From 6e2c0f893767027691a6b6e5079a40b31312a23c Mon Sep 17 00:00:00 2001
From: Ludo Mikula <ludovit.mikula@mikori.sk>
Date: Sat, 5 Apr 2025 14:24:59 +0200
Subject: [PATCH 1/3] new: workflow update - automatically create latest image
tag on release
---
.github/workflows/docker-images.yml | 52 ++++++++++++++++++++++++-----
1 file changed, 44 insertions(+), 8 deletions(-)
diff --git a/.github/workflows/docker-images.yml b/.github/workflows/docker-images.yml
index 7eaeb16a8..594408f57 100644
--- a/.github/workflows/docker-images.yml
+++ b/.github/workflows/docker-images.yml
@@ -41,24 +41,60 @@ jobs:
build:
runs-on: ubuntu-latest
steps:
+ - name: 'Setup jq'
+ uses: dcarbone/install-jq-action@v3
+ with:
+ version: '1.7'
+
- name: Set environment variables
shell: bash
run: |
# Get the short SHA of last commit
echo "SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-7)" >> "${GITHUB_ENV}"
-
+
# Get branch name - we don't use github.ref_head_name since we don't build on PRs
echo "BRANCH_NAME=${{ github.ref_name }}" >> "${GITHUB_ENV}"
-
+
# Set docker image tag
- echo "IMAGE_TAG=${{ inputs.imageTag || github.ref_name }}" >> "${GITHUB_ENV}"
-
+ IMAGE_TAG=${{ inputs.imageTag || github.ref_name }}
+
+ # Check whether it's a release
+ LATEST_TAG=$(
+ curl -s -L \
+ -H "Accept: application/vnd.github+json" \
+ -H "Authorization: Bearer ${{ github.token }}" \
+ https://api.github.com/repos/${{ github.repository }}/releases/latest \
+ | jq -r '.tag_name'
+ )
+ IS_LATEST="false"
+ if [[ "${LATEST_TAG}" == "${{ github.event.release.tag_name }}" ]]; then
+ IS_LATEST="true"
+ fi;
+
# Control which images to build
echo "BUILD_ALLINONE=${{ inputs.build_allinone || true }}" >> "${GITHUB_ENV}"
echo "BUILD_FRONTEND=${{ inputs.build_frontend || true }}" >> "${GITHUB_ENV}"
echo "BUILD_NODESERVICE=${{ inputs.build_nodeservice || true }}" >> "${GITHUB_ENV}"
echo "BUILD_APISERVICE=${{ inputs.build_apiservice || true }}" >> "${GITHUB_ENV}"
+ # Image names
+ ALLINONE_IMAGE_NAMES=lowcoderorg/lowcoder-ce:${IMAGE_TAG}
+ FRONTEND_IMAGE_NAMES=lowcoderorg/lowcoder-ce-frontend:${IMAGE_TAG}
+ APISERVICE_IMAGE_NAMES=lowcoderorg/lowcoder-ce-api-service:${IMAGE_TAG}
+ NODESERVICE_IMAGE_NAMES=lowcoderorg/lowcoder-ce-node-service:${IMAGE_TAG}
+
+ if [[ "${IS_LATEST}" == "true" ]]; then
+ ALLINONE_IMAGE_NAMES="lowcoderorg/lowcoder-ce:latest,${ALLINONE_IMAGE_NAMES}"
+ FRONTEND_IMAGE_NAMES="lowcoderorg/lowcoder-ce-frontend:latest,${FRONTEND_IMAGE_NAMES}"
+ APISERVICE_IMAGE_NAMES="lowcoderorg/lowcoder-ce-api-service:latest,${APISERVICE_IMAGE_NAMES}"
+ NODESERVICE_IMAGE_NAMES="lowcoderorg/lowcoder-ce-node-service:latest,${NODESERVICE_IMAGE_NAMES}"
+ fi;
+
+ echo "ALLINONE_IMAGE_NAMES=${ALLINONE_IMAGE_NAMES}" >> "${GITHUB_ENV}"
+ echo "FRONTEND_IMAGE_NAMES=${FRONTEND_IMAGE_NAMES}" >> "${GITHUB_ENV}"
+ echo "APISERVICE_IMAGE_NAMES=${APISERVICE_IMAGE_NAMES}" >> "${GITHUB_ENV}"
+ echo "NODESERVICE_IMAGE_NAMES=${NODESERVICE_IMAGE_NAMES}" >> "${GITHUB_ENV}"
+
- name: Checkout lowcoder source
uses: actions/checkout@v4
with:
@@ -91,7 +127,7 @@ jobs:
linux/amd64
linux/arm64
push: true
- tags: lowcoderorg/lowcoder-ce:${{ env.IMAGE_TAG }}
+ tags: ${{ env.ALLINONE_IMAGE_NAMES }}
- name: Build and push the frontend image
if: ${{ env.BUILD_FRONTEND == 'true' }}
@@ -108,7 +144,7 @@ jobs:
linux/amd64
linux/arm64
push: true
- tags: lowcoderorg/lowcoder-ce-frontend:${{ env.IMAGE_TAG }}
+ tags: ${{ env.FRONTEND_IMAGE_NAMES }}
- name: Build and push the node service image
if: ${{ env.BUILD_NODESERVICE == 'true' }}
@@ -120,7 +156,7 @@ jobs:
linux/amd64
linux/arm64
push: true
- tags: lowcoderorg/lowcoder-ce-node-service:${{ env.IMAGE_TAG }}
+ tags: ${{ env.NODESERVICE_IMAGE_NAMES }}
- name: Build and push the API service image
if: ${{ env.BUILD_APISERVICE == 'true' }}
@@ -132,5 +168,5 @@ jobs:
linux/amd64
linux/arm64
push: true
- tags: lowcoderorg/lowcoder-ce-api-service:${{ env.IMAGE_TAG }}
+ tags: ${{ env.APISERVICE_IMAGE_NAMES }}
From d17b3382d0aa5384dd14db945bd0ea93c1cbf4fe Mon Sep 17 00:00:00 2001
From: Ludo Mikula <ludovit.mikula@mikori.sk>
Date: Sat, 5 Apr 2025 17:30:24 +0200
