gaschz/trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-10-19 14:49:01 +02:00
Code Issues Actions 119 Packages Projects Releases Wiki Activity

docs(user): minor tweaks to TLS installation

Browse Source
This commit is contained in:
Elian Doran 2025-10-13 17:23:48 +03:00
parent ef225704c3
commit 8c1914359a
No known key found for this signature in database
11 changed files with 355 additions and 353 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/server/src/assets/doc_notes/en/User Guide/!!!meta.json generated vendored
View File

File diff suppressed because one or more lines are too long

571
apps/server/src/assets/doc_notes/en/User Guide/User Guide/Advanced Usage/Configuration (config.ini or e.html generated vendored
View File

@ -10,11 +10,10 @@
<p>Configuration values are loaded in the following order of precedence (highest
to lowest):</p>
<ol>
<li data-list-item-id="e01b36dcd8ce9822628619499dbccd6f6"><strong>Environment variables</strong> (checked first)</li>
<li class="ck-list-marker-bold"
data-list-item-id="e4c20596fe72e848364b4486754e0b4fc"><strong>config.ini file values</strong>
<li><strong>Environment variables</strong> (checked first)</li>
<li><strong>config.ini file values</strong>
</li>
<li class="ck-list-marker-bold" data-list-item-id="e815dca908c8526179f622710252ea82f"><strong>Default values</strong>
<li><strong>Default values</strong>
</li>
</ol>
<h2>Environment Variable Patterns</h2>
@ -23,333 +22,317 @@
</p>
<p>Where:</p>
<ul>
<li data-list-item-id="e056ab96ed6aedc3039100cbe0519c28d"><code>SECTION</code> is the INI section name in UPPERCASE</li>
<li data-list-item-id="edabbb90cc5cd6f0f372446174925bf97"><code>KEY</code> is the camelCase configuration key converted to UPPERCASE
<li><code>SECTION</code> is the INI section name in UPPERCASE</li>
<li><code>KEY</code> is the camelCase configuration key converted to UPPERCASE
(e.g., <code>instanceName</code><code>INSTANCENAME</code>)</li>
</ul>
<p>Additionally, shorter aliases are available for common configurations
(see Alternative Variables section below).</p>
<h2>Environment Variable Reference</h2>
<h3>General Section</h3>
<figure class="table">
<table>
<thead>
<tr>
<th>Environment Variable</th>
<th>Type</th>
<th>Default</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>TRILIUM_GENERAL_INSTANCENAME</code>
</td>
<td>string</td>
<td>""</td>
<td>Instance name for API identification</td>
</tr>
<tr>
<td><code>TRILIUM_GENERAL_NOAUTHENTICATION</code>
</td>
<td>boolean</td>
<td>false</td>
<td>Disable authentication (server only)</td>
</tr>
<tr>
<td><code>TRILIUM_GENERAL_NOBACKUP</code>
</td>
<td>boolean</td>
<td>false</td>
<td>Disable automatic backups</td>
</tr>
<tr>
<td><code>TRILIUM_GENERAL_NODESKTOPICON</code>
</td>
<td>boolean</td>
<td>false</td>
<td>Disable desktop icon creation</td>
</tr>
<tr>
<td><code>TRILIUM_GENERAL_READONLY</code>
</td>
<td>boolean</td>
<td>false</td>
<td>Enable read-only mode</td>
</tr>
</tbody>
</table>
</figure>
<table>
<thead>
<tr>
<th>Environment Variable</th>
<th>Type</th>
<th>Default</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>TRILIUM_GENERAL_INSTANCENAME</code>
</td>
<td>string</td>
<td>""</td>
<td>Instance name for API identification</td>
</tr>
<tr>
<td><code>TRILIUM_GENERAL_NOAUTHENTICATION</code>
</td>
<td>boolean</td>
<td>false</td>
