      # LINK_DRIP_SHORT_LINK_DOMAIN: "dripl.ink"
+
     volumes:
       - postiz-config:/config/
       - postiz-uploads:/uploads/

pages/providers/tiktok.mdx

@@ -15,6 +15,13 @@ This integration requires that you have a TikTok developer account. It also requ
 TikTok will also not allow http:// for your app redirect URI, so you will need to be accessing Postiz from HTTPS.
 </Callout>
 
+<Callout type="warning">
+**NOTE:** TikTok fetches media via pull_from_url. Your media files must be publicly reachable over HTTPS; localhost or private routes (e.g., /uploads) will fail. 
+Expose your uploads via a reverse proxy (e.g., [Caddy](/reverse-proxies/caddy/)) or use object storage/CDN such as [Cloudflare R2](/configuration/r2/) with public access.
+
+Ensure the media domain is listed under your TikTok developer account’s verified sites.
+</Callout>
+
 <Steps>
 
 ### Create you app