Subject: [PATCH 2/3] new: add missing environment variables and externalize
them to .env files
---
deploy/docker/README.md | 17 ++-
deploy/docker/default-multi.env | 21 ++++
deploy/docker/default.env | 152 ++++++++++++++++++++++++
deploy/docker/docker-compose-multi.yaml | 83 ++++---------
deploy/docker/docker-compose.yaml | 86 +++-----------
deploy/docker/override.env | 9 ++
6 files changed, 232 insertions(+), 136 deletions(-)
create mode 100644 deploy/docker/default-multi.env
create mode 100644 deploy/docker/default.env
create mode 100644 deploy/docker/override.env
diff --git a/deploy/docker/README.md b/deploy/docker/README.md
index dd42643ce..df46e2b20 100644
--- a/deploy/docker/README.md
+++ b/deploy/docker/README.md
@@ -4,6 +4,7 @@ Included Dockerfile can be used to build an **all-in-one** image with all requir
For examples on running the all-in-one image or the multi image deployment see **deploy/docker/docker-compose.yaml** and **deploy/docker/docker-compose-multi.yaml**
+Environment variables used to configure various aspects of the services are stored in **default.env**, **default-multi.env** and **override.env**. Look into the **default** files to see which variables can be set and what are the default values. To change the defaults, use **override.env**. You don't have to use **--env-file** parameter with **doker compose** because the files are loaded from within `docker-compose.yaml` and `docker-compose-multi.yaml`.
## all-in-one image
@@ -50,14 +51,18 @@ Image can be configured by setting environment variables.
| `LOWCODER_MAX_DEVELOPERS` | Default maximum developers | `100` |
| `LOWCODER_WORKSPACE_MODE` | SAAS to activate, ENTERPRISE to switch off - Workspaces | `SAAS` |
| `LOWCODER_EMAIL_SIGNUP_ENABLED` | Control if users create their own Workspace automatic when Sign Up | `true` |
+| `LOWCODER_EMAIL_AUTH_ENABLED` | Controls whether authentication via email is enabled | `true` |
| `LOWCODER_CREATE_WORKSPACE_ON_SIGNUP` | IF LOWCODER_WORKSPACE_MODE = SAAS, controls if a own workspace is created for the user after sign up | `true` |
| `LOWCODER_MARKETPLACE_PRIVATE_MODE` | Control if not to show Apps on the local Marketplace to anonymous users | `true` |
| `LOWCODER_SUPERUSER_USERNAME` | Username of the Super-User of an Lowcoder Installation | `admin@localhost` |
| `LOWCODER_SUPERUSER_PASSWORD` | Password of the Super-User, if not present or empty, it will be generated | `generated and printed into log file |
-
+| `LOWCODER_PLUGINS_DIR` | Directory holding lowcoder plugins | `/lowcoder-stacks/plugins` |
+| `LOWCODER_COOKIE_NAME` | Name of the lowcoder application cookie | `LOWCODER_CE_SELFHOST_TOKEN` |
+| `LOWCODER_COOKIE_MAX_AGE` | Lowcoder application cookie max age in hours | `24` |
+| `LOWCODER_APP_SNAPSHOT_RETENTIONTIME` | Application snapshots retention time in days | `30` |
Also you should set the API-KEY secret, whcih should be a string of at least 32 random characters. (from Lowcoder v2.3.x on)
-On linux/mac, generate one eg. with: head /dev/urandom | head -c 30 | shasum -a 256
+On linux/mac, generate one eg. with: `head /dev/urandom | head -c 30 | shasum -a 256`
| Environment variable | Description | Default-Value |
|-------------------------------------| ----------------------------------------------------------------------- | ----------------------------------------------------- |
@@ -76,7 +81,7 @@ To enable secure Password Reset flow for the users, you need to configure your o
| `LOWCODER_ADMIN_SMTP_SSL_ENABLED` | Enable SSL encryption | `false` |
| `LOWCODER_ADMIN_SMTP_STARTTLS_ENABLED` | Enable STARTTLS encryption | `true` |
| `LOWCODER_ADMIN_SMTP_STARTTLS_REQUIRED` | Require STARTTLS encryption | `true` |
-| `LOWCODER_LOST_PASSWORD_EMAIL_SENDER` | "from" Email address of the password Reset Email Sender | `service@lowcoder.cloud` |
+| `LOWCODER_EMAIL_NOTIFICATIONS_SENDER` | "from" Email address of the password Reset Email Sender | `info@localhost` |
## Building api-service image
@@ -119,6 +124,10 @@ Image can be configured by setting environment variables.