<td>Disable authentication (server only)</td>
</tr>
<tr>
<td><code>TRILIUM_GENERAL_NOBACKUP</code>
</td>
<td>boolean</td>
<td>false</td>
<td>Disable automatic backups</td>
</tr>
<tr>
<td><code>TRILIUM_GENERAL_NODESKTOPICON</code>
</td>
<td>boolean</td>
<td>false</td>
<td>Disable desktop icon creation</td>
</tr>
<tr>
<td><code>TRILIUM_GENERAL_READONLY</code>
</td>
<td>boolean</td>
<td>false</td>
<td>Enable read-only mode</td>
</tr>
</tbody>
</table>
<h3>Network Section</h3>
<figure class="table">
<table>
<thead>
<tr>
<th>Environment Variable</th>
<th>Type</th>
<th>Default</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>TRILIUM_NETWORK_HOST</code>
</td>
<td>string</td>
<td>"0.0.0.0"</td>
<td>Server host binding</td>
</tr>
<tr>
<td><code>TRILIUM_NETWORK_PORT</code>
</td>
<td>string</td>
<td>"3000"</td>
<td>Server port</td>
</tr>
<tr>
<td><code>TRILIUM_NETWORK_HTTPS</code>
</td>
<td>boolean</td>
<td>false</td>
<td>Enable HTTPS</td>
</tr>
<tr>
<td><code>TRILIUM_NETWORK_CERTPATH</code>
</td>
<td>string</td>
<td>""</td>
<td>SSL certificate path</td>
</tr>
<tr>
<td><code>TRILIUM_NETWORK_KEYPATH</code>
</td>
<td>string</td>
<td>""</td>
<td>SSL key path</td>
</tr>
<tr>
<td><code>TRILIUM_NETWORK_TRUSTEDREVERSEPROXY</code>
</td>
<td>boolean/string</td>
<td>false</td>
<td>Reverse proxy trust settings</td>
</tr>
<tr>
<td><code>TRILIUM_NETWORK_CORSALLOWORIGIN</code>
</td>
<td>string</td>
<td>""</td>
<td>CORS allowed origins</td>
</tr>
<tr>
<td><code>TRILIUM_NETWORK_CORSALLOWMETHODS</code>
</td>
<td>string</td>
<td>""</td>
<td>CORS allowed methods</td>
</tr>
<tr>
<td><code>TRILIUM_NETWORK_CORSALLOWHEADERS</code>
</td>
<td>string</td>
<td>""</td>
<td>CORS allowed headers</td>
</tr>
</tbody>
</table>
</figure>
<table>
<thead>
<tr>
<th>Environment Variable</th>
<th>Type</th>
<th>Default</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>TRILIUM_NETWORK_HOST</code>
</td>
<td>string</td>
<td>"0.0.0.0"</td>
<td>Server host binding</td>
</tr>
<tr>
<td><code>TRILIUM_NETWORK_PORT</code>
</td>
<td>string</td>
<td>"3000"</td>
<td>Server port</td>
</tr>
<tr>
<td><code>TRILIUM_NETWORK_HTTPS</code>
</td>
<td>boolean</td>
<td>false</td>
<td>Enable HTTPS</td>
</tr>
<tr>
<td><code>TRILIUM_NETWORK_CERTPATH</code>
</td>
<td>string</td>
<td>""</td>
<td>SSL certificate path</td>
</tr>
<tr>
<td><code>TRILIUM_NETWORK_KEYPATH</code>
</td>
<td>string</td>
<td>""</td>
<td>SSL key path</td>
</tr>
<tr>
<td><code>TRILIUM_NETWORK_TRUSTEDREVERSEPROXY</code>
</td>
<td>boolean/string</td>
<td>false</td>
<td>Reverse proxy trust settings</td>
</tr>
<tr>
<td><code>TRILIUM_NETWORK_CORSALLOWORIGIN</code>
</td>
<td>string</td>
<td>""</td>
<td>CORS allowed origins</td>
</tr>
<tr>
<td><code>TRILIUM_NETWORK_CORSALLOWMETHODS</code>
</td>
<td>string</td>
<td>""</td>
<td>CORS allowed methods</td>
</tr>
<tr>
<td><code>TRILIUM_NETWORK_CORSALLOWHEADERS</code>
</td>
<td>string</td>
<td>""</td>
<td>CORS allowed headers</td>
</tr>
</tbody>
</table>
<h3>Session Section</h3>
<figure class="table">
<table>
<thead>
<tr>
<th>Environment Variable</th>
<th>Type</th>
<th>Default</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>TRILIUM_SESSION_COOKIEMAXAGE</code>
</td>
<td>integer</td>
<td>1814400</td>
<td>Session cookie max age in seconds (21 days)</td>
</tr>
</tbody>
</table>
</figure>
<table>
<thead>
<tr>
<th>Environment Variable</th>
<th>Type</th>
