Command-Line Interface parameters

Required parameters

Most of the parameters have sane defaults and don't require customization. There are only a few parameters the user has to define:

  1. SECRET - secret key, can be any long and hard-to-guess string
  2. REMARK_URL - URL pointing to your Remark42 server, i.e.,
  3. At least one pair of AUTH_<PROVIDER>_CID and AUTH_<PROVIDER>_CSEC defining OAuth2 provider(s)

The minimal docker-compose.yml has to include all required parameters:

version: '2'

image: umputun/remark42:latest
restart: always
container_name: "remark42"
- REMARK_URL= # URL pointing to your Remark42 server
- SITE=YOUR_SITE_ID # site ID, same as used for `site_id`, see "Setup on your website"
- SECRET=abcd-123456-xyz-$%^& # secret key
- AUTH_ANON=true # enable anonymous commenting
- AUTH_GITHUB_CID=12345667890 # OAuth2 client ID
- AUTH_GITHUB_CSEC=abcdefg12345678 # OAuth2 client secret
- ./var:/srv/var # persistent volume to store all Remark42 data

Complete parameters list

Command lineEnvironmentDefaultDescription
urlREMARK_URLURL to Remark42 server, required
secretSECRETthe shared secret key used to sign JWT, should be a random, long, hard-to-guess string, required
siteSITEremarksite name(s), multi
store.typeSTORE_TYPEbolttype of storage, bolt or rpc
store.bolt.pathSTORE_BOLT_PATH./varparent directory for the bolt files
store.bolt.timeoutSTORE_BOLT_TIMEOUT30sboltdb access timeout
store.rpc.apiSTORE_RPC_APIrpc extension api url
store.rpc.timeoutSTORE_RPC_TIMEOUThttp timeout (default: 5s)
store.rpc.auth_userSTORE_RPC_AUTH_USERbasic auth user name
store.rpc.auth_passwdSTORE_RPC_AUTH_PASSWDbasic auth user password
admin.typeADMIN_TYPEsharedtype of admin store, shared or rpc
admin.rpc.apiADMIN_RPC_APIrpc extension api url
admin.rpc.timeoutADMIN_RPC_TIMEOUThttp timeout (default: 5s)
admin.rpc.auth_userADMIN_RPC_AUTH_USERbasic auth user name
admin.rpc.auth_passwdADMIN_RPC_AUTH_PASSWDbasic auth user password
admin.rpc.secret_per_siteADMIN_RPC_SECRET_PER_SITEenable JWT secret retrieval per aud, which is site_id in this case
admin.shared.idADMIN_SHARED_IDadmin IDs (list of user IDs), multi
admin.shared.emailADMIN_SHARED_EMAILadmin@${REMARK_URL}admin emails, multi
backupBACKUP_PATH./var/backupbackups location
max-backMAX_BACKUP_FILES10max backup files to keep
cache.typeCACHE_TYPEmemtype of cache, redis_pub_sub or mem or none
cache.redis_addrCACHE_REDIS_ADDR127.0.0.1:6379address of Redis PubSub instance, turn redis_pub_sub cache on for distributed cache
cache.max.itemsCACHE_MAX_ITEMS1000max number of cached items, 0 - unlimited
cache.max.valueCACHE_MAX_VALUE65536max size of the cached value, 0 - unlimited
cache.max.sizeCACHE_MAX_SIZE50000000max size of all cached values, 0 - unlimited
avatar.typeAVATAR_TYPEfstype of avatar storage, fs, bolt, or uri
avatar.fs.pathAVATAR_FS_PATH./var/avatarsavatars location for fs store
avatar.bolt.fileAVATAR_BOLT_FILE./var/avatars.dbavatars bolt file location
avatar.uriAVATAR_URI./var/avatarsavatars store URI
avatar.rsz-lmtAVATAR_RESIZE0 (disabled)max image size for resizing avatars on save
image.typeIMAGE_TYPEfstype of image storage, fs, bolt or rpc
image.fs.pathIMAGE_FS_PATH./var/picturespermanent location of images
image.fs.stagingIMAGE_FS_STAGING./var/pictures.stagingstaging location of images
image.fs.partitionsIMAGE_FS_PARTITIONS100number of image partitions
image.bolt.fileIMAGE_BOLT_FILE/var/pictures.dbimages bolt file location
image.rpc.apiIMAGE_RPC_APIrpc extension api url
image.rpc.timeoutIMAGE_RPC_TIMEOUThttp timeout (default: 5s)
image.rpc.auth_userIMAGE_RPC_AUTH_USERbasic auth user name
image.rpc.auth_passwdIMAGE_RPC_AUTH_PASSWDbasic auth user password
image.max-sizeIMAGE_MAX_SIZE5000000max size of image file
image.resize-widthIMAGE_RESIZE_WIDTH2400width of a resized image
image.resize-heightIMAGE_RESIZE_HEIGHT900height of a resized image
auth.ttl.jwtAUTH_TTL_JWT5mJWT TTL
auth.ttl.cookieAUTH_TTL_COOKIE200hcookie TTL
auth.send-jwt-headerAUTH_SEND_JWT_HEADERfalsesend JWT as a header instead of a cookie
auth.same-siteAUTH_SAME_SITEdefaultset same site policy for cookies (default, none, lax or strict) client ID service ID key ID key file location OAuth client ID OAuth client secret
auth.facebook.cidAUTH_FACEBOOK_CIDFacebook OAuth client ID
auth.facebook.csecAUTH_FACEBOOK_CSECFacebook OAuth client secret OAuth client ID OAuth client secret
auth.github.cidAUTH_GITHUB_CIDGitHub OAuth client ID
auth.github.csecAUTH_GITHUB_CSECGitHub OAuth client secret
auth.twitter.cidAUTH_TWITTER_CIDTwitter Consumer API Key