| `LOWCODER_MARKETPLACE_PRIVATE_MODE` | Control if not to show Apps on the local Marketplace to anonymous users | `true` |
| `LOWCODER_SUPERUSER_USERNAME` | Username of the Super-User of an Lowcoder Installation | `admin@localhost` |
| `LOWCODER_SUPERUSER_PASSWORD` | Password of the Super-User, if not present or empty, it will be generated | `generated and printed into log file |
+| `LOWCODER_PLUGINS_DIR` | Directory holding lowcoder plugins | `/lowcoder-stacks/plugins` |
+| `LOWCODER_COOKIE_NAME` | Name of the lowcoder application cookie | `LOWCODER_CE_SELFHOST_TOKEN` |
+| `LOWCODER_COOKIE_MAX_AGE` | Lowcoder application cookie max age in hours | `24` |
+| `LOWCODER_APP_SNAPSHOT_RETENTIONTIME` | Application snapshots retention time in days | `30` |
Also you should set the API-KEY secret, whcih should be a string of at least 32 random characters. (from Lowcoder v2.3.x on)
On linux/mac, generate one eg. with: head /dev/urandom | head -c 30 | shasum -a 256
@@ -140,7 +149,7 @@ To enable secure Password Reset flow for the users, you need to configure your o
| `LOWCODER_ADMIN_SMTP_SSL_ENABLED` | Enable SSL encryption | `false` |
| `LOWCODER_ADMIN_SMTP_STARTTLS_ENABLED` | Enable STARTTLS encryption | `true` |
| `LOWCODER_ADMIN_SMTP_STARTTLS_REQUIRED` | Require STARTTLS encryption | `true` |
-| `LOWCODER_LOST_PASSWORD_EMAIL_SENDER` | "from" Email address of the password Reset Email Sender | `service@lowcoder.cloud` |
+| `LOWCODER_EMAIL_NOTIFICATIONS_SENDER` | "from" Email address of the password Reset Email Sender | `info@localhost` |
## Building node-service image
diff --git a/deploy/docker/default-multi.env b/deploy/docker/default-multi.env
new file mode 100644
index 000000000..7daba8e66
--- /dev/null
+++ b/deploy/docker/default-multi.env
@@ -0,0 +1,21 @@
+#####################################################################
+## ##
+## Lowcoder environment variables override for multi image ##
+## installation. ##
+## ##
+## !!! PLEASE DO NOT CHANGE THIS FILE !!! ##
+## ##
+## To change the variables use file: override.env ##
+## ##
+## It will be loaded automatically and will override the defaults ##
+## You don't have to copy the whole default.env, only the changed ##
+## environment variables. ##
+## ##
+#####################################################################
+
+# Update individual service URLs to match the multi setup
+LOWCODER_MONGODB_URL="mongodb://lowcoder:secret123@mongodb/lowcoder?authSource=admin"
+LOWCODER_REDIS_URL="redis://redis:6379"
+LOWCODER_NODE_SERVICE_URL="http://lowcoder-node-service:6060"
+LOWCODER_API_SERVICE_URL="http://lowcoder-api-service:8080"
+
diff --git a/deploy/docker/default.env b/deploy/docker/default.env
new file mode 100644
index 000000000..203bfc68b
--- /dev/null
+++ b/deploy/docker/default.env
@@ -0,0 +1,152 @@
+#####################################################################
+## ##
+## Default lowcoder environment variables. ##
+## ##
+## !!! PLEASE DO NOT CHANGE THIS FILE !!! ##
+## ##
+## To change the variables use file: override.env ##
+## ##
+## It will be loaded automatically and will override the defaults ##
+## You don't have to copy the whole default.env, only the changed ##
+## environment variables. ##
+## ##
+#####################################################################
+
+
+##
+## Enable services (applies to all-in-one deployment) ##
+## - you can disable them in favor of external services
+#
+# If true redis server is started in the container
+LOWCODER_REDIS_ENABLED="true"
+# If true mongo database is started in the container
+LOWCODER_MONGODB_ENABLED="true"
+# If true lowcoder api-service is started in the container
+LOWCODER_API_SERVICE_ENABLED="true"
+# If true lowcoder node-service is started in the container
+LOWCODER_NODE_SERVICE_ENABLED="true"
+# If true lowcoder web frontend is started in the container
+LOWCODER_FRONTEND_ENABLED="true"
+#
+# Set LOWCODER_MONGODB_EXPOSED to "true" and uncomment mongodb port
+# to make internal mongo database accessible from host
+# (applies to all-in-one deployment)
+#
+LOWCODER_MONGODB_EXPOSED="false"
+
+##
+## Generic parameters
+##
+#
+# URL of the public User Interface
+LOWCODER_PUBLIC_URL="http://localhost:3000/"
+
+# ID of user running services. It will own all created logs and data.
+LOWCODER_PUID="1000"
+# ID of group of the user running services
+LOWCODER_PGID="1000"
+
+##
+## api-service parameters
+##
+# Name of the lowcoder application cookie
+LOWCODER_COOKIE_NAME=LOWCODER_CE_SELFHOST_TOKEN
+# Lowcoder application cookie max age in hours
+LOWCODER_COOKIE_MAX_AGE=24
+# Default maximum organizations per user
+LOWCODER_MAX_ORGS_PER_USER=100
+# Default maximum members per organization
+LOWCODER_MAX_MEMBERS_PER_ORG=1000
+# Default maximum groups per organization
+LOWCODER_MAX_GROUPS_PER_ORG=100
+# Default maximum applications per organization
+LOWCODER_MAX_APPS_PER_ORG=1000
+# Default maximum developers
+LOWCODER_MAX_DEVELOPERS=50
+# Mongo database connection string (use the later one in case of multi-image compose)
+LOWCODER_MONGODB_URL="mongodb://localhost:27017/lowcoder?authSource=admin"
+#LOWCODER_MONGODB_URL="mongodb://lowcoder:secret123@mongodb/lowcoder?authSource=admin"
+# Redis server URL
+LOWCODER_REDIS_URL="redis://localhost:6379"
+# Control if users create their own Workspace automatic when Sign Up
+LOWCODER_EMAIL_SIGNUP_ENABLED="true"
+# Controls whether authentication via email is enabled
+LOWCODER_EMAIL_AUTH_ENABLED="true"
+# IF LOWCODER_WORKSPACE_MODE = SAAS, controls if own workspace is created for the user after sign up
+LOWCODER_CREATE_WORKSPACE_ON_SIGNUP="true"
+# Application snapshots retention time in days
+LOWCODER_APP_SNAPSHOT_RETENTIONTIME=30
+#
+# ! PLEASE CHANGE THESE TO SOMETHING UNIQUE !