<th>Default</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>TRILIUM_SESSION_COOKIEMAXAGE</code>
</td>
<td>integer</td>
<td>1814400</td>
<td>Session cookie max age in seconds (21 days)</td>
</tr>
</tbody>
</table>
<h3>Sync Section</h3>
<figure class="table">
<table>
<thead>
<tr>
<th>Environment Variable</th>
<th>Type</th>
<th>Default</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>TRILIUM_SYNC_SYNCSERVERHOST</code>
</td>
<td>string</td>
<td>""</td>
<td>Sync server host URL</td>
</tr>
<tr>
<td><code>TRILIUM_SYNC_SYNCSERVERTIMEOUT</code>
</td>
<td>string</td>
<td>"120000"</td>
<td>Sync server timeout in milliseconds</td>
</tr>
<tr>
<td><code>TRILIUM_SYNC_SYNCPROXY</code>
</td>
<td>string</td>
<td>""</td>
<td>Sync proxy URL</td>
</tr>
</tbody>
</table>
</figure>
<table>
<thead>
<tr>
<th>Environment Variable</th>
<th>Type</th>
<th>Default</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>TRILIUM_SYNC_SYNCSERVERHOST</code>
</td>
<td>string</td>
<td>""</td>
<td>Sync server host URL</td>
</tr>
<tr>
<td><code>TRILIUM_SYNC_SYNCSERVERTIMEOUT</code>
</td>
<td>string</td>
<td>"120000"</td>
<td>Sync server timeout in milliseconds</td>
</tr>
<tr>
<td><code>TRILIUM_SYNC_SYNCPROXY</code>
</td>
<td>string</td>
<td>""</td>
<td>Sync proxy URL</td>
</tr>
</tbody>
</table>
<h3>MultiFactorAuthentication Section</h3>
<figure class="table">
<table>
<thead>
<tr>
<th>Environment Variable</th>
<th>Type</th>
<th>Default</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHBASEURL</code>
</td>
<td>string</td>
<td>""</td>
<td>OAuth/OpenID base URL</td>
</tr>
<tr>
<td><code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHCLIENTID</code>
</td>
<td>string</td>
<td>""</td>
<td>OAuth client ID</td>
</tr>
<tr>
<td><code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHCLIENTSECRET</code>
</td>
<td>string</td>
<td>""</td>
<td>OAuth client secret</td>
</tr>
<tr>
<td><code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERBASEURL</code>
</td>
<td>string</td>
<td>"<a href="https://accounts.google.com">https://accounts.google.com</a>"</td>
<td>OAuth issuer base URL</td>
</tr>
<tr>
<td><code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERNAME</code>
</td>
<td>string</td>
<td>"Google"</td>
<td>OAuth issuer display name</td>
</tr>
<tr>
<td><code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERICON</code>
</td>
<td>string</td>
<td>""</td>
<td>OAuth issuer icon URL</td>
</tr>
</tbody>
</table>
</figure>
<table>
<thead>
<tr>
<th>Environment Variable</th>
<th>Type</th>
<th>Default</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHBASEURL</code>
</td>
<td>string</td>
<td>""</td>
<td>OAuth/OpenID base URL</td>
</tr>
<tr>
<td><code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHCLIENTID</code>
</td>
<td>string</td>
<td>""</td>
<td>OAuth client ID</td>
</tr>
<tr>
<td><code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHCLIENTSECRET</code>
</td>
<td>string</td>
<td>""</td>
<td>OAuth client secret</td>
</tr>
<tr>
<td><code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERBASEURL</code>
</td>
<td>string</td>
<td>"<a href="https://accounts.google.com">https://accounts.google.com</a>"</td>
<td>OAuth issuer base URL</td>
</tr>
<tr>
<td><code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERNAME</code>
</td>
<td>string</td>
<td>"Google"</td>