auth.twitter.csecAUTH_TWITTER_CSECTwitter Consumer API Secret key
auth.patreon.cidAUTH_PATREON_CIDPatreon OAuth Client ID
auth.patreon.csecAUTH_PATREON_CSECPatreon OAuth Client Secret
auth.telegramAUTH_TELEGRAMfalseEnable Telegram auth (telegram.token must be present) OAuth client ID OAuth client secret
auth.devAUTH_DEVfalselocal OAuth2 server, development mode only
auth.anonAUTH_ANONfalseenable anonymous login auth via email from confirmationemail subject content type
notify.usersNOTIFY_USERSnonetype of user notifications (telegram, email), multi
notify.adminsNOTIFY_ADMINSnonetype of admin notifications (telegram, slack, webhook and/or email), multi
notify.queueNOTIFY_QUEUE100size of notification queue
notify.telegram.chanNOTIFY_TELEGRAM_CHANthe ID of telegram channel for admin notifications
notify.slack.tokenNOTIFY_SLACK_TOKENSlack token
notify.slack.chanNOTIFY_SLACK_CHANgeneralSlack channel for admin notifications
notify.webhook.urlNOTIFY_WEBHOOK_URLWebhook notification URL for admin notifications
notify.webhook.templateNOTIFY_WEBHOOK_TEMPLATE{"text": "{{.Text}}"}Webhook payload template
notify.webhook.headersNOTIFY_WEBHOOK_HEADERSHTTP header in format Header1:Value1,Header2:Value2,...
notify.webhook.timeoutNOTIFY_WEBHOOK_TIMEOUT5sWebhook connection timeout email address verificationverification message subject
telegram.tokenTELEGRAM_TOKENTelegram token (used for auth and Telegram notifications)
telegram.timeoutTELEGRAM_TIMEOUT5sTelegram connection timeout
smtp.hostSMTP_HOSTSMTP host
smtp.portSMTP_PORTSMTP port
smtp.usernameSMTP_USERNAMESMTP user name
smtp.passwordSMTP_PASSWORDSMTP password
smtp.login_authSMTP_LOGIN_AUTH`falseenable LOGIN auth instead of PLAIN
smtp.tlsSMTP_TLSfalseenable TLS for SMTP
smtp.starttlsSMTP_STARTTLSfalseenable StartTLS for SMTP
smtp.insecure_skip_verifySMTP_INSECURE_SKIP_VERIFYfalseskip certificate verification for SMTP
smtp.timeoutSMTP_TIMEOUT10sSMTP TCP connection timeout
ssl.typeSSL_TYPEnonenone-HTTP, static-HTTPS, auto-HTTPS + le
ssl.portSSL_PORT8443port for HTTPS server
ssl.certSSL_CERTpath to the cert.pem file
ssl.keySSL_KEYpath to the key.pem file
ssl.acme-locationSSL_ACME_LOCATION./var/acmedir where obtained le-certs will be stored
ssl.acme-emailSSL_ACME_EMAILadmin email for receiving notifications from LE
max-commentMAX_COMMENT_SIZE2048comment's size limit
min-commentMIN_COMMENT_SIZE0comment's minimal size limit, 0 - unlimited
max-votesMAX_VOTES-1votes limit per comment, -1 - unlimited
votes-ipVOTES_IPfalserestrict votes from the same IP
anon-voteANON_VOTEfalseallow voting for anonymous users, require VOTES_IP to be enabled as well
votes-ip-timeVOTES_IP_TIME5msame IP vote restriction time, 0s - unlimited
low-scoreLOW_SCORE-5low score threshold
critical-scoreCRITICAL_SCORE-10critical score threshold
positive-scorePOSITIVE_SCOREfalserestricts comment's score to be only positive
restricted-wordsRESTRICTED_WORDSwords banned in comments (can use *), multi
restricted-namesRESTRICTED_NAMESnames prohibited to use by the user, multi
edit-timeEDIT_TIME5medit window
admin-editADMIN_EDITfalseunlimited edit for admins
read-ageREADONLY_AGEread-only age of comments, days
image-proxy.http2httpsIMAGE_PROXY_HTTP2HTTPSfalseenable HTTP->HTTPS proxy for images
image-proxy.cache-externalIMAGE_PROXY_CACHE_EXTERNALfalseenable caching external images to current image storage
emojiEMOJIfalseenable emoji support
simple-viewSIMPLE_VIEWfalseminimized UI with basic info only
proxy-corsPROXY_CORSfalsedisable internal CORS and delegate it to proxy
allowed-hostsALLOWED_HOSTSenable alllimit hosts/sources allowed to embed comments
addressREMARK_ADDRESSall interfacesweb server listening address
portREMARK_PORT8080web server port
web-rootREMARK_WEB_ROOT./webweb server root directory
update-limitUPDATE_LIMIT0.5updates/sec limit
subscribers-onlySUBSCRIBERS_ONLYfalseenable commenting only for Patreon subscribers
disable-signatureDISABLE_SIGNATUREfalsedisable server signature in headers
disable-fancy-text-formattingDISABLE_FANCY_HTML_FORMATTINGfalsedisable fancy comments text formatting (replacement of quotes, dashes, fractions, etc)
admin-passwdADMIN_PASSWDnone (disabled)password for admin basic auth
dbgDEBUGfalsedebug mode
  • command-line parameters are long-form --<key>=value, i.e., --site=
  • multi parameters separated by , in the environment or repeated with command-line keys, like --site=s1 --site=s2 ...
  • required parameters have to be presented in the environment or provided in the command-line