+#
+# LOWCODER_DB_ENCRYPTION_PASSWORD and LOWCODER_DB_ENCRYPTION_SALT is used
+# to encrypt sensitive data in mongo database so it is important to change the defaults
+#
+LOWCODER_DB_ENCRYPTION_PASSWORD="lowcoder.org"
+LOWCODER_DB_ENCRYPTION_SALT="lowcoder.org"
+
+# CORS allowed domains
+LOWCODER_CORS_DOMAINS="*"
+#
+# API-KEY secret - should be a string of at least 32 random characters
+# - on linux/mac, generate one eg. with: head /dev/urandom | head -c 30 | shasum -a 256
+#
+LOWCODER_API_KEY_SECRET="5a41b090758b39b226603177ef48d73ae9839dd458ccb7e66f7e7cc028d5a50b"
+
+##
+## api and node service parameters
+##
+# Directory holding lowcoder plugins
+LOWCODER_PLUGINS_DIR="../plugins"
+# Number of max Request per Second - set to 0 to disable rate limiting
+LOWCODER_API_RATE_LIMIT=100
+# Lowcoder API service URL
+LOWCODER_API_SERVICE_URL="http://localhost:8080"
+# Lowcoder Node service URL
+LOWCODER_NODE_SERVICE_URL="http://localhost:6060"
+
+##
+## Frontend parameters
+##
+# Lowcoder max request size
+LOWCODER_MAX_REQUEST_SIZE=20m
+# Lowcoder max query timeout (in seconds)
+LOWCODER_MAX_QUERY_TIMEOUT=120
+# Default lowcoder query timeout
+LOWCODER_DEFAULT_QUERY_TIMEOUT=10
+# SAAS to activate, ENTERPRISE to switch off - Workspaces
+LOWCODER_WORKSPACE_MODE=SAAS
+# Controls whether to show Apps on the local Marketplace to anonymous users
+# - if true, apps are not shown to anonymous users
+LOWCODER_MARKETPLACE_PRIVATE_MODE="true"
+
+##
+## Lowcoder notification emails setup
+##
+# Mail server host
+LOWCODER_ADMIN_SMTP_HOST=localhost
+# Mail server port
+LOWCODER_ADMIN_SMTP_PORT=587
+# Use authentication when sending email
+LOWCODER_ADMIN_SMTP_AUTH="true"
+# Username (email) used for authentication
+LOWCODER_ADMIN_SMTP_USERNAME=
+# Password used for authentication
+LOWCODER_ADMIN_SMTP_PASSWORD=
+# Enable SSL for connetion to the mail server
+LOWCODER_ADMIN_SMTP_SSL_ENABLED="false"
+# Enable STARTTLS
+LOWCODER_ADMIN_SMTP_STARTTLS_ENABLED="true"
+# Require STARTTLS
+LOWCODER_ADMIN_SMTP_STARTTLS_REQUIRED="true"
+
+# Email used in notifications from lowcoder
+LOWCODER_EMAIL_NOTIFICATIONS_SENDER=info@localhost
+
+# Lowcoder superuser username
+LOWCODER_SUPERUSER_USERNAME=admin@localhost
+# Lowcoder superuser password
+# If left blank, a password will be generated and written into log (lowcoder-stacks/logs/api-service/api-service.log)
+LOWCODER_SUPERUSER_PASSWORD=
+
+
diff --git a/deploy/docker/docker-compose-multi.yaml b/deploy/docker/docker-compose-multi.yaml
index 63bbf421d..08f2987dd 100644
--- a/deploy/docker/docker-compose-multi.yaml
+++ b/deploy/docker/docker-compose-multi.yaml
@@ -48,56 +48,13 @@ services:
# Enabled ports to be able to access backend from host
# ports:
# - "8080:8080"
- environment:
- LOWCODER_PUBLIC_URL: "http://localhost:3000/"
- LOWCODER_PUID: "9001"
- LOWCODER_PGID: "9001"
- LOWCODER_MONGODB_URL: "mongodb://lowcoder:secret123@mongodb/lowcoder?authSource=admin"
- LOWCODER_REDIS_URL: "redis://redis:6379"
- LOWCODER_NODE_SERVICE_URL: "http://lowcoder-node-service:6060"
- LOWCODER_MAX_QUERY_TIMEOUT: 120
- LOWCODER_MAX_REQUEST_SIZE: 20m
- LOWCODER_EMAIL_AUTH_ENABLED: "true"
- LOWCODER_EMAIL_SIGNUP_ENABLED: "true"
- LOWCODER_CREATE_WORKSPACE_ON_SIGNUP: "true"
- #
- # ! PLEASE CHANGE THESE TO SOMETHING UNIQUE !