<td>OAuth issuer display name</td>
</tr>
<tr>
<td><code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERICON</code>
</td>
<td>string</td>
<td>""</td>
<td>OAuth issuer icon URL</td>
</tr>
</tbody>
</table>
<h3>Logging Section</h3>
<figure class="table">
<table>
<thead>
<tr>
<th>Environment Variable</th>
<th>Type</th>
<th>Default</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>TRILIUM_LOGGING_RETENTIONDAYS</code>
</td>
<td>integer</td>
<td>90</td>
<td>Number of days to retain log files</td>
</tr>
</tbody>
</table>
</figure>
<table>
<thead>
<tr>
<th>Environment Variable</th>
<th>Type</th>
<th>Default</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>TRILIUM_LOGGING_RETENTIONDAYS</code>
</td>
<td>integer</td>
<td>90</td>
<td>Number of days to retain log files</td>
</tr>
</tbody>
</table>
<h2>Alternative Environment Variables</h2>
<p>The following alternative environment variable names are also supported
and work identically to their longer counterparts:</p>
<h3>Network CORS Variables</h3>
<ul>
<li data-list-item-id="eb8b1f15b023c10a1eb3ba027d85e3800"><code>TRILIUM_NETWORK_CORS_ALLOW_ORIGIN</code> (alternative to <code>TRILIUM_NETWORK_CORSALLOWORIGIN</code>)</li>
<li
data-list-item-id="eae54f70c5191760092234efa58ef5e74"><code>TRILIUM_NETWORK_CORS_ALLOW_METHODS</code> (alternative to <code>TRILIUM_NETWORK_CORSALLOWMETHODS</code>)</li>
<li
data-list-item-id="ec86f6932632ef8375f57ad544027ee3a"><code>TRILIUM_NETWORK_CORS_ALLOW_HEADERS</code> (alternative to <code>TRILIUM_NETWORK_CORSALLOWHEADERS</code>)</li>
<li><code>TRILIUM_NETWORK_CORS_ALLOW_ORIGIN</code> (alternative to <code>TRILIUM_NETWORK_CORSALLOWORIGIN</code>)</li>
<li><code>TRILIUM_NETWORK_CORS_ALLOW_METHODS</code> (alternative to <code>TRILIUM_NETWORK_CORSALLOWMETHODS</code>)</li>
<li><code>TRILIUM_NETWORK_CORS_ALLOW_HEADERS</code> (alternative to <code>TRILIUM_NETWORK_CORSALLOWHEADERS</code>)</li>
</ul>
<h3>Sync Variables</h3>
<ul>
<li data-list-item-id="e43ba356f96a86ec4fda045063a8c7688"><code>TRILIUM_SYNC_SERVER_HOST</code> (alternative to <code>TRILIUM_SYNC_SYNCSERVERHOST</code>)</li>
<li
data-list-item-id="ecaf5873ff53f77deeb6775e196e14343"><code>TRILIUM_SYNC_SERVER_TIMEOUT</code> (alternative to <code>TRILIUM_SYNC_SYNCSERVERTIMEOUT</code>)</li>
<li
data-list-item-id="e66a1ceb165464c39720072764f62ddd6"><code>TRILIUM_SYNC_SERVER_PROXY</code> (alternative to <code>TRILIUM_SYNC_SYNCPROXY</code>)</li>
<li><code>TRILIUM_SYNC_SERVER_HOST</code> (alternative to <code>TRILIUM_SYNC_SYNCSERVERHOST</code>)</li>
<li><code>TRILIUM_SYNC_SERVER_TIMEOUT</code> (alternative to <code>TRILIUM_SYNC_SYNCSERVERTIMEOUT</code>)</li>
<li><code>TRILIUM_SYNC_SERVER_PROXY</code> (alternative to <code>TRILIUM_SYNC_SYNCPROXY</code>)</li>
</ul>
<h3>OAuth/MFA Variables</h3>
<ul>
<li data-list-item-id="e8c2c2b37159644a4d220edb9918f9d0a"><code>TRILIUM_OAUTH_BASE_URL</code> (alternative to <code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHBASEURL</code>)</li>
<li
data-list-item-id="e1cf27f36963616e929aa9fbcd75d63f5"><code>TRILIUM_OAUTH_CLIENT_ID</code> (alternative to <code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHCLIENTID</code>)</li>
<li
data-list-item-id="eb6dd8d8c0177da4d0a467bb1527e7a9a"><code>TRILIUM_OAUTH_CLIENT_SECRET</code> (alternative to <code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHCLIENTSECRET</code>)</li>