Deprecated parameters

The following list of command-line options is deprecated and might be removed in the next major release after the version they were deprecated. After the Remark42 version update, please check the startup log once for deprecation warning messages to avoid trouble with unrecognized command-line options in the future.

Deprecated options
Command lineReplacementEnvironmentReplacementDefaultDescriptionDeprecation version email message template file1.5.0 host1.5.0 port1.5.0 user name1.5.0 password1.5.0 TLS1.5.0 timeout1.5.0
img-proxyimage-proxy.http2httpsIMG_PROXYIMAGE_PROXY_HTTP2HTTPSfalseenable HTTP->HTTPS proxy for images1.5.0
notify.typenotify.admins, notify.usersNOTIFY_TYPENOTIFY_ADMINS, NOTIFY_USERS1.9.0
notify.telegram.tokentelegram.tokenNOTIFY_TELEGRAM_TOKENTELEGRAM_TOKENTelegram token1.9.0
notify.telegram.timeouttelegram.timeoutNOTIFY_TELEGRAM_TIMEOUTTELEGRAM_TIMEOUTTelegram timeout1.9.0

Admin users

Admins/moderators should be defined in docker-compose.yml as a list of user IDs or passed in the command line.

- ADMIN_SHARED_ID=github_ef0f706a79cc24b17bbbb374cd234a691a034128,github_dae9983158e9e5e127ef2b87a411ef13c891e9e5

To get a user ID just log in and click on your username or any other user you want to promote to admins. It will expand login info and show the full user ID.

Docker image

Two parameters allow customizing the Docker container on the system level:

  • APP_UID - sets UID to run Remark42 application in container (default=1001)
  • TIME_ZONE - sets time zone of Remark42 container, would be used only on the backend as comments shown with user's timezone in the web interface (default=America/Chicago)

See umputun/baseimage for more details.