# ============================================================================== # SurfSense Docker Configuration # ============================================================================== # Database, Redis, and internal service wiring are handled automatically. # ============================================================================== # SurfSense version (use "latest", a clean version like "0.0.14", or a specific build like "0.0.14.1") SURFSENSE_VERSION=latest # ------------------------------------------------------------------------------ # Core Settings # ------------------------------------------------------------------------------ # REQUIRED: Generate a secret key with: openssl rand -base64 32 SECRET_KEY=replace_me_with_a_random_string # Auth type: LOCAL (email/password) or GOOGLE (OAuth) AUTH_TYPE=LOCAL # Allow new user registrations (TRUE or FALSE) # REGISTRATION_ENABLED=TRUE # Document parsing service: DOCLING, UNSTRUCTURED, or LLAMACLOUD ETL_SERVICE=DOCLING # Embedding model for vector search # Local: sentence-transformers/all-MiniLM-L6-v2 # OpenAI: openai://text-embedding-ada-002 (set OPENAI_API_KEY below) # Cohere: cohere://embed-english-light-v3.0 (set COHERE_API_KEY below) EMBEDDING_MODEL=sentence-transformers/all-MiniLM-L6-v2 # ------------------------------------------------------------------------------ # Ports (change to avoid conflicts with other services on your machine) # ------------------------------------------------------------------------------ # BACKEND_PORT=8000 # FRONTEND_PORT=3000 # ELECTRIC_PORT=5133 # FLOWER_PORT=5555 # ============================================================================== # DEV COMPOSE ONLY (docker-compose.dev.yml) # You only need them only if you are running `docker-compose.dev.yml`. # ============================================================================== # -- pgAdmin (database GUI) -- # PGADMIN_PORT=5050 # PGADMIN_DEFAULT_EMAIL=admin@surfsense.com # PGADMIN_DEFAULT_PASSWORD=surfsense # -- Redis exposed port (dev only; Redis is internal-only in prod) -- # REDIS_PORT=6379 # -- Frontend Build Args -- # In dev, the frontend is built from source and these are passed as build args. # In prod, they are automatically derived from AUTH_TYPE, ETL_SERVICE, and the port settings above. # NEXT_PUBLIC_FASTAPI_BACKEND_AUTH_TYPE=LOCAL # NEXT_PUBLIC_ETL_SERVICE=DOCLING # NEXT_PUBLIC_DEPLOYMENT_MODE=self-hosted # NEXT_PUBLIC_ELECTRIC_AUTH_MODE=insecure # ------------------------------------------------------------------------------ # Custom Domain / Reverse Proxy # ------------------------------------------------------------------------------ # ONLY set these if you are serving SurfSense on a real domain via a reverse # proxy (e.g. Caddy, Nginx, Cloudflare Tunnel). # For standard localhost deployments, leave all of these commented out — # they are automatically derived from the port settings above. # # NEXT_FRONTEND_URL=https://app.yourdomain.com # BACKEND_URL=https://api.yourdomain.com # NEXT_PUBLIC_FASTAPI_BACKEND_URL=https://api.yourdomain.com # NEXT_PUBLIC_ELECTRIC_URL=https://electric.yourdomain.com # ------------------------------------------------------------------------------ # Database (defaults work out of the box, change for security) # ------------------------------------------------------------------------------ # DB_USER=surfsense # DB_PASSWORD=surfsense # DB_NAME=surfsense # DB_HOST=db # DB_PORT=5432 # SSL mode for database connections: disable, require, verify-ca, verify-full # DB_SSLMODE=disable # Full DATABASE_URL override — when set, takes precedence over the individual # DB_USER / DB_PASSWORD / DB_NAME / DB_HOST / DB_PORT settings above. # Use this for managed databases (AWS RDS, GCP Cloud SQL, Supabase, etc.) # DATABASE_URL=postgresql+asyncpg://user:password@your-rds-host:5432/surfsense?sslmode=require # ------------------------------------------------------------------------------ # Redis (defaults work out of the box) # ------------------------------------------------------------------------------ # Full Redis URL override for Celery broker, result backend, and app cache. # Use this for managed Redis (AWS ElastiCache, Redis Cloud, etc.) # Supports auth: redis://:password@host:port/0 # Supports TLS: rediss://:password@host:6380/0 # REDIS_URL=redis://redis:6379/0 # ------------------------------------------------------------------------------ # Electric SQL (real-time sync credentials) # ------------------------------------------------------------------------------ # These must match on the db, backend, and electric services. # Change for security; defaults work out of the box. # ELECTRIC_DB_USER=electric # ELECTRIC_DB_PASSWORD=electric_password # Full override for the Electric → Postgres connection URL. # Leave commented out to use the Docker-managed `db` container (default). # Uncomment and set `db` to `host.docker.internal` when pointing Electric at a local Postgres instance (e.g. Postgres.app on