<li
data-list-item-id="e07df03aef9e3b4630b5ed1edadadd6fb"><code>TRILIUM_OAUTH_ISSUER_BASE_URL</code> (alternative to <code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERBASEURL</code>)</li>
<li
data-list-item-id="e2a8099088f69823eb5f1797f85cb29a1"><code>TRILIUM_OAUTH_ISSUER_NAME</code> (alternative to <code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERNAME</code>)</li>
<li
data-list-item-id="edd9461cdb7f96371335413e17548dbed"><code>TRILIUM_OAUTH_ISSUER_ICON</code> (alternative to <code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERICON</code>)</li>
<li><code>TRILIUM_OAUTH_BASE_URL</code> (alternative to <code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHBASEURL</code>)</li>
<li><code>TRILIUM_OAUTH_CLIENT_ID</code> (alternative to <code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHCLIENTID</code>)</li>
<li><code>TRILIUM_OAUTH_CLIENT_SECRET</code> (alternative to <code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHCLIENTSECRET</code>)</li>
<li><code>TRILIUM_OAUTH_ISSUER_BASE_URL</code> (alternative to <code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERBASEURL</code>)</li>
<li><code>TRILIUM_OAUTH_ISSUER_NAME</code> (alternative to <code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERNAME</code>)</li>
<li><code>TRILIUM_OAUTH_ISSUER_ICON</code> (alternative to <code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERICON</code>)</li>
</ul>
<h3>Logging Variables</h3>
<ul>
<li data-list-item-id="ed3b4ee1ac943a37c729d973738cf5c76"><code>TRILIUM_LOGGING_RETENTION_DAYS</code> (alternative to <code>TRILIUM_LOGGING_RETENTIONDAYS</code>)</li>
<li><code>TRILIUM_LOGGING_RETENTION_DAYS</code> (alternative to <code>TRILIUM_LOGGING_RETENTIONDAYS</code>)</li>
</ul>
<h2>Boolean Values</h2>
<p>Boolean environment variables accept the following values:</p>
<ul>
<li data-list-item-id="e7f2f6e6929d2dc30570666cc1df6fdb1"><strong>True</strong>: <code>"true"</code>, <code>"1"</code>, <code>1</code>
<li><strong>True</strong>: <code>"true"</code>, <code>"1"</code>, <code>1</code>
</li>
<li data-list-item-id="ea03e6536d3055634d536f429683efdc6"><strong>False</strong>: <code>"false"</code>, <code>"0"</code>, <code>0</code>
<li><strong>False</strong>: <code>"false"</code>, <code>"0"</code>, <code>0</code>
</li>
<li data-list-item-id="e7b0f5806a421c801401712940730961e">Any other value defaults to <code>false</code>
<li>Any other value defaults to <code>false</code>
</li>
</ul>
<h2>Using Environment Variables</h2>
<p>Both naming patterns are fully supported and can be used interchangeably:</p>
<ul>
<li data-list-item-id="e4be74ec58603a4ea748a13065ce0b965">The longer format follows the section/key pattern for consistency with
<li>The longer format follows the section/key pattern for consistency with
the INI file structure</li>
<li data-list-item-id="e4f6aa6d54fce77025d4349f9569723de">The shorter alternatives provide convenience for common configurations</li>
<li
data-list-item-id="eafaaefcfe88288f4e3faef8130cb12c0">You can use whichever format you prefer - both are equally valid</li>
<li>The shorter alternatives provide convenience for common configurations</li>
<li>You can use whichever format you prefer - both are equally valid</li>
</ul>
<h2>Examples</h2>
<h3>Docker Compose Example</h3><pre><code class="language-text-x-yaml">services:

