Learn how to self-host Documenso on your server or cloud infrastructure using Docker or other deployment methods.
git clone https://github.com/documenso/documenso.git
documenso
folder and create a .env
file from the example .env.example
file:cp .env.example .env
.env
file and fill in the following variables:- NEXTAUTH_URL
- NEXTAUTH_SECRET
- NEXT_PUBLIC_WEBAPP_URL
- NEXT_PUBLIC_MARKETING_URL
- NEXT_PRIVATE_DATABASE_URL
- NEXT_PRIVATE_DIRECT_DATABASE_URL
- NEXT_PRIVATE_SMTP_FROM_NAME
- NEXT_PRIVATE_SMTP_FROM_ADDRESS
npm i
npm run build:web
npm run prisma:migrate-deploy
npm run start
localhost:3000
. Any reverse proxy can handle the front end and SSL termination.compose.yml
Filecompose.yml
file..env
file in the same directory as the compose.yml
file.NEXTAUTH_SECRET="<your-secret>"
NEXT_PRIVATE_ENCRYPTION_KEY="<your-key>"
NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY="<your-secondary-key>"
NEXT_PUBLIC_WEBAPP_URL="<your-url>"
NEXT_PRIVATE_SMTP_TRANSPORT="smtp-auth"
NEXT_PRIVATE_SMTP_HOST="<your-host>"
NEXT_PRIVATE_SMTP_PORT=<your-port>
NEXT_PRIVATE_SMTP_USERNAME="<your-username>"
NEXT_PRIVATE_SMTP_PASSWORD="<your-password>"
cert.p12
file is required to sign and encrypt documents, so you must provide your key file. Update the volume binding in the compose.yml
file to point to your key file:volumes:
- /path/to/your/keyfile.p12:/opt/documenso/cert.p12
compose.yml
file and run the following command to start the containers:docker-compose --env-file ./.env up -d
http://localhost:3000
in your web browser.docker pull documenso/documenso
docker pull ghcr.io/documenso/documenso
docker run -d \
-p 3000:3000 \
-e NEXTAUTH_URL="<your-nextauth-url>"
-e NEXTAUTH_SECRET="<your-nextauth-secret>"
-e NEXT_PRIVATE_ENCRYPTION_KEY="<your-next-private-encryption-key>"
-e NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY="<your-next-private-encryption-secondary-key>"
-e NEXT_PUBLIC_WEBAPP_URL="<your-next-public-webapp-url>"
-e NEXT_PRIVATE_DATABASE_URL="<your-next-private-database-url>"
-e NEXT_PRIVATE_DIRECT_DATABASE_URL="<your-next-private-database-url>"
-e NEXT_PRIVATE_SMTP_TRANSPORT="<your-next-private-smtp-transport>"
-e NEXT_PRIVATE_SMTP_FROM_NAME="<your-next-private-smtp-from-name>"
-e NEXT_PRIVATE_SMTP_FROM_ADDRESS="<your-next-private-smtp-from-address>"
-v /path/to/your/keyfile.p12:/opt/documenso/cert.p12
documenso/documenso
NEXT_PUBLIC_WEBAPP_URL
environment variable in your web browser.Variable | Description |
---|---|
PORT | The port on which the Documenso application runs. It defaults to 3000 . |
NEXTAUTH_URL | The URL for the NextAuth.js authentication service. |
NEXTAUTH_SECRET | The secret key used by NextAuth.js for encryption and signing. |
NEXT_PRIVATE_ENCRYPTION_KEY | The primary encryption key for symmetric encryption and decryption (at least 32 characters). |
NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY | The secondary encryption key for symmetric encryption and decryption (at least 32 characters). |
NEXT_PRIVATE_GOOGLE_CLIENT_ID | The Google client ID for Google authentication (optional). |
NEXT_PRIVATE_GOOGLE_CLIENT_SECRET | The Google client secret for Google authentication (optional). |
NEXT_PUBLIC_WEBAPP_URL | The URL for the web application. |