macOS): # ELECTRIC_DATABASE_URL=postgresql://electric:electric_password@db:5432/surfsense?sslmode=disable # ------------------------------------------------------------------------------ # TTS & STT (Text-to-Speech / Speech-to-Text) # ------------------------------------------------------------------------------ # Local Kokoro TTS (default) or LiteLLM provider TTS_SERVICE=local/kokoro # TTS_SERVICE_API_KEY= # TTS_SERVICE_API_BASE= # Local Faster-Whisper STT: local/MODEL_SIZE (tiny, base, small, medium, large-v3) STT_SERVICE=local/base # Or use LiteLLM: openai/whisper-1 # STT_SERVICE_API_KEY= # STT_SERVICE_API_BASE= # ------------------------------------------------------------------------------ # Rerankers (optional, disabled by default) # ------------------------------------------------------------------------------ # RERANKERS_ENABLED=TRUE # RERANKERS_MODEL_NAME=ms-marco-MiniLM-L-12-v2 # RERANKERS_MODEL_TYPE=flashrank # ------------------------------------------------------------------------------ # Google OAuth (only if AUTH_TYPE=GOOGLE) # ------------------------------------------------------------------------------ # GOOGLE_OAUTH_CLIENT_ID= # GOOGLE_OAUTH_CLIENT_SECRET= # ------------------------------------------------------------------------------ # Connector OAuth Keys (uncomment connectors you want to use) # ------------------------------------------------------------------------------ # -- Google Connectors -- # GOOGLE_CALENDAR_REDIRECT_URI=http://localhost:8000/api/v1/auth/google/calendar/connector/callback # GOOGLE_GMAIL_REDIRECT_URI=http://localhost:8000/api/v1/auth/google/gmail/connector/callback # GOOGLE_DRIVE_REDIRECT_URI=http://localhost:8000/api/v1/auth/google/drive/connector/callback # -- Notion -- # NOTION_CLIENT_ID= # NOTION_CLIENT_SECRET= # NOTION_REDIRECT_URI=http://localhost:8000/api/v1/auth/notion/connector/callback # -- Slack -- # SLACK_CLIENT_ID= # SLACK_CLIENT_SECRET= # SLACK_REDIRECT_URI=http://localhost:8000/api/v1/auth/slack/connector/callback # -- Discord -- # DISCORD_CLIENT_ID= # DISCORD_CLIENT_SECRET= # DISCORD_REDIRECT_URI=http://localhost:8000/api/v1/auth/discord/connector/callback # DISCORD_BOT_TOKEN= # -- Atlassian (Jira & Confluence) -- # ATLASSIAN_CLIENT_ID= # ATLASSIAN_CLIENT_SECRET= # JIRA_REDIRECT_URI=http://localhost:8000/api/v1/auth/jira/connector/callback # CONFLUENCE_REDIRECT_URI=http://localhost:8000/api/v1/auth/confluence/connector/callback # -- Linear -- # LINEAR_CLIENT_ID= # LINEAR_CLIENT_SECRET= # LINEAR_REDIRECT_URI=http://localhost:8000/api/v1/auth/linear/connector/callback # -- ClickUp -- # CLICKUP_CLIENT_ID= # CLICKUP_CLIENT_SECRET= # CLICKUP_REDIRECT_URI=http://localhost:8000/api/v1/auth/clickup/connector/callback # -- Airtable -- # AIRTABLE_CLIENT_ID= # AIRTABLE_CLIENT_SECRET= # AIRTABLE_REDIRECT_URI=http://localhost:8000/api/v1/auth/airtable/connector/callback # -- Microsoft Teams -- # TEAMS_CLIENT_ID= # TEAMS_CLIENT_SECRET= # TEAMS_REDIRECT_URI=http://localhost:8000/api/v1/auth/teams/connector/callback # -- Composio -- # COMPOSIO_API_KEY= # COMPOSIO_ENABLED=TRUE # COMPOSIO_REDIRECT_URI=http://localhost:8000/api/v1/auth/composio/connector/callback # ------------------------------------------------------------------------------ # Daytona Sandbox (optional — cloud code execution for the deep agent) # ------------------------------------------------------------------------------ # Set DAYTONA_SANDBOX_ENABLED=TRUE and provide credentials to give the agent # an isolated code execution environment via the Daytona cloud API. # DAYTONA_SANDBOX_ENABLED=FALSE # DAYTONA_API_KEY= # DAYTONA_API_URL=https://app.daytona.io/api # DAYTONA_TARGET=us # ------------------------------------------------------------------------------ # External API Keys (optional) # ------------------------------------------------------------------------------ # Firecrawl (web scraping) # FIRECRAWL_API_KEY= # Unstructured (if ETL_SERVICE=UNSTRUCTURED) # UNSTRUCTURED_API_KEY= # LlamaCloud (if ETL_SERVICE=LLAMACLOUD) # LLAMA_CLOUD_API_KEY= # ------------------------------------------------------------------------------ # Observability (optional) # ------------------------------------------------------------------------------ # LANGSMITH_TRACING=true # LANGSMITH_ENDPOINT=https://api.smith.langchain.com # LANGSMITH_API_KEY= # LANGSMITH_PROJECT=surfsense # ------------------------------------------------------------------------------ # Advanced (optional) # ------------------------------------------------------------------------------ # Periodic connector sync interval (default: 5m) # SCHEDULE_CHECKER_INTERVAL=5m # JWT token lifetimes # ACCESS_TOKEN_LIFETIME_SECONDS=86400 # REFRESH_TOKEN_LIFETIME_SECONDS=1209600 # Pages limit per user for ETL (default: unlimited) # PAGES_LIMIT=500 # Connector indexing lock TTL in seconds (default: 28800 = 8 hours) # CONNECTOR_INDEXING_LOCK_TTL_SECONDS=28800 # Residential proxy for web crawling # RESIDENTIAL_PROXY_USERNAME= # RESIDENTIAL_PROXY_PASSWORD= # RESIDENTIAL_PROXY_HOSTNAME= # RESIDENTIAL_PROXY_LOCATION= # RESIDENTIAL_PROXY_TYPE=1