52
apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/HTTPS (TLS).html generated vendored Normal file
View File

@ -0,0 +1,52 @@
<p>Configuring TLS is essential for <a href="#root/_help_WOcw2SLH6tbX">server installation</a> in
Trilium. This guide details the steps to set up TLS within Trilium itself.</p>
<aside
class="admonition tip">
<p>While Trilium supports HTTPS on its own, it's generally a good idea to
use a <a href="#root/pOsGYCXsbNQG/Otzi9La2YAUX/WOcw2SLH6tbX/_help_vcjrb3VVYPZI">reverse proxy</a> instead
with TLS termination. You can follow a <a href="https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04">guide like this</a> for
such setups.</p>
</aside>
<h2>Obtaining a TLS Certificate</h2>
<p>You have two options for obtaining a TLS certificate:</p>
<ul>
<li data-list-item-id="ef9eca3746191ab88f8ac5b9bbf0819b5"><strong>Recommended</strong>: Obtain a TLS certificate signed by a root
certificate authority. For personal use, <a href="https://letsencrypt.org">Let's Encrypt</a> is
an excellent choice. It is free, automated, and straightforward. Certbot
can facilitate automatic TLS setup.</li>
<li data-list-item-id="e2f48af26cc62a095be59dccbf1e44db6">Generate a self-signed certificate. This option is not recommended due
to the additional complexity of importing the certificate into all machines
connecting to the server.</li>
</ul>
<h2>Modifying <code>config.ini</code></h2>
<p>Once you have your certificate, modify the <code>config.ini</code> file
in the <a href="#root/_help_tAassRL4RSQL">data directory</a> to configure
Trilium to use it:</p><pre><code class="language-text-x-trilium-auto">[Network]
port=8080
# Set to true for TLS/SSL/HTTPS (secure), false for HTTP (insecure).
https=true
# Path to the certificate (run "bash bin/generate-cert.sh" to generate a self-signed certificate).
# Relevant only if https=true
certPath=/[username]/.acme.sh/[hostname]/fullchain.cer
keyPath=/[username]/.acme.sh/[hostname]/example.com.key</code></pre>
<p>You can also review the <a href="#root/_help_Gzjqa934BdH4">configuration</a> file
to provide all <code>config.ini</code> values as environment variables instead.
For example, you can configure TLS using environment variables:</p><pre><code class="language-text-x-trilium-auto">export TRILIUM_NETWORK_HTTPS=true
export TRILIUM_NETWORK_CERTPATH=/path/to/cert.pem
export TRILIUM_NETWORK_KEYPATH=/path/to/key.pem</code></pre>
<p>The above example shows how this is set up in an environment where the
certificate was generated using Let's Encrypt's ACME utility. Your paths
may differ. For Docker installations, ensure these paths are within a volume
or another directory accessible by the Docker container, such as <code>/home/node/trilium-data/[DIR IN DATA DIRECTORY]</code>.</p>
<p>After configuring <code>config.ini</code>, restart Trilium and access the
hostname using "https".</p>
<h2>Self-Signed Certificate</h2>
<p>If you opt to use a self-signed certificate for your server instance,
note that the desktop instance will not trust it by default.</p>
<p>To bypass this, disable certificate validation by setting the following
environment variable (for Linux):</p><pre><code class="language-text-x-trilium-auto">export NODE_TLS_REJECT_UNAUTHORIZED=0
trilium</code></pre>
<p>Trilium provides scripts to start in this mode, such as <code>trilium-no-cert-check.bat</code> for
Windows.</p>
<p><strong>Warning</strong>: Disabling TLS certificate validation is insecure.
Proceed only if you fully understand the implications.</p>