- #
- # LOWCODER_DB_ENCRYPTION_PASSWORD and LOWCODER_DB_ENCRYPTION_SALT is used
- # to encrypt sensitive data in database so it is important to change the defaults
- #
- LOWCODER_DB_ENCRYPTION_PASSWORD: "lowcoder.org"
- LOWCODER_DB_ENCRYPTION_SALT: "lowcoder.org"
- LOWCODER_CORS_DOMAINS: "*"
- LOWCODER_MAX_ORGS_PER_USER: 100
- LOWCODER_MAX_MEMBERS_PER_ORG: 1000
- LOWCODER_MAX_GROUPS_PER_ORG: 100
- LOWCODER_MAX_APPS_PER_ORG: 1000
- LOWCODER_MAX_DEVELOPERS: 50
- #
- # API-KEY secret - should be a string of at least 32 random characters
- # - on linux/mac, generate one eg. with: head /dev/urandom | head -c 30 | shasum -a 256
- #
- LOWCODER_API_KEY_SECRET: "5a41b090758b39b226603177ef48d73ae9839dd458ccb7e66f7e7cc028d5a50b"
- LOWCODER_PLUGINS_DIR: "../plugins"
- LOWCODER_API_RATE_LIMIT: 50
- LOWCODER_WORKSPACE_MODE: SAAS
- LOWCODER_MARKETPLACE_PRIVATE_MODE: "true"
- # Lowcoder notification emails setup
- LOWCODER_ADMIN_SMTP_HOST: smtp.gmail.com
- LOWCODER_ADMIN_SMTP_PORT: 587
- LOWCODER_ADMIN_SMTP_USERNAME:
- LOWCODER_ADMIN_SMTP_PASSWORD:
- LOWCODER_ADMIN_SMTP_AUTH: "true"
- LOWCODER_ADMIN_SMTP_SSL_ENABLED: "false"
- LOWCODER_ADMIN_SMTP_STARTTLS_ENABLED: "true"
- LOWCODER_ADMIN_SMTP_STARTTLS_REQUIRED: "true"
- # Email used as sender in lost password email
- LOWCODER_EMAIL_NOTIFICATIONS_SENDER: info@localhost
- # Lowcoder superuser details
- LOWCODER_SUPERUSER_USERNAME: admin@localhost
- # If left blank, a password will be generated and written into api-service log
- LOWCODER_SUPERUSER_PASSWORD:
+ env_file:
+ - path: ./default.env
+ required: true
+ - path: ./default-multi.env
+ required: true
+ - path: ./override.env
+ required: false
restart: unless-stopped
depends_on:
mongodb:
@@ -122,10 +79,13 @@ services:
# Enabled ports to be able to access backend from host
# ports:
# - "6060:6060"
- environment:
- LOWCODER_PUID: "9001"
- LOWCODER_PGID: "9001"
- LOWCODER_API_SERVICE_URL: "http://lowcoder-api-service:8080"
+ env_file:
+ - path: ./default.env
+ required: true
+ - path: ./default-multi.env
+ required: true
+ - path: ./override.env
+ required: false
restart: unless-stopped
depends_on:
lowcoder-api-service:
@@ -145,13 +105,13 @@ services:
container_name: lowcoder-frontend
ports:
- "3000:3000"
- environment:
- LOWCODER_PUID: "9001"
- LOWCODER_PGID: "9001"
- LOWCODER_MAX_REQUEST_SIZE: 20m
- LOWCODER_MAX_QUERY_TIMEOUT: 120
- LOWCODER_API_SERVICE_URL: "http://lowcoder-api-service:8080"
- LOWCODER_NODE_SERVICE_URL: "http://lowcoder-node-service:6060"
+ env_file:
+ - path: ./default.env
+ required: true
+ - path: ./default-multi.env
+ required: true
+ - path: ./override.env
+ required: false
restart: unless-stopped
depends_on:
lowcoder-node-service:
@@ -162,6 +122,7 @@ services:
restart: true
volumes:
- ./lowcoder-stacks/assets:/lowcoder/assets
+ - ./lowcoder-stacks/ssl:/lowcoder-stacks/ssl
healthcheck:
test: curl --fail http://lowcoder-frontend:3000 || exit 1
interval: 5s
diff --git a/deploy/docker/docker-compose.yaml b/deploy/docker/docker-compose.yaml
index 0ca430655..6f0b2a8e0 100644
--- a/deploy/docker/docker-compose.yaml
+++ b/deploy/docker/docker-compose.yaml
@@ -1,85 +1,29 @@
-version: "3"
+#####################################################################
+## ##
+## Lowcoder all-in-one compose file. ##
+## ##
+## To run: ##
+## docker compose up -d ##
+## ##
+#####################################################################
+
services:
##
## Start Lowcoder (all-in-one)
##
- lowcoder-api-service:
+ lowcoder-all-in-one:
image: lowcoderorg/lowcoder-ce:latest
container_name: lowcoder
+ env_file:
+ - path: ./default.env
+ required: true
+ - path: ./override.env
+ required: false
ports:
- "3000:3000"
- "3443:3443"
# - "27017:27017"
- environment:
- # Public base url
- LOWCODER_PUBLIC_URL: "http://localhost:3000/"
- # enable services
- LOWCODER_REDIS_ENABLED: "true"
- LOWCODER_MONGODB_ENABLED: "true"
- #
- # Set LOWCODER_MONGODB_EXPOSED to "true" and uncomment mongodb port
- # to make internal mongo database accessible from host
- #
- LOWCODER_MONGODB_EXPOSED: "false"
- LOWCODER_API_SERVICE_ENABLED: "true"
- LOWCODER_NODE_SERVICE_ENABLED: "true"
- LOWCODER_FRONTEND_ENABLED: "true"
- # generic parameters
- # Effective user and group IDs
- LOWCODER_PUID: "1000"
- LOWCODER_PGID: "1000"
- # api-service parameters
- LOWCODER_MAX_ORGS_PER_USER: 100
- LOWCODER_MAX_MEMBERS_PER_ORG: 1000
- LOWCODER_MAX_GROUPS_PER_ORG: 100
- LOWCODER_MAX_APPS_PER_ORG: 1000
- LOWCODER_MAX_DEVELOPERS: 50
- #LOWCODER_MONGODB_URL: "mongodb://lowcoder:secret123@mongodb/lowcoder?authSource=admin"
- LOWCODER_MONGODB_URL: "mongodb://localhost:27017/lowcoder?authSource=admin"
- LOWCODER_REDIS_URL: "redis://localhost:6379"
- LOWCODER_EMAIL_SIGNUP_ENABLED: "true"
- LOWCODER_EMAIL_AUTH_ENABLED: "true"
- LOWCODER_CREATE_WORKSPACE_ON_SIGNUP: "true"
- #
- # ! PLEASE CHANGE THESE TO SOMETHING UNIQUE !
