070959e133
landing-page-staging / Deploy landing page to staging (push) Has been skipped
landing-page-ci / Validate landing page (push) Failing after 4s
visual-baseline / Capture visual baselines (push) Has been cancelled
bake-plugin-previews / Bake plugin previews (push) Has been cancelled
39 lines
1.7 KiB
Bash
39 lines
1.7 KiB
Bash
# Image published by this repository's Docker workflow.
|
|
OPEN_DESIGN_IMAGE=ghcr.io/nexu-io/od:latest
|
|
|
|
# Host port exposed on 127.0.0.1 by docker compose.
|
|
# Keep Compose bound to localhost; use an authenticated reverse proxy, SSH tunnel,
|
|
# or VPN before exposing Open Design remotely.
|
|
OPEN_DESIGN_PORT=7456
|
|
|
|
# Comma-separated browser origins allowed to call /api when deployed behind a
|
|
# domain, public IP, or reverse proxy, e.g. http://203.0.113.10:7456,https://od.example.com.
|
|
OPEN_DESIGN_ALLOWED_ORIGINS=
|
|
|
|
# Recommended unless OPEN_DESIGN_DISABLE_API_AUTH=1 is set behind a trusted,
|
|
# already-authenticated reverse proxy.
|
|
# Generate a secure 32-byte hex token by running `openssl rand -hex 32` and paste it below.
|
|
OD_API_TOKEN=
|
|
|
|
# Optional escape hatch for deployments whose reverse proxy already authenticates
|
|
# every request before it reaches the daemon. Set to 1 only for trusted setups;
|
|
# when enabled, the daemon skips OD_API_TOKEN enforcement entirely.
|
|
#
|
|
# Note: connector endpoints (Composio, GitHub OAuth) also require the daemon to
|
|
# receive requests over loopback. On Linux Docker this is handled automatically
|
|
# by docker-compose.linux.yml (network_mode: host). On macOS/Windows use
|
|
# a reverse proxy bound to 127.0.0.1.
|
|
|
|
OPEN_DESIGN_DISABLE_API_AUTH=
|
|
|
|
# Container memory limit. The idle service has been verified around 18-22 MiB.
|
|
# Raise this for large exports, concurrent agent runs, or heavy upload workflows.
|
|
OPEN_DESIGN_MEM_LIMIT=384m
|
|
|
|
# Node.js heap cap inside the container.
|
|
NODE_OPTIONS=--max-old-space-size=192
|
|
|
|
# Optional Codex CLI sandbox override. Set to danger-full-access only when
|
|
# Codex fails with workspace-write sandbox setup errors inside the container.
|
|
OD_CODEX_SANDBOX=
|