hedgedoc/docs/content/setup/getting_started.md
David Mehren 80eb4c8a1a docs: change default session secret in docker deployment
Signed-off-by: David Mehren <git@herrmehren.de>
2023-03-26 15:53:49 +02:00

35 lines
1.9 KiB
Markdown

HedgeDoc 2 currently supports deployment using [Docker Compose](https://docs.docker.com/compose/install/).
The `docker` folder in the root of our repo contains all files required to get started, deploying
HedgeDoc 2, a PostgreSQL database and a Caddy reverse proxy.
## Development or local testing
To run HedgeDoc 2 locally, you do not need to change anything.
Caddy will automatically generate a TLS certificate for `hedgedoc2.localhost` using its internal CA.
After running `docker compose up`, visit [https://hedgedoc2.localhost](https://hedgedoc2.localhost).
You will have to accept the TLS warning in your browser the first time the page is opened.
## Production setup
!!! danger "HedgeDoc 2 is not yet production ready!"
This section explains how a production deployment of HedgeDoc 2 on a publicly accessible domain
might look in the future.
HedgeDoc 2 itself is not production ready yet, so only use these instructions to set up an
instance for testing with your friends.
For a production setup, first set a unique session secret with
`sed -i "s/change_me_in_production/$(pwgen -s 64)/" .env`.
Then open the `.env` file and edit `HD_BASE_URL`. It needs to contain the full URL of your instance,
like it will be entered in the browser. If you enter a URL starting with `https://`, Caddy will
automatically gather certificates via *Let's Encrypt* (or its internal CA in case of `.localhost` domains).
Make sure your host is accessible under the domain from `HD_BASE_URL`, otherwise Let's Encrypt
validation will fail.
Optionally, you can also change
- `HD_MEDIA_BACKEND`: If you do not want HedgeDoc to handle media uploads itself, configure another backend
here. For more information, [see the media backend docs](/config/#media).
- `HD_AUTH_*`: If you do not want to use the integrated auth system,
you can [consult the authentication docs](/config/#authentication) for details.