add env vars page

2025-02-23 08:20:13 +00:00 · 2025-02-08 10:15:01 +07:00 · 2025-02-08 10:15:01 +07:00 · ab5e355b49
commit ab5e355b49
parent d05723bd24
4 changed files with 107 additions and 3 deletions
--- a/mkdocs/docs/configuration/cast.md
+++ b/mkdocs/docs/configuration/cast.md
@ -1,4 +1,4 @@
-As Cast doesn't support authentication, enabling this functionality will make your static files, like artwork and media files, accessible by guessing the links. Those only require read-only access and the application itself is still protected.
+As Cast doesn't support authentication for static files, you'll also need to set [`DISABLE_STATIC_AUTH`](/installation/env-vars/#disable_static_auth) to disable authentication for your static files.

 Enabling this integration will embed an additional third-party JS library from **Google**.  

--- a/mkdocs/docs/installation/docker-compose.md
+++ b/mkdocs/docs/installation/docker-compose.md
@ -14,6 +14,10 @@ For minimal system requirements, the **Tube Archivist** stack needs around 2GB o

 Save the [docker-compose.yml](https://github.com/tubearchivist/tubearchivist/blob/master/docker-compose.yml) file from the **Tube Archivist** repository somewhere permanent on your system, keeping it named `docker-compose.yml`. You'll need to refer to it whenever starting this application.

+## Environment Variables
+
+For a comprehensive list of environment variables, see [installation/Environment Variables](/installation/env-vars/).
+
 ## Overview  
 **Tube Archivist** is a Python application that displays and serves your video collection, built with Django.  

@ -35,8 +39,7 @@ Save the [docker-compose.yml](https://github.com/tubearchivist/tubearchivist/blo
  - For the scheduler to know what time it is, set your timezone with the `TZ` environment variable, defaults to *UTC*.
  - Set `ENABLE_CAST`, a boolean value, to enable sending videos to your cast-ready devices, [read more](../configuration/cast.md). 

-!!! info
-    There is a check at application startup comparing the `TZ` value with your existing schedules. Your schedules will update automatically to reflect the change in timezone.
+


 ## Configuring Tube Archivist  
--- a/mkdocs/docs/installation/env-vars.md
+++ b/mkdocs/docs/installation/env-vars.md
@ -0,0 +1,100 @@
+# Environment Variables
+
+This is a comprehensive list of environment variables accessible to users.
+
+
+## TA_HOST
+Set the environment variable `TA_HOST` to match with the expected origin from where you will access your **Tube Archivist** instance. That is whatever you input into your browser URL bar.   
+
+- This can be a domain like *example.com*, a subdomain like *ta.example.com* or an IP address like *192.168.1.20*.
+- If you are running **Tube Archivist** behind a SSL reverse proxy, specify the protocol (`https://`).
+- Specify the port If you are using a nonstandard port.
+- You can add multiple hostnames separated with a space.
+- Any wrong configurations here will result in a `Bad Request (400)` response.
+- When in doubt, activate `DJANGO_DEBUG` to get explicit errors in the logs from where the requests are coming from.
+
+## TA_USERNAME
+Username for your initial credentials. Changing that after first time starting the application won't have any effect. Use the admin interface to change or add that.
+
+## TA_PASSWORD
+Password for your initial user. Changing that after creating the user, does not have any effect. Use the admin interface to change your password.
+
+!!! info
+    If you forgot your password, you can change it directly with:
+    
+    ```python manage.py ta_change_password username password```
+    
+    e.g.:
+
+    ```bash
+    docker compose exec -it tubearchivist python manage.py ta_change_password tubearchivist 123456
+    ```
+
+    to change the password of the user `tubearchivist` to `123456`.
+
+## TZ
+Your timezone. This is used for the scheduler. Defaults to UTC.
+
+!!! info
+    If you don't know your timezone, you can find a list [here](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). Enter the value from the `TZ Identifier` column. 
+
+!!! info
+    There is a check at application startup comparing the `TZ` value with your existing schedules. Your schedules will update automatically to reflect the change in timezone.
+
+## HOST_UID and HOST_GID (optional)
+Optionally change the user and group owning the media files generated by TubeArchivist. This uses `chown` on the output files. 
+
+!!! warning "Filesystem Compatibility"
+	Not all filesystems support `chown`. Notably `NFS` does not have functionality to change the ownership of files.  
+
+    You will see a error like `PermissionError: [Errno 1] Operation not permitted` when TA is trying to change the ownership of the downloaded file.
+
+## TA_PORT (optional)
+This changes the actual port Nginx is listening on. That is the public port exposed through the docker container. If you have a port collision on default port 8000, see bellow.
+
+## TA_BACKEND_PORT (optional)
+This changes the port where the backend service is running on. That is container internal only, but you might need to change that if you use a shared docker network and have a port collision there.
+
+## TA_ENABLE_AUTH_PROXY (optional)
+Configure TA to authenticate with a auth proxy. See [configuration/forward-auth](/configuration/forward-auth/) for more details.
+
+## TA_LDAP (optional)
+Configure TA to use LDAP for authentication. See [configuration/ldap](/configuration/ldap/) for more details.
+
+## ENABLE_CAST (optional)
+Enable casting support. See [configuration/cast](/configuration/cast/) for more details.
+
+!!! info
+    Enabling Cast also requires to disable authentication for your static files by setting the `DISABLE_STATIC_AUTH` variable.
+
+## DISABLE_STATIC_AUTH (optional)
+This will disable authentication for static assets like your video mp4 files, subtitles and artwork. This might be required if you need to access the media files over the HTTP server but you are not able to pass authentication headers.
+
+!!! info
+    This is `read only` access and does not allow for deleting/modifying any media files. But it is still limit exposure or add additional protections if you enable that.
+
+## DJANGO_DEBUG
+Enable debug to show additional log information like HTTP requests and yt-dlp configurations in your Docker logs. Helpful for development and debugging.
+
+!!! warning "Memory Leak"
+    Only set this temporarily if you need to inspect some specific problem. Don't forget to remove it again after. This introduces a memory leak plus standard error messages from the backend will be in HTML showing a detailed stack trace and additional info instead of JSON, meaning the frontend is not able to display any error messages.
+
+## REDIS_CON
+Connection string for your Redis instance. Specify protocol, host and port.
+E.g.: `redis://archivist-redis:6379`
+
+## ES_URL
+URL for your ElasticSearch instance. Add protocol and port.  
+E.g. `http://archivist-es:9200`.
+
+## ELASTIC_PASSWORD
+This is the password for ElasticSearch. Make sure it matches with the equivalent password set for the ElasticSearch container.
+
+## ELASTIC_USER (optional)
+Optionally change the ElasticSearch username from the default `elastic`.
+
+## ES_DISABLE_VERIFY_SSL (optional)
+Optionally disable SSL verification for ElasticSearch. Useful if you use a self signed certificate for ElasticSearch.
+
+## ES_SNAPSHOT_DIR (optional)
+Optionally set a custom path where elastic search stores snapshots for master/data nodes. Note, that path applies to inside the ES container.
--- a/mkdocs/mkdocs.yml
+++ b/mkdocs/mkdocs.yml
@ -19,6 +19,7 @@ nav:
          - 'Actions': 'settings/actions.md'
        - 'Advanced': 'advanced.md'
    - Installation:
+        - 'Environment Variables': 'installation/env-vars.md'
        - 'Docker-Compose (default)': 'installation/docker-compose.md'
        - 'Helm Charts': 'installation/helm-charts.md'
        - 'Podman': 'installation/podman.md'