- #
- # LOWCODER_DB_ENCRYPTION_PASSWORD and LOWCODER_DB_ENCRYPTION_SALT is used
- # to encrypt sensitive data in database so it is important to change the defaults
- #
- LOWCODER_DB_ENCRYPTION_PASSWORD: "lowcoder.org"
- LOWCODER_DB_ENCRYPTION_SALT: "lowcoder.org"
- LOWCODER_CORS_DOMAINS: "*"
- #
- # API-KEY secret - should be a string of at least 32 random characters
- # - on linux/mac, generate one eg. with: head /dev/urandom | head -c 30 | shasum -a 256
- #
- LOWCODER_API_KEY_SECRET: "5a41b090758b39b226603177ef48d73ae9839dd458ccb7e66f7e7cc028d5a50b"
- # api and node service parameters
- LOWCODER_PLUGINS_DIR: "../plugins"
- LOWCODER_API_RATE_LIMIT: 50
- LOWCODER_API_SERVICE_URL: "http://localhost:8080"
- LOWCODER_NODE_SERVICE_URL: "http://localhost:6060"
- # frontend parameters
- LOWCODER_MAX_REQUEST_SIZE: 20m
- LOWCODER_MAX_QUERY_TIMEOUT: 120
- LOWCODER_WORKSPACE_MODE: SAAS
- LOWCODER_MARKETPLACE_PRIVATE_MODE: "true"
- # Lowcoder notification emails setup
- LOWCODER_ADMIN_SMTP_HOST: localhost
- LOWCODER_ADMIN_SMTP_PORT: 587
- LOWCODER_ADMIN_SMTP_USERNAME:
- LOWCODER_ADMIN_SMTP_PASSWORD:
- LOWCODER_ADMIN_SMTP_AUTH: "true"
- LOWCODER_ADMIN_SMTP_SSL_ENABLED: "false"
- LOWCODER_ADMIN_SMTP_STARTTLS_ENABLED: "true"
- LOWCODER_ADMIN_SMTP_STARTTLS_REQUIRED: "true"
- # Email used as sender in lost password email
- LOWCODER_EMAIL_NOTIFICATIONS_SENDER: info@localhost
- # Lowcoder superuser details
- LOWCODER_SUPERUSER_USERNAME: admin@localhost
- # If left blank, a password will be generated and written into log (lowcoder-stacks/logs/api-service/api-service.log)
- LOWCODER_SUPERUSER_PASSWORD:
volumes:
- ./lowcoder-stacks:/lowcoder-stacks
- ./lowcoder-stacks/assets:/lowcoder/assets
diff --git a/deploy/docker/override.env b/deploy/docker/override.env
new file mode 100644
index 000000000..8785627b8
--- /dev/null
+++ b/deploy/docker/override.env
@@ -0,0 +1,9 @@
+#####################################################################
+## ##
+## Use this file to override environment variables for compose ##
+## files. ##
+## Add only variables you want to override. ##
+## ##
+#####################################################################
+
+
From 200f7d41e22a15578ea12341628ac09e5cd41a56 Mon Sep 17 00:00:00 2001
From: Ludo Mikula <ludovit.mikula@mikori.sk>
Date: Sat, 5 Apr 2025 18:56:44 +0200
Subject: [PATCH 3/3] new: update helm chart, added missing configuration
options
---
deploy/helm/Chart.yaml | 4 +--
deploy/helm/README.md | 23 ++++++++++++++++-
.../helm/templates/api-service/configMap.yaml | 18 +++++++++++++
.../helm/templates/api-service/secrets.yaml | 2 ++
deploy/helm/values.yaml | 25 +++++++++++++++++--
5 files changed, 67 insertions(+), 5 deletions(-)
diff --git a/deploy/helm/Chart.yaml b/deploy/helm/Chart.yaml
index a99cee36e..1921e2fc6 100644
--- a/deploy/helm/Chart.yaml
+++ b/deploy/helm/Chart.yaml
@@ -4,10 +4,10 @@ description: A Helm chart for Kubernetes for installing lowcoder
type: application
# Chart version (change every time you make changes to the chart)
-version: 1.0.0
+version: 2.6.6
# Lowcoder version
-appVersion: "latest"
+appVersion: "2.6.6"
# Dependencies needed for Lowcoder deployment
dependencies:
diff --git a/deploy/helm/README.md b/deploy/helm/README.md
index b7dd8555b..f937bf8ab 100644
--- a/deploy/helm/README.md
+++ b/deploy/helm/README.md
@@ -42,23 +42,44 @@ $ helm delete -n lowcoder my-lowcoder
| Name | Description | Value |
| --------------------------------------- | --------------------------------------------------------------------------------- | -------------- |
+| `global.config.publicUrl` | URL of the public User Interface (used eg. in invitation links) | `https://somedomain.com/` |
+| `global.config.createWorkspaceOnSignup` | If workspaceMode = SAAS, controls if own workspace is created for the user after sign up | `true` |
| `global.config.workspaceMode` | Sets the workspace mode. Possible types are: SAAS, ENTERPRISE | `SAAS` |
| `global.config.userId` | User ID of user running Lowcoder server application in container | `9001` |
| `global.config.groupId` | Group ID of user running Lowcoder server application in container | `9001` |
| `global.config.corsAllowedDomains` | CORS allowed domains | `*` |
| `global.config.enableUserSignUp` | Enable users signing up to lowcoder via login page | `true` |
