Configuration
Production settings live in .env at the repository root (generated by
install.sh). Local development uses .env.local — see
Development.
Production (.env)
Templates: .env.example
| Variable | Role |
|---|---|
PANEL_DOMAIN |
FQDN for the panel. Keycloak: auth.<domain>, Traefik UI: traefik.<domain> |
ACME_EMAIL |
Let's Encrypt registration and expiry notices |
POSTGRES_USER / POSTGRES_PASSWORD |
Shared PostgreSQL credentials (panel + Keycloak) |
KEYCLOAK_ADMIN / KEYCLOAK_ADMIN_PASSWORD |
Keycloak master-realm admin used by the installer for API calls |
KEYCLOAK_CLIENT_ID / KEYCLOAK_CLIENT_SECRET |
OIDC client shared by the panel and Keycloak |
KEYCLOAK_CONSOLE_URL |
Link target for "Keycloak admin" in the UI (https://auth.<PANEL_DOMAIN>) |
TRAEFIK_DASHBOARD_URL |
Link target for Traefik dashboard (https://traefik.<PANEL_DOMAIN>/dashboard/) |
OAUTH2_PROXY_COOKIE_SECRET |
Session cookie signing for OAuth2 Proxy (Traefik UI) |
SITE_WEB_IMAGE_TEMPLATE |
Default pattern for generic PHP site web images (e.g. jigsaw-php:{phpVersion}) |
SITE_WORDPRESS_IMAGE_TEMPLATE |
Image for WordPress sites (e.g. jigsaw-wordpress:{phpVersion} — extends the PHP image) |
SITE_DB_IMAGE / SITE_SFTP_IMAGE |
Defaults for new site database and SFTP containers |
SITES_BASE_PATH_HOST / SITES_BASE_PATH_PANEL |
Host path for site files and mount path inside the panel container |
DOCKER_SOCKET_PATH |
Optional override for the Docker socket (Linux default /var/run/docker.sock) |
SESSION_SECRET |
Encrypts panel session cookies |
Identity defaults ship in
keycloak/jigsaw-realm.json:
self-service registration is enabled, with email verification off by default. Edit the realm file before first
boot or change these in the Keycloak admin UI later.
Compose and runtime
The production stack is defined in docker-compose.yml. Traefik, OAuth2 Proxy, PostgreSQL, Keycloak, and the panel service read these variables from the environment file Docker Compose loads.
Local development (.env.local)
Optional. Defaults are enough for npm run dev without any env file. See
.env.local.example and the
Development page when you need overrides (custom URLs, Docker socket on
Windows, etc.).