Add Community env vars

danciaclara · danciaclara · commit b134ee958220 · 2025-03-20T20:21:08.000+05:30
diff --git a/mint.json b/mint.json
@@ -91,7 +91,6 @@
         },
         "self-hosting/govern/communication",
         "self-hosting/govern/database-and-storage",
-        "self-hosting/govern/env-variables",
         "self-hosting/govern/custom-domain",
         "self-hosting/govern/private-bucket",
         {
@@ -104,6 +103,7 @@
         },
         "self-hosting/govern/external-secrets",
         "self-hosting/govern/reverse-proxy",
+        "self-hosting/govern/env-variables",
         "self-hosting/telemetry"
       ]
     },
diff --git a/self-hosting/govern/env-variables.mdx b/self-hosting/govern/env-variables.mdx
@@ -20,13 +20,46 @@ This is where you'll make all configuration changes. Remember to restart the ins
 
 | Variable | Description | Default Value |
 |----------|-------------|---------------|
+| **INSTALL_DIR** | Directory where Plane is installed. | `/opt/plane` |
 | **DOMAIN_NAME** | Primary domain name for your Plane instance. This determines how users will access your installation. | `localhost` |
 | **APP_RELEASE_VERSION** | The version of Plane Commercial Edition you're running. This helps with troubleshooting and ensures compatibility. | *Current release version* |
 | **WEB_URL** | The complete base URL for the web application including protocol (e.g., `https://plane.example.com`).|`http://localhost`|
 | **API_BASE_URL** | The base URL for API services. In most setups, this will be the same as your WEB_URL with `/api` appended. |`http://api:8000`|
 | **CORS_ALLOWED_ORIGINS** | Comma-separated list of origins allowed to make cross-origin requests to your API. Usually, this should include your WEB_URL. |`http://localhost`|
 | **DEBUG** | Toggles debug mode for more verbose logging and debugging information.| `0` (disabled) |
 
+### Scaling and performance
+
+| Variable | Description | Default Value |
+|----------|-------------|---------------|
+| **WEB_REPLICAS** | Number of web server replicas for load balancing. | `1` |
+| **SPACE_REPLICAS** | Number of space service replicas for workspaces. | `1` |
+| **ADMIN_REPLICAS** | Number of admin service replicas. | `1` |
+| **API_REPLICAS** | Number of API service replicas. | `1` |
+| **WORKER_REPLICAS** | Number of worker service replicas for background tasks. | `1` |
+| **BEAT_WORKER_REPLICAS** | Number of beat worker replicas for scheduled tasks. | `1` |
+| **LIVE_REPLICAS** | Number of live service replicas for real-time updates. | `1` |
+| **GUNICORN_WORKERS** | Number of Gunicorn workers for handling web requests. Increase for better performance on high-traffic instances. | `2` |
+
+### Networking and security
+
+| Variable | Description | Default Value |
+|----------|-------------|---------------|
+| **LISTEN_HTTP_PORT** | Port for HTTP traffic. | `80` |
+| **LISTEN_HTTPS_PORT** | Port for HTTPS traffic. | `443` |
+| **APP_PROTOCOL** | Protocol to be used, either `http` or `https`. | `http` |
+| **TRUSTED_PROXIES** | CIDR notation of trusted proxies for request forwarding. Important when behind load balancers or reverse proxies. | `0.0.0.0/0` |
+| **SSL_VERIFY** | Whether to verify SSL certificates for outgoing connections. Set to `0` only in development environments. | `1` |
+
+### SSL and certificates
+
+| Variable | Description | Default Value |
+|----------|-------------|---------------|
+| **CERT_EMAIL** | Email used for SSL certificate registration with Let's Encrypt or other ACME providers. |`admin@example.com`|
+| **CERT_ACME_CA** | ACME Certificate Authority URL for SSL certificate issuance. | `https://acme-v02.api.letsencrypt.org/directory` |
+| **CERT_ACME_DNS** | DNS provider configuration for SSL certificate domain validation. Format varies by provider. |  |
+| **SITE_ADDRES** | The domain name and port required by Caddy for serving your Plane instance. This determines how Caddy will handle incoming requests. | `localhost:80` |
+
 ### Database settings
 
 | Variable | Description | Default Value |
@@ -59,16 +92,14 @@ This is where you'll make all configuration changes. Remember to restart the ins
 | **RABBITMQ_DEFAULT_VHOST** | Virtual host for RabbitMQ, providing logical separation of resources. | `plane` |
 | **AMQP_URL** | Full connection string for RabbitMQ. Format: `amqp://username:password@host:port/vhost` |  |
 