+| `global.config.enableEmailAuth` | Controls whether authentication via email is enabled | `true` |
+| `global.config.emailNotificationSender` | Email used in notifications from lowcoder | `info@localhost` |
| `global.config.encryption.password` | Encryption password - CHANGE IT! | `lowcoder.org` |
| `global.config.encryption.salt` | Encryption salt - CHANGE IT! | `lowcoder.org` |
-| `global.config.apiKeySecret` | API-KEY secret, should be a string of at least 32 random characters - CHANGE IT | `5a41b090758b39b226603177ef48d73ae9839dd458ccb7e66f7e7cc028d5a50b` |
+| `global.config.superuser.username` | Lowcoder superadmin username | `admin@localhost` |
+| `global.config.superuser.password` | Lowcoder superadmin password - if not supplied, it will be generated | |
+| `global.config.apiKeySecret` | API-KEY secret, should be a string of at least 32 random characters - CHANGE IT | `5a41b0905...` |
| `global.config.maxQueryTimeout` | Maximum query timeout in seconds | `120` |
| `global.config.maxRequestSize` | Maximum request size | `20m` |
+| `global.config.snapshotRetentionTime` | Lowcoder application snapshot retention time (in days) | `30` |
+| `global.config.marketplacePrivateMode` | Controls whether to show Apps on the local Marketplace to anonymous users | `true` |
| `global.config.nodeServiceUrl` | URL to node-service server if using external one (disabled by default) | |
| `global.config.apiServiceUrl` | URL to api-service server if using external one (disabled by default) | |
+| `global.cookie.name` | Name of the lowcoder application cookie | `LOWCODER_CE_SELFHOST_TOKEN` |
+| `global.cookie.maxAge` | Lowcoder application cookie max age in hours | `24` |
| `global.defaults.maxOrgsPerUser` | Maximum allowed organizations per user | `100` |
| `global.defaults.maxMembersPerOrg` | Maximum allowed members per organization | `1000` |
| `global.defaults.maxGroupsPerOrg` | Maximum groups allowed per organization | `100` |
| `global.defaults.maxAppsPerOrg` | Maximum allowed applications per organization | `1000` |
| `global.defaults.maxDevelopers` | Maximum allowed developer accounts | `100` |
+| `global.defaults.apiRateLimit` | Number of max Request per Second - set to 0 to disable rate limiting | `100` |
+| `global.defaults.queryTimeout` | Default lowcoder query timeout | `10` |
+| `global.mailServer.host` | Mail server host (used for sending lowcoder emails) | `localhost` |
+| `global.mailServer.port` | Mail server port | `578` |
+| `global.mailServer.smtpAuth` | Use SMPT authentication when sending mails | `false` |
+| `global.mailServer.authUsername` | Username (email) used for SMTP authentication | |
+| `global.mailServer.authPassword` | Password used for authentication | |
+| `global.mailServer.useSSL` | Enable SSL for connetion to the mail server | `false` |
+| `global.mailServer.useStartTLS` | Enable STARTTLS | `true` |
+| `global.mailServer.requireStartTLS` | Require STARTTLS | `true` |
+| `global.plugins.folder` | Folder from which to load lowcoder plugins | `/plugins` |
### Redis
diff --git a/deploy/helm/templates/api-service/configMap.yaml b/deploy/helm/templates/api-service/configMap.yaml
index 103a78ad0..4371982a0 100644
--- a/deploy/helm/templates/api-service/configMap.yaml
+++ b/deploy/helm/templates/api-service/configMap.yaml
@@ -38,11 +38,29 @@ data:
LOWCODER_CORS_DOMAINS: {{ .Values.global.config.corsAllowedDomains | default "*" | quote }}
LOWCODER_EMAIL_AUTH_ENABLED: {{ .Values.global.config.enableEmailAuth | default "true" | quote }}
LOWCODER_EMAIL_SIGNUP_ENABLED: {{ .Values.global.config.enableUserSignUp | default "true" | quote }}
+ LOWCODER_EMAIL_NOTIFICATIONS_SENDER: {{ .Values.global.config.emailNotificationSender | default "info@localhost" | quote }}
LOWCODER_MAX_QUERY_TIMEOUT: {{ .Values.global.config.maxQueryTimeout | default "120" | quote }}
+ LOWCODER_MAX_REQUEST_SIZE: {{ .Values.global.config.maxRequestSize | default "20m" | quote }}
LOWCODER_MAX_ORGS_PER_USER: {{ .Values.global.defaults.maxOrgsPerUser | default "100" | quote }}
LOWCODER_MAX_MEMBERS_PER_ORG: {{ .Values.global.defaults.maxMembersPerOrg | default "1000" | quote }}
LOWCODER_MAX_GROUPS_PER_ORG: {{ .Values.global.defaults.maxGroupsPerOrg | default "100" | quote }}
