# Docker-Compose

# Basic setup

You can run 2FAuth with Docker-Compose using the following command and this basic docker-compose.yml file:

docker-compose up

docker-compose.yml
version: "3"
services:
  2fauth:
    env_file: settings.env
    image: 2fauth/2fauth:${TAG:-latest}
    container_name: 2fauth
    volumes:
      - ./2fauth:/2fauth
    ports:
      - 8000:8000/tcp

In this example, the env_file attribute specifies the .env file containing all your environment variables. Please refer to the Environment variables page to discover all available variables. Be sure to set the mandatory ones marked with a red asterisk.

Another way to set your environment vars is to add them to the environment attribute :

services:
  2fauth:
    image: 2fauth/2fauth:${TAG:-latest}
    container_name: 2fauth
    volumes:
      - ./2fauth:/2fauth
    ports:
      - 8000:8000/tcp
    environment:
      APP_URL: https://2fauth.domain.com
      APP_KEY: "base64:ppkbvJDIlKDv+HgCcgqHtN1gcvbYCDDSU7Y1Y0wBwqg="
      APP_ENV: production
      DB_CONNECTION: sqlite
      DB_DATABASE: "/srv/database/database.sqlite"

Mandatory env var

The APP_KEY environment variable must be set with a personal unique value. You can generate a brand new one using Laravel Encryption Key Generator.

If you need to rotate the key, use the APP_PREVIOUS_KEYS environment variable to list previous keys and avoid decryption issues or invalid access tokens.

# Using Docker secrets

Since 2FAuth v6.0, sensitive data like passwords may be handled using Docker secrets. The docker image supports the _FILE convention for environment variables that receive sensitive data from a bind mount secret.

Supported variables

APP_KEY_FILE
DB_DATABASE_FILE
DB_USERNAME_FILE
DB_PASSWORD_FILE
DB_HOST_FILE
MAIL_USERNAME_FILE
MAIL_PASSWORD_FILE
REDIS_PASSWORD_FILE

In the following example, APP_KEY_FILE is set using the injected app_key docker secret that read the content of the app_key.txt file. At run time, the APP_KEY environment variable will be set automatically using the value of APP_KEY_FILE.

services:
  2fauth:
    env_file: settings.env
    image: 2fauth/2fauth:${TAG:-latest}
    container_name: 2fauth
    volumes:
      - ./2fauth:/2fauth
    ports:
      - 8000:8000/tcp
    environment:
      APP_URL: https://2fauth.domain.com
      APP_KEY_FILE: /run/secrets/app_key
      APP_ENV: production
      DB_CONNECTION: sqlite
      DB_DATABASE: "/srv/database/database.sqlite"
    secrets:
      - app_key

secrets:
  app_key:
    file: /2fauth/app_key.txt

You cannot set both the reference variable, for example APP_KEY, and its suffixed version, in that case APP_KEY_FILE.
The container will throw an error at run time if both vars are set.