diff --git a/blueprints/plane/template.toml b/blueprints/plane/template.toml index 24a9de67..6dba2ccf 100644 --- a/blueprints/plane/template.toml +++ b/blueprints/plane/template.toml @@ -9,48 +9,99 @@ live_secret_key = "${base64:48}" [config] env = [ + "# ===== Application =====", + "# Plane image tag deployed for every service.", "APP_RELEASE=${app_release}", + "# Public domain Plane is served on.", "APP_DOMAIN=${main_domain}", + "# Full external URL of the instance (used to build links).", "WEB_URL=https://${main_domain}", + "# Browser origins allowed to call the API (CORS).", "CORS_ALLOWED_ORIGINS=https://${main_domain}", + "# Internal URL other services use to reach the API.", "API_BASE_URL=http://plane-api:8000", + "# Django secret key: signs sessions and tokens. Keep it secret.", "SECRET_KEY=${secret_key}", + "# Shared secret between the API and the realtime (live) server.", "LIVE_SERVER_SECRET_KEY=${live_secret_key}", + "", + "# ===== PostgreSQL =====", + "# Database user.", "POSTGRES_USER=plane", + "# Database password.", "POSTGRES_PASSWORD=${postgres_password}", + "# Database name.", "POSTGRES_DB=plane", + "# Port PostgreSQL listens on.", "POSTGRES_PORT=5432", + "# Host the app and libpq tools connect to.", "PGHOST=plane-db", + "# Default database for libpq tools.", "PGDATABASE=plane", + "# On-disk location of the database files.", "PGDATA=/var/lib/postgresql/data", + "# Full connection string (composed from the values above).", "DATABASE_URL=postgresql://plane:${postgres_password}@plane-db:5432/plane", + "", + "# ===== Redis / Valkey (cache) =====", + "# Redis host.", "REDIS_HOST=plane-redis", + "# Redis port.", "REDIS_PORT=6379", + "# Full Redis connection URL.", "REDIS_URL=redis://plane-redis:6379/", + "", + "# ===== RabbitMQ (task queue) =====", + "# Broker host.", "RABBITMQ_HOST=plane-mq", + "# Broker port.", "RABBITMQ_PORT=5672", + "# Broker user.", "RABBITMQ_USER=plane", + "# Broker password.", "RABBITMQ_PASSWORD=${rabbitmq_password}", + "# Broker virtual host.", "RABBITMQ_VHOST=plane", + "# Full AMQP connection string (composed from the values above).", "AMQP_URL=amqp://plane:${rabbitmq_password}@plane-mq:5672/plane", + "", + "# ===== Object storage (MinIO / S3) =====", + "# Use the bundled MinIO (1) instead of an external S3 provider (0).", "USE_MINIO=1", + "# AWS region; leave empty when using MinIO.", "AWS_REGION=", + "# S3 / MinIO access key.", "AWS_ACCESS_KEY_ID=access-key", + "# S3 / MinIO secret key.", "AWS_SECRET_ACCESS_KEY=${minio_password}", + "# S3 / MinIO endpoint URL.", "AWS_S3_ENDPOINT_URL=http://plane-minio:9000", + "# Bucket used to store uploads.", "AWS_S3_BUCKET_NAME=uploads", + "# Max upload size in bytes (default 5 MiB).", "FILE_SIZE_LIMIT=5242880", - # Caddy proxy listen address + trusted proxies (required by the plane-proxy Caddyfile; - # SITE_ADDRESS has no upstream default, so leaving it unset crashes the proxy). - # TRUSTED_PROXIES=private_ranges trusts only Dokploy's private-network upstream (Traefik), - # avoiding client-IP spoofing from 0.0.0.0/0. Set a narrower CIDR if exposing directly. - "SITE_ADDRESS=:80", - "TRUSTED_PROXIES=private_ranges", + "# Set to 1 if the S3 / MinIO endpoint is served over HTTPS.", "MINIO_ENDPOINT_SSL=0", + "", + "# ===== Caddy proxy =====", + "# Address the in-container Caddy listens on. Required: the proxy", + "# Caddyfile has no default and an empty value crashes it on boot.", + "SITE_ADDRESS=:80", + "# Peers allowed to set X-Forwarded-For / X-Real-IP. 'private_ranges'", + "# trusts only Dokploy's private upstream (Traefik) and blocks public", + "# IP spoofing. Use a narrower CIDR if exposing the proxy directly.", + "TRUSTED_PROXIES=private_ranges", + "", + "# ===== App runtime =====", + "# Django debug mode; keep 0 in production.", "DEBUG=0", + "# Number of Gunicorn workers for the API.", "GUNICORN_WORKERS=1", + "# Rate limit applied to API-key requests.", "API_KEY_RATE_LIMIT=60/minute", + "# Comma-separated IPs allowed as webhook targets; empty allows all.", "WEBHOOK_ALLOWED_IPS=", + "# Comma-separated hosts allowed as webhook targets; empty allows all.", "WEBHOOK_ALLOWED_HOSTS=", ]