NEXT_PRIVATE_DATABASE_URL | The URL for the primary database connection (with connection pooling). |
NEXT_PRIVATE_DIRECT_DATABASE_URL | The URL for the direct database connection (without connection pooling). |
NEXT_PRIVATE_SIGNING_TRANSPORT | The signing transport to use. Available options: local (default) |
NEXT_PRIVATE_SIGNING_PASSPHRASE | The passphrase for the key file. |
NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS | The base64-encoded contents of the key file will be used instead of the file path. |
NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH | The path to the key file, default /opt/documenso/cert.p12 . |
NEXT_PUBLIC_UPLOAD_TRANSPORT | The transport for file uploads (database or s3). |
NEXT_PRIVATE_UPLOAD_ENDPOINT | The endpoint for the S3 storage transport (for third-party S3-compatible providers). |
NEXT_PRIVATE_UPLOAD_FORCE_PATH_STYLE | Whether to force path-style URLs for the S3 storage transport. |
NEXT_PRIVATE_UPLOAD_REGION | The region for the S3 storage transport (defaults to us-east-1). |
NEXT_PRIVATE_UPLOAD_BUCKET | The bucket to use for the S3 storage transport. |
NEXT_PRIVATE_UPLOAD_ACCESS_KEY_ID | The access key ID for the S3 storage transport. |
NEXT_PRIVATE_UPLOAD_SECRET_ACCESS_KEY | The secret access key for the S3 storage transport. |
NEXT_PRIVATE_SMTP_TRANSPORT | The transport to send emails (smtp-auth, smtp-api, resend, or mailchannels). |
NEXT_PRIVATE_SMTP_HOST | The host for the SMTP server for SMTP transports. |
NEXT_PRIVATE_SMTP_PORT | The port for the SMTP server for SMTP transports. |
NEXT_PRIVATE_SMTP_USERNAME | The username for the SMTP server for the smtp-auth transport. |
NEXT_PRIVATE_SMTP_PASSWORD | The password for the SMTP server for the smtp-auth transport. |
NEXT_PRIVATE_SMTP_APIKEY_USER | The API key user for the SMTP server for the smtp-api transport. |
NEXT_PRIVATE_SMTP_APIKEY | The API key for the SMTP server for the smtp-api transport. |
NEXT_PRIVATE_SMTP_SECURE | Whether to force the use of TLS for the SMTP server for SMTP transports. |
NEXT_PRIVATE_SMTP_FROM_ADDRESS | The email address for the “from” address. |
NEXT_PRIVATE_SMTP_FROM_NAME | The sender name for the “from” address. |
NEXT_PRIVATE_RESEND_API_KEY | The API key for Resend.com for the resend transport. |
NEXT_PRIVATE_MAILCHANNELS_API_KEY | The optional API key for MailChannels (if using a proxy) for the mailchannels transport. |
NEXT_PRIVATE_MAILCHANNELS_ENDPOINT | The optional endpoint for the MailChannels API (if using a proxy) for the mailchannels transport. |
NEXT_PRIVATE_MAILCHANNELS_DKIM_DOMAIN | The domain for DKIM signing with MailChannels for the mailchannels transport. |
NEXT_PRIVATE_MAILCHANNELS_DKIM_SELECTOR | The selector for DKIM signing with MailChannels for the mailchannels transport. |
NEXT_PRIVATE_MAILCHANNELS_DKIM_PRIVATE_KEY | The private key for DKIM signing with MailChannels for the mailchannels transport. |
NEXT_PUBLIC_DOCUMENT_SIZE_UPLOAD_LIMIT | The maximum document upload limit displayed to the user (in MB). |
NEXT_PUBLIC_POSTHOG_KEY | The optional PostHog key for analytics and feature flags. |
NEXT_PUBLIC_DISABLE_SIGNUP | Whether to disable user signups through the /signup page. |
systemd.service
file. Here is a simple example of the service running on port 3500
(using 3000
by default):