48
apps/server/src/assets/doc_notes/en/User Guide/User Guide/Installation & Setup/Server Installation/TLS Configuration.html generated vendored
View File

@ -1,48 +0,0 @@
<p>Configuring TLS is essential for <a href="#root/_help_WOcw2SLH6tbX">server installation</a> in
Trilium. This guide details the steps to set up TLS within Trilium itself.</p>
<p>For a more robust solution, consider using TLS termination with a reverse
proxy (recommended, e.g., Nginx). You can follow a <a href="https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04">guide like this</a> for
such setups.</p>
<h2>Obtaining a TLS Certificate</h2>
<p>You have two options for obtaining a TLS certificate:</p>
<ul>
<li><strong>Recommended</strong>: Obtain a TLS certificate signed by a root
certificate authority. For personal use, <a href="https://letsencrypt.org">Let's Encrypt</a> is
an excellent choice. It is free, automated, and straightforward. Certbot
can facilitate automatic TLS setup.</li>
<li>Generate a self-signed certificate. This option is not recommended due
to the additional complexity of importing the certificate into all machines
connecting to the server.</li>
</ul>
<h2>Modifying <code>config.ini</code></h2>
<p>Once you have your certificate, modify the <code>config.ini</code> file
in the <a href="#root/_help_tAassRL4RSQL">data directory</a> to configure
Trilium to use it:</p><pre><code class="language-text-x-trilium-auto">[Network]
port=8080
# Set to true for TLS/SSL/HTTPS (secure), false for HTTP (insecure).
https=true
# Path to the certificate (run "bash bin/generate-cert.sh" to generate a self-signed certificate).
# Relevant only if https=true
certPath=/[username]/.acme.sh/[hostname]/fullchain.cer
keyPath=/[username]/.acme.sh/[hostname]/example.com.key</code></pre>
<p>You can also review the <a href="#root/_help_Gzjqa934BdH4">configuration</a> file
to provide all <code>config.ini</code> values as environment variables instead.
For example, you can configure TLS using environment variables:</p><pre><code class="language-text-x-trilium-auto">export TRILIUM_NETWORK_HTTPS=true
export TRILIUM_NETWORK_CERTPATH=/path/to/cert.pem
export TRILIUM_NETWORK_KEYPATH=/path/to/key.pem</code></pre>
<p>The above example shows how this is set up in an environment where the
certificate was generated using Let's Encrypt's ACME utility. Your paths
may differ. For Docker installations, ensure these paths are within a volume
or another directory accessible by the Docker container, such as <code>/home/node/trilium-data/[DIR IN DATA DIRECTORY]</code>.</p>
<p>After configuring <code>config.ini</code>, restart Trilium and access the
hostname using "https".</p>
<h2>Self-Signed Certificate</h2>
<p>If you opt to use a self-signed certificate for your server instance,
note that the desktop instance will not trust it by default.</p>
<p>To bypass this, disable certificate validation by setting the following
environment variable (for Linux):</p><pre><code class="language-text-x-trilium-auto">export NODE_TLS_REJECT_UNAUTHORIZED=0
trilium</code></pre>
<p>Trilium provides scripts to start in this mode, such as <code>trilium-no-cert-check.bat</code> for
Windows.</p>
<p><strong>Warning</strong>: Disabling TLS certificate validation is insecure.
Proceed only if you fully understand the implications.</p>

