-
Notifications
You must be signed in to change notification settings - Fork 17
Konfiguration
-
copy the
.env.distfile and rename it to.envcp .env.dist .env -
open
.envwith a text editor and adjust it-
set the application language via
LOCALEAvailable
de(German) anden(English) -
set
APP_ENV(prod|dev)Use dev during development, otherwise use prod. Docker setup (fewohbee-dockerized):
APP_ENVis baked into the image and chosen via the image tag (FEWOHBEE_VERSION=4.6.0for prod,FEWOHBEE_VERSION=4.6.0-debugfor dev). SettingAPP_ENVin.envhas no effect there. -
generate and set a random value for
APP_SECRETe.g. via
openssl rand 23 | sha1sum -
under
DATABASE_URLset the database parameters. -
adjust
DB_SERVER_VERSIONaccording to the comments in the file
-
To be able to send emails from the application (conversations), an external mail provider must exist.
The file .env holds a central kill switch for all outgoing emails. Configure sender and SMTP settings in the UI under Settings -> General.
MAIL_ENABLED=true
Since version 4.0.0, passwordless login is possible in FewohBee. Three parameters are available for this:
RELYING_PARTY_ID=example.com
RELYING_PARTY_NAME="FewohBee"
PASSKEY_ENABLED=false
Passkeys are disabled by default (PASSKEY_ENABLED). To use the feature, RELYING_PARTY_ID must be set to the domain name under which the application is accessed.
A valid SSL certificate must exist for this domain, otherwise the login may not work correctly.
PASSKEY_ENABLED must also be set to true.
When passkey login is enabled, an additional button appears on the login screen to allow login. Users must log in once in advance with username and password. Under "Profile" each user can register for passwordless login. It is possible to store multiple devices that can be used for passwordless login (e.g. Chrome, iCloud Keychain, etc.). The user is guided through the process by the respective operating system / browser.
If fewohbee is operated behind a reverse proxy or load balancer, the trusted proxy IPs or networks must be configured via:
TRUSTED_PROXIES=172.18.0.0/16
Symfony only needs this setting when another proxy sits in front of the application and provides X-Forwarded-* headers.
Typical examples where TRUSTED_PROXIES is needed are setups with Traefik, Caddy, HAProxy, or an external Nginx reverse proxy in front of FewohBee.
By default, the application checks when creating a new user and when changing a password whether it is secure. A password is considered insecure if it has appeared in the Have I Been Pwned database. This check can be configured via the following parameter.
USE_PASSWORD_BLACKLIST=true
The application provides a health-check endpoint (default: /health/ready) for load balancers and monitoring.
Security: You can protect it with a token by setting in .env:
HEALTH_TOKEN=
Recommendation: generate a long random value, e.g. openssl rand -base64 32.
Behavior:
- If HEALTH_TOKEN is empty, the endpoint is public (not recommended for production).
- If HEALTH_TOKEN is set, requests must include the X-Health-Token header with the token.
Example curl call with token:
curl -H "X-Health-Token: <token>" https://fewohbee/health/ready