LOWCODER_MAX_APPS_PER_ORG: {{ .Values.global.defaults.maxAppsPerOrg | default "1000" | quote }}
LOWCODER_MAX_DEVELOPERS: {{ .Values.global.defaults.maxDevelopers | default "50" | quote }}
+ LOWCODER_DEFAULT_QUERY_TIMEOUT: {{ .Values.global.defaults.queryTimeout | default "10" | quote }}
LOWCODER_WORKSPACE_MODE: {{ .Values.global.config.workspaceMode | default "SAAS" | quote }}
LOWCODER_CREATE_WORKSPACE_ON_SIGNUP: {{ .Values.global.config.createWorkspaceOnSignup | default "true" | quote }}
+ LOWCODER_ADMIN_SMTP_HOST: {{ .Values.global.mailServer.host | default "localhost" | quote }}
+ LOWCODER_ADMIN_SMTP_PORT: {{ .Values.global.mailServer.port | default "578" | quote }}
+ LOWCODER_ADMIN_SMTP_AUTH: {{ .Values.global.mailServer.smtpAuth | default "false" | quote }}
+ LOWCODER_ADMIN_SMTP_USERNAME: {{ .Values.global.mailServer.authUsername | default "" | quote }}
+ LOWCODER_ADMIN_SMTP_PASSWORD: {{ .Values.global.mailServer.authPassword | default "" | quote }}
+ LOWCODER_ADMIN_SMTP_SSL_ENABLED: {{ .Values.global.mailServer.useSSL | default "false" | quote }}
+ LOWCODER_ADMIN_SMTP_STARTTLS_ENABLED: {{ .Values.global.mailServer.useStartTLS | default "true" | quote }}
+ LOWCODER_ADMIN_SMTP_STARTTLS_REQUIRED: {{ .Values.global.mailServer.requireStartTLS | default "true" | quote }}
+ LOWCODER_API_RATE_LIMIT: {{ .Values.global.defaults.apiRateLimit | default "100" | quote }}
+ LOWCODER_APP_SNAPSHOT_RETENTIONTIME: {{ .Values.global.config.snapshotRetentionTime | default "30" | quote }}
+ LOWCODER_COOKIE_NAME: {{ .Values.global.cookie.name | default "LOWCODER_CE_SELFHOST_TOKEN" | quote }}
+ LOWCODER_COOKIE_MAX_AGE: {{ .Values.global.cookie.maxAge | default "24" | quote }}
+ LOWCODER_MARKETPLACE_PRIVATE_MODE: {{ .Values.global.config.marketplacePrivateMode | default "true" | quote }}
+ LOWCODER_PLUGINS_DIR: {{ .Values.global.plugins.folder | default "/plugins" | quote }}
+ LOWCODER_PUBLIC_URL: {{ .Values.global.config.publicUrl | default "https://somedomain.com/" | quote }}
diff --git a/deploy/helm/templates/api-service/secrets.yaml b/deploy/helm/templates/api-service/secrets.yaml
index eecbe91ba..bd59f9290 100644
--- a/deploy/helm/templates/api-service/secrets.yaml
+++ b/deploy/helm/templates/api-service/secrets.yaml
@@ -29,3 +29,5 @@ stringData:
LOWCODER_DB_ENCRYPTION_PASSWORD: {{ .Values.global.config.encryption.password | default "lowcoder.org" | quote }}
LOWCODER_DB_ENCRYPTION_SALT: {{ .Values.global.config.encryption.salt | default "lowcoder.org" | quote }}
LOWCODER_API_KEY_SECRET: "{{ .Values.global.config.apiKeySecret }}"
+ LOWCODER_SUPERUSER_USERNAME: {{ .Values.global.config.superuser.username | default "admin@localhost" | quote }}
+ LOWCODER_SUPERUSER_PASSWORD: {{ .Values.global.config.superuser.password | default "" | quote }}
diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml
index 52375f00f..df1cbca69 100644
--- a/deploy/helm/values.yaml
+++ b/deploy/helm/values.yaml
@@ -11,6 +11,7 @@ fullnameOverride: ""
#
global:
config:
+ publicUrl: "https://somedomain.com/"
# This setting sets workspace mode. Possible values: SAAS, ENTERPRISE
workspaceMode: SAAS
createWorkspaceOnSignup: true
@@ -20,20 +21,42 @@ global:
corsAllowedDomains: "*"
enableEmailAuth: true
enableUserSignUp: true
+ emailNotificationSender: info@localhost
encryption:
password: "lowcoder.org"
salt: "lowcoder.org"
+ superuser:
+ username: admin@localhost
+ password:
#nodeServiceUrl:
#apiServiceUrl:
apiKeySecret: "5a41b090758b39b226603177ef48d73ae9839dd458ccb7e66f7e7cc028d5a50b"
maxQueryTimeout: 120
maxRequestSize: "20m"
+ snapshotRetentionTime: 30
+ marketplacePrivateMode: true
+ cookie:
+ name: LOWCODER_CE_SELFHOST_TOKEN
+ maxAge: 24
defaults:
maxOrgsPerUser: 100
maxMembersPerOrg: 1000
maxGroupsPerOrg: 100
maxAppsPerOrg: 1000
maxDevelopers: 50
+ apiRateLimit: 100
+ queryTimeout: 10
+ mailServer:
+ host: localhost
+ port: 578
+ smtpAuth: false
+ authUsername:
+ authPassword:
+ useSSL: false
+ useStartTLS: true
+ requireStartTLS: true
+ plugins:
+ folder: /plugins
#
# Redis
@@ -92,7 +115,6 @@ apiService:
# Overrides the image tag whose default is the chart appVersion.
#tag: "latest"
-
service:
type: ClusterIP
port: 80
@@ -117,7 +139,6 @@ nodeService:
# Overrides the image tag whose default is the chart appVersion.
#tag: "latest"
-
service:
type: ClusterIP
port: 80