-### Security and API settings
-
+### Authentication and security
 | Variable | Description | Default Value |
 |----------|-------------|---------------|
 | **SECRET_KEY** | Secret key used for various cryptographic operations, including JWT token signing. | |
-| **API_KEY_RATE_LIMIT** | Rate limit for API requests to prevent abuse. Format: `number/timeunit` | `60/minute` |
-| **SENTRY_DSN** | Data Source Name for Sentry error tracking integration. Leave empty if not using Sentry. ||
-| **SENTRY_ENVIRONMENT** | Environment identifier for Sentry logging, helping you distinguish between different deployments. | `production` |
+| **MACHINE_SIGNATURE** | Unique identifier for your instance, used for licensing and authentication.| |
+| **SILO_HMAC_SECRET_KEY** | Secret key for Silo authentication and secure communication. | |
 
-### Storage and file uploads
+### File Storage (MinIO / S3)
 
 | Variable | Description | Default Value |
 |----------|-------------|---------------|
@@ -78,61 +109,137 @@ This is where you'll make all configuration changes. Remember to restart the ins
 | **AWS_SECRET_ACCESS_KEY** | Secret key for MinIO or AWS S3 authentication. |  |
 | **AWS_S3_ENDPOINT_URL** | Custom endpoint URL for MinIO or S3-compatible storage. | `http://plane-minio:9000`|
 | **AWS_S3_BUCKET_NAME** | S3 bucket name for file storage. | `uploads` |
+| **MINIO_ROOT_USER** | Username for MinIO authentication. This is effectively your MinIO admin account. | `access-key` |
+| **MINIO_ROOT_PASSWORD** | Password for MinIO root user authentication. Keep this secure as it provides full access to your storage. | `secret-key` |
+| **BUCKET_NAME** | S3 bucket name where all file uploads will be stored. This bucket will be automatically created if it doesn't exist. | `uploads` |
 | **FILE_SIZE_LIMIT** | Maximum file upload size in bytes. | `5242880` (5MB) |
 | **MINIO_ENDPOINT_SSL** | Force HTTPS for MinIO when dealing with SSL termination. Set to `1` to enable. | `0` |
 
-### Workers and Performance
+### GitHub integration
 
 | Variable | Description | Default Value |
 |----------|-------------|---------------|
-| **GUNICORN_WORKERS** | Number of Gunicorn workers for handling web requests. Increase for better performance on high-traffic instances. | `2` |
-| **WEB_REPLICAS** | Number of web server replicas for load balancing. | `1` |
-| **SPACE_REPLICAS** | Number of space service replicas for workspaces. | `1` |
-| **ADMIN_REPLICAS** | Number of admin service replicas. | `1` |
-| **API_REPLICAS** | Number of API service replicas. | `1` |
-| **WORKER_REPLICAS** | Number of worker service replicas for background tasks. | `1` |
-| **BEAT_WORKER_REPLICAS** | Number of beat worker replicas for scheduled tasks. | `1` |
-| **LIVE_REPLICAS** | Number of live service replicas for real-time updates. | `1` |
+| **GITHUB_CLIENT_ID** | OAuth client ID for GitHub integration. |  |
+| **GITHUB_CLIENT_SECRET** | OAuth client secret for GitHub integration. |  |
+| **GITHUB_APP_NAME** | GitHub App name for enhanced GitHub integration. |  |
+| **GITHUB_APP_ID** | GitHub App ID for enhanced GitHub integration. |  |
+| **GITHUB_PRIVATE_KEY** | Private key for GitHub App authentication. | |
 
-### Installation and system settings
+### Slack integration
 
 | Variable | Description | Default Value |
 |----------|-------------|---------------|
-| **INSTALL_DIR** | Directory where Plane is installed. | `/opt/plane` |
-| **MACHINE_SIGNATURE** | Unique identifier for your instance, used for licensing and authentication.| |
+| **SLACK_CLIENT_ID** | OAuth client ID for Slack integration. |  |
+| **SLACK_CLIENT_SECRET** | OAuth client secret for Slack integration. |  |
 
