Skip to content

Self-Host Configuration

Configuring your self-hosted instance of Enclosed allows you to customize the application to better suit your environment and requirements. This guide covers the key environment variables you can set to control various aspects of the application, including port settings, security options, and storage configurations.

Environment Variables

Enclosed is configured primarily through environment variables. Below is a list of the available variables, along with their descriptions and default values.

Environment variable Documentation
PORT The port to listen on when using node server. Default value: 8787.
SERVER_API_ROUTES_TIMEOUT_MS The maximum time in milliseconds for a route to complete before timing out. Default value: 5000.
SERVER_CORS_ORIGINS The CORS origin for the api server.
NOTES_MAX_ENCRYPTED_PAYLOAD_LENGTH The maximum length of the encrypted payload of a note allowed by the api. Default value: 52428800.
TASK_DELETE_EXPIRED_NOTES_ENABLED Whether to enable a periodic task to delete expired notes (not available for cloudflare). Default value: true.
TASK_DELETE_EXPIRED_NOTES_CRON The frequency with which to run the task to delete expired notes (cron syntax). Default value: 0 * * * *.
TASK_DELETE_EXPIRED_NOTES_RUN_ON_STARTUP Whether the task to delete expired notes should run on startup. Default value: true.
STORAGE_DRIVER_FS_LITE_PATH The path to the directory where the data will be stored (only in node env). Default value: ./.data.
STORAGE_DRIVER_CLOUDFLARE_KV_BINDING The name of the Cloudflare KV binding to use (only in cloudflare env). Default value: notes.
PUBLIC_BASE_API_URL The base URL of the public api, can be an absolute URL (like https://example.com/enclosed) or a path (like /enclosed). Default value: /.
PUBLIC_IS_AUTHENTICATION_REQUIRED Whether to require authentication to access the public api. Default value: false.
PUBLIC_DEFAULT_DELETE_NOTE_AFTER_READING The default value for the Delete note after reading checkbox in the note creation form. Default value: false.
AUTHENTICATION_JWT_SECRET The secret used to sign the JWT tokens. Default value: change-me.
AUTHENTICATION_JWT_DURATION_SECONDS The duration in seconds for which the JWT token is valid. Default value: 604800.
AUTHENTICATION_USERS The list of users allowed to authenticate. Comma-separated list of email and bcrypt password hash, like: email1:passwordHash1,email2:passwordHash2. Easily generate the value for this env variable here: https://docs.enclosed.cc/self-hosting/users-authentication-key-generator.

Applying Configuration Changes

To apply your configuration changes, ensure that you have exported the environment variables in your shell or included them in your environment configuration file. Then, restart your Enclosed instance to apply the changes.

For Docker deployments, you can pass the environment variables directly when running the container:

bash
docker run \
    -d --name enclosed \
    --restart unless-stopped \
    -p 8787:8787 \
    -v /path/to/local/data:/app/.data \
    -e SERVER_CORS_ORIGINS="https://example.com" \
    ghcr.io/corentin-th/enclosed

Next Steps

Once your instance is configured, you can proceed to explore advanced deployment options or set up monitoring to ensure your Enclosed instance runs smoothly. For a more complex setup, consider using Docker Compose or deploying on a cloud provider.