20
docs/User Guide/!!!meta.json vendored
View File

@ -755,7 +755,7 @@
"WOcw2SLH6tbX",
"l2VkvOwUNfZj"
],
"title": "TLS Configuration",
"title": "HTTPS (TLS)",
"notePosition": 100,
"prefix": null,
"isExpanded": false,
@ -789,10 +789,24 @@
"value": "tls-configuration",
"isInheritable": false,
"position": 20
},
{
"type": "relation",
"name": "internalLink",
"value": "vcjrb3VVYPZI",
"isInheritable": false,
"position": 40
},
{
"type": "label",
"name": "iconClass",
"value": "bx bx-lock-alt",
"isInheritable": false,
"position": 50
}
],
"format": "markdown",
"dataFileName": "TLS Configuration.md",
"dataFileName": "HTTPS (TLS).md",
"attachments": []
},
{
@ -835,7 +849,7 @@
{
"type": "label",
"name": "iconClass",
"value": "bx bx-lock-alt",
"value": "bx bx-user",
"isInheritable": false,
"position": 10
}

2
docs/User Guide/User Guide/Installation & Setup/Desktop Installation.md vendored
View File

@ -9,7 +9,7 @@ To install Trilium on your desktop, follow these steps:
Trilium offers various startup scripts to customize your experience:
* `trilium-no-cert-check`: Starts Trilium without validating [TLS certificates](Server%20Installation/TLS%20Configuration.md), useful if connecting to a server with a self-signed certificate.
* `trilium-no-cert-check`: Starts Trilium without validating [TLS certificates](Server%20Installation/HTTPS%20\(TLS\).md), useful if connecting to a server with a self-signed certificate.
* Alternatively, set the `NODE_TLS_REJECT_UNAUTHORIZED=0` environment variable before starting Trilium.
* `trilium-portable`: Launches Trilium in portable mode, where the [data directory](Data%20directory.md) is created within the application's directory, making it easy to move the entire setup.
* `trilium-safe-mode`: Boots Trilium in "safe mode," disabling any startup scripts that might cause the application to crash.

2
docs/User Guide/User Guide/Installation & Setup/Server Installation.md vendored
View File

@ -18,7 +18,7 @@ The server installation includes both web and [mobile frontends](Mobile%20Fronte
## Configuration
After setting up your server installation, you may want to configure settings such as the port or enable [TLS](Server%20Installation/TLS%20Configuration.md). Configuration is managed via the Trilium `config.ini` file, which is located in the [data directory](Data%20directory.md) by default. To begin customizing your setup, copy the provided `config-sample.ini` file with default values to `config.ini`.
After setting up your server installation, you may want to configure settings such as the port or enable [TLS](Server%20Installation/HTTPS%20\(TLS\).md). Configuration is managed via the Trilium `config.ini` file, which is located in the [data directory](Data%20directory.md) by default. To begin customizing your setup, copy the provided `config-sample.ini` file with default values to `config.ini`.
You can also review the [configuration](../Advanced%20Usage/Configuration%20\(config.ini%20or%20e.md) file to provide all `config.ini` values as environment variables instead.

2
docs/User Guide/User Guide/Installation & Setup/Server Installation/1. Installing the server/Manually.md vendored
View File

@ -62,4 +62,4 @@ The application by default starts up on port 8080, so you can open your browser
## TLS
Don't forget to [configure TLS](../TLS%20Configuration.md) which is required for secure usage!
Don't forget to [configure TLS](../HTTPS%20\(TLS\).md) which is required for secure usage!

2
docs/User Guide/User Guide/Installation & Setup/Server Installation/1. Installing the server/Packaged version for Linux.md vendored
View File

@ -178,4 +178,4 @@ If you get an error like this, you need to either upgrade your glibc (typically
## TLS
Don't forget to [configure TLS](../TLS%20Configuration.md), which is required for secure usage!
Don't forget to [configure TLS](../HTTPS%20\(TLS\).md), which is required for secure usage!

5
docs/User Guide/User Guide/Installation & Setup/Server Installation/TLS Configuration.md → docs/User Guide/User Guide/Installation & Setup/Server Installation/HTTPS (TLS).md vendored
View File

@ -1,7 +1,8 @@
# TLS Configuration
# HTTPS (TLS)
Configuring TLS is essential for [server installation](../Server%20Installation.md) in Trilium. This guide details the steps to set up TLS within Trilium itself.
For a more robust solution, consider using TLS termination with a reverse proxy (recommended, e.g., Nginx). You can follow a [guide like this](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04) for such setups.
> [!TIP]
> While Trilium supports HTTPS on its own, it's generally a good idea to use a [reverse proxy](2.%20Reverse%20proxy) instead with TLS termination. You can follow a [guide like this](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04) for such setups.
## Obtaining a TLS Certificate

2
docs/User Guide/User Guide/Installation & Setup/Synchronization.md vendored
View File

@ -9,7 +9,7 @@ In this setup, a central server (referred to as the _sync server_) and multiple
### Security Considerations
Setting up the server securely is critical and can be complex. It is crucial to use a valid [TLS certificate](Server%20Installation/TLS%20Configuration.md) (HTTPS) rather than an unencrypted HTTP connection to ensure security and avoid potential vulnerabilities.
Setting up the server securely is critical and can be complex. It is crucial to use a valid [TLS certificate](Server%20Installation/HTTPS%20\(TLS\).md) (HTTPS) rather than an unencrypted HTTP connection to ensure security and avoid potential vulnerabilities.
### Synchronizing a Desktop Instance with a Sync Server