-### Networking and SSL
+### GitLab integration
 
 | Variable | Description | Default Value |
 |----------|-------------|---------------|
-| **LISTEN_HTTP_PORT** | Port for HTTP traffic. | `80` |
-| **LISTEN_HTTPS_PORT** | Port for HTTPS traffic. | `443` |
-| **APP_PROTOCOL** | Protocol to be used, either `http` or `https`. | `http` |
-| **TRUSTED_PROXIES** | CIDR notation of trusted proxies for request forwarding. Important when behind load balancers or reverse proxies. | `0.0.0.0/0` |
-| **CERT_EMAIL** | Email used for SSL certificate registration with Let's Encrypt or other ACME providers. |`admin@example.com`|
-| **CERT_ACME_CA** | ACME Certificate Authority URL for SSL certificate issuance. | `https://acme-v02.api.letsencrypt.org/directory` |
-| **CERT_ACME_DNS** | DNS provider configuration for SSL certificate domain validation. Format varies by provider. |  |
-| **SSL_VERIFY** | Whether to verify SSL certificates for outgoing connections. Set to `0` only in development environments. | `1` |
+| **GITLAB_CLIENT_ID** | OAuth client ID for GitLab integration. |  |
+| **GITLAB_CLIENT_SECRET** | OAuth client secret for GitLab integration. | |
 
-### Monitoring and feature flags
+### API settings
 
 | Variable | Description | Default Value |
 |----------|-------------|---------------|
-| **FEATURE_FLAG_SERVER_BASE_URL** | Base URL for feature flag service, enabling granular control over feature availability. | `http://monitor:8080`|
-| **PAYMENT_SERVER_BASE_URL** | Base URL for payment service, handling licensing and subscription management. |`http://monitor:8080`|
+| **API_KEY_RATE_LIMIT** | Rate limit for API requests to prevent abuse. Format: `number/timeunit` | `60/minute` |
+
 
-### Silo and Integrations
+<Accordion title="Community Edition">
+
+This guide provides a comprehensive overview of all environment variables available for configuring your self-hosted Plane Community Edition. Use these variables to customize your instance to fit your deployment needs.
+
+## Where to find the environment file
+
+The environment configuration file is located at:
+    ```bash
+    plane-selfhost/plane-app/plane.env
+    ```
+
+## Environment Variables
+
+### General settings
 
 | Variable | Description | Default Value |
 |----------|-------------|---------------|
-| **SILO_HMAC_SECRET_KEY** | Secret key for Silo authentication and secure communication. | |
-| **GITHUB_CLIENT_ID** | OAuth client ID for GitHub integration. |  |
-| **GITHUB_CLIENT_SECRET** | OAuth client secret for GitHub integration. |  |
-| **GITHUB_APP_NAME** | GitHub App name for enhanced GitHub integration. |  |
-| **GITHUB_APP_ID** | GitHub App ID for enhanced GitHub integration. |  |
-| **GITHUB_PRIVATE_KEY** | Private key for GitHub App authentication. | |
-| **SLACK_CLIENT_ID** | OAuth client ID for Slack integration. |  |
-| **SLACK_CLIENT_SECRET** | OAuth client secret for Slack integration. |  |
-| **GITLAB_CLIENT_ID** | OAuth client ID for GitLab integration. |  |
-| **GITLAB_CLIENT_SECRET** | OAuth client secret for GitLab integration. | |
+| **APP_DOMAIN** | Domain name for your Plane instance. This determines how users will access your installation. | `localhost` |
+| **APP_RELEASE** | Release version of Plane. Helps with compatibility and troubleshooting. |   `stable` |
+| **WEB_URL** | The complete base URL for the web application including protocol. Essential for email links and integrations. | `http://${APP_DOMAIN}` |
+| **API_BASE_URL** | The base URL for API services. Typically your WEB_URL with `/api` appended. | `http://api:8000` |
+| **CORS_ALLOWED_ORIGINS** | Comma-separated list of origins allowed to make cross-origin requests to your API. | `http://${APP_DOMAIN}` |
+| **DEBUG** | Toggles debug mode for verbose logging. Set to `1` to enable, `0` to disable. Not recommended in production as it may expose sensitive information. | `0` |
+| **NGINX_PORT** | Port for HTTP traffic. The primary port your users will connect to. | `80` |
+
+### Scaling and performance
+
+| Variable | Description | Default Value |
+|----------|-------------|---------------|
+| **WEB_REPLICAS** | Number of web server replicas for serving the frontend UI. Increase for better load distribution. | `1` |
+| **SPACE_REPLICAS** | Number of space service replicas handling workspace-related operations. | `1` |
+| **ADMIN_REPLICAS** | Number of admin service replicas for administrative functions. | `1` |
+| **API_REPLICAS** | Number of API service replicas processing API requests. | `1` |
+| **WORKER_REPLICAS** | Number of worker service replicas handling background tasks. | `1` |
+| **BEAT_WORKER_REPLICAS** | Number of beat worker replicas for scheduled/periodic tasks. | `1` |
+| **LIVE_REPLICAS** | Number of live service replicas for real-time updates and WebSocket connections. | `1` |
+| **GUNICORN_WORKERS** | Number of Gunicorn workers per API instance. Increase for better request handling capacity. | `1` |
+
+### API settings
+
+| Variable | Description | Default Value |
+|----------|-------------|---------------|
+| **API_KEY_RATE_LIMIT** | Rate limit for API requests to prevent abuse. Format: `number/timeunit` | `60/minute` |
+
+### Database settings
+
+| Variable | Description | Default Value |
+|----------|-------------|---------------|
+| **PGHOST** | Hostname or IP address of your PostgreSQL server. | `plane-db` |
+| **PGDATABASE** | Name of the PostgreSQL database Plane will use. | `plane` |
+| **POSTGRES_USER** | Username for PostgreSQL authentication. | `plane` |
+| **POSTGRES_PASSWORD** | Password for PostgreSQL authentication. Use a strong, unique password. | `plane` |
+| **POSTGRES_DB** | Same as PGDATABASE - the name of the PostgreSQL database. | `plane` |
+| **POSTGRES_PORT** | TCP port your PostgreSQL server is listening on. | `5432` |
+| **PGDATA** | Directory path where PostgreSQL data is stored. Only relevant if you're managing PostgreSQL directly. | `/var/lib/postgresql/data` |
+| **DATABASE_URL** | Full connection string for PostgreSQL. If provided, overrides individual settings. Format: `postgresql://username:password@host:port/dbname` | |
+
+### Redis settings
+
+| Variable | Description | Default Value |
+|----------|-------------|---------------|
+| **REDIS_HOST** | Hostname or IP address of your Redis server. | `plane-redis` |
+| **REDIS_PORT** | TCP port your Redis server is listening on. | `6379` |
+| **REDIS_URL** | Full connection string for Redis. Format: `redis://username:password@host:port` | |
+
+### RabbitMQ settings
+
+| Variable | Description | Default Value |
+|----------|-------------|---------------|
+| **RABBITMQ_HOST** | Hostname or IP address of your RabbitMQ server. | `plane-mq` |
+| **RABBITMQ_PORT** | TCP port your RabbitMQ server is listening on. | `5672` |
+| **RABBITMQ_USER** | Username for RabbitMQ authentication. | `plane` |
+| **RABBITMQ_PASSWORD** | Password for RabbitMQ authentication. Use a strong, unique password. | `plane` |
+| **RABBITMQ_VHOST** | Virtual host for RabbitMQ, providing logical separation of resources. | `plane` |
+| **AMQP_URL** | Full connection string for RabbitMQ. If not provided, it's constructed from individual settings. | `amqp://plane:plane@plane-mq:5672/plane` |
+
+### File Storage (MinIO / S3)
+
+| Variable | Description | Default Value |
+|----------|-------------|---------------|
+| **USE_MINIO** | Whether to use MinIO for object storage. Set to `1` to enable, `0` to use other configured storage. | `1` |
+| **MINIO_ENDPOINT_SSL** | Force HTTPS for MinIO when handling SSL termination. Set to `1` to enable. | `0` |
+| **AWS_REGION** | AWS region for S3 storage services. Applies when using S3 or MinIO. | *Empty* |
+| **AWS_ACCESS_KEY_ID** | Access key for MinIO or AWS S3 authentication. | `access-key` |
+| **AWS_SECRET_ACCESS_KEY** | Secret key for MinIO or AWS S3 authentication. | `secret-key` |
+| **AWS_S3_ENDPOINT_URL** | Endpoint URL for MinIO or S3-compatible storage. | *Based on APP_DOMAIN* |
+| **AWS_S3_BUCKET_NAME** | S3 bucket name for file storage. All uploads will be stored in this bucket. | `uploads` |
+| **FILE_SIZE_LIMIT** | Maximum file upload size in bytes. | `5242880` (5MB) |
+
+
+### Security settings
+
+| Variable | Description | Default Value |
+|----------|-------------|---------------|
+| **SECRET_KEY** | Secret key used for cryptographic operations like session handling and token generation. Should be a long, random string. | |
 
+</Accordion>
