docs: add sections about new WEBHOOK_ALLOWED_ORIGINS env var
This commit is contained in:
parent
94d7fdc9a8
commit
35dd49d7ac
3 changed files with 15 additions and 0 deletions
|
|
@ -109,6 +109,7 @@ Zerobyte can be customized using environment variables. Below are the available
|
||||||
| `TZ` | Timezone for the container (e.g., `Europe/Zurich`). **Crucial for accurate backup scheduling.** | `UTC` |
|
| `TZ` | Timezone for the container (e.g., `Europe/Zurich`). **Crucial for accurate backup scheduling.** | `UTC` |
|
||||||
| `TRUST_PROXY` | When `true`, trust an existing `X-Forwarded-For` header from your reverse proxy. Leave `false` for direct deployments. | `false` |
|
| `TRUST_PROXY` | When `true`, trust an existing `X-Forwarded-For` header from your reverse proxy. Leave `false` for direct deployments. | `false` |
|
||||||
| `TRUSTED_ORIGINS` | Comma-separated list of extra trusted origins for CORS (e.g., `http://localhost:3000,http://example.com`). | (none) |
|
| `TRUSTED_ORIGINS` | Comma-separated list of extra trusted origins for CORS (e.g., `http://localhost:3000,http://example.com`). | (none) |
|
||||||
|
| `WEBHOOK_ALLOWED_ORIGINS` | Comma-separated list of HTTP origins allowed for backup webhooks and outbound HTTP notification destinations. | (none) |
|
||||||
| `LOG_LEVEL` | Logging verbosity. Options: `debug`, `info`, `warn`, `error`. | `info` |
|
| `LOG_LEVEL` | Logging verbosity. Options: `debug`, `info`, `warn`, `error`. | `info` |
|
||||||
| `SERVER_IDLE_TIMEOUT` | Idle timeout for the server in seconds. | `60` |
|
| `SERVER_IDLE_TIMEOUT` | Idle timeout for the server in seconds. | `60` |
|
||||||
| `RCLONE_CONFIG_DIR` | Path to the directory containing `rclone.conf` inside the container. Change this if running as a non-root user. | `/root/.config/rclone` |
|
| `RCLONE_CONFIG_DIR` | Path to the directory containing `rclone.conf` inside the container. Change this if running as a non-root user. | `/root/.config/rclone` |
|
||||||
|
|
|
||||||
|
|
@ -37,6 +37,7 @@ Zerobyte is configured through environment variables and Docker Compose settings
|
||||||
| `RESTIC_HOSTNAME` | Hostname used by Restic when creating snapshots. Automatically detected if a custom hostname is set in Docker. | `zerobyte` |
|
| `RESTIC_HOSTNAME` | Hostname used by Restic when creating snapshots. Automatically detected if a custom hostname is set in Docker. | `zerobyte` |
|
||||||
| `TRUST_PROXY` | Set to `true` to trust `X-Forwarded-For` headers from a reverse proxy. | `false` |
|
| `TRUST_PROXY` | Set to `true` to trust `X-Forwarded-For` headers from a reverse proxy. | `false` |
|
||||||
| `TRUSTED_ORIGINS` | Comma-separated list of additional trusted origins for CORS. | (none) |
|
| `TRUSTED_ORIGINS` | Comma-separated list of additional trusted origins for CORS. | (none) |
|
||||||
|
| `WEBHOOK_ALLOWED_ORIGINS` | Comma-separated list of HTTP origins allowed for backup webhooks and outbound HTTP notification destinations. | (none) |
|
||||||
| `LOG_LEVEL` | Logging verbosity: `debug`, `info`, `warn`, `error`. | `info` |
|
| `LOG_LEVEL` | Logging verbosity: `debug`, `info`, `warn`, `error`. | `info` |
|
||||||
| `SERVER_IDLE_TIMEOUT` | Server idle timeout in seconds. | `60` |
|
| `SERVER_IDLE_TIMEOUT` | Server idle timeout in seconds. | `60` |
|
||||||
| `RCLONE_CONFIG_DIR` | Path to the rclone config directory inside the container. | `/root/.config/rclone` |
|
| `RCLONE_CONFIG_DIR` | Path to the rclone config directory inside the container. | `/root/.config/rclone` |
|
||||||
|
|
|
||||||
|
|
@ -36,6 +36,10 @@ You create destinations under **Notifications**. You route them per backup sched
|
||||||
| `Generic Webhook` | Arbitrary HTTP endpoints and automation systems | URL, method, headers, content type, optional JSON template keys |
|
| `Generic Webhook` | Arbitrary HTTP endpoints and automation systems | URL, method, headers, content type, optional JSON template keys |
|
||||||
| `Custom (Shoutrrr URL)` | Power users or services not exposed by the built-in forms | Raw Shoutrrr URL |
|
| `Custom (Shoutrrr URL)` | Power users or services not exposed by the built-in forms | Raw Shoutrrr URL |
|
||||||
|
|
||||||
|
<Callout type="warn">
|
||||||
|
Outbound HTTP notification destinations must use an origin listed in `WEBHOOK_ALLOWED_ORIGINS`. This applies to Generic Webhook, Gotify, self-hosted ntfy servers, and Custom Shoutrrr URLs that resolve to a custom HTTP endpoint.
|
||||||
|
</Callout>
|
||||||
|
|
||||||
## Which type should I use?
|
## Which type should I use?
|
||||||
|
|
||||||
- Choose **Email** when you already trust an SMTP relay and want easy fan-out to multiple recipients.
|
- Choose **Email** when you already trust an SMTP relay and want easy fan-out to multiple recipients.
|
||||||
|
|
@ -163,6 +167,10 @@ Each assignment is independent. One schedule can send failures to Email, warning
|
||||||
- `App Token`
|
- `App Token`
|
||||||
- `Priority` from `0` to `10`
|
- `Priority` from `0` to `10`
|
||||||
- `Path` (optional)
|
- `Path` (optional)
|
||||||
|
|
||||||
|
**Notes**
|
||||||
|
|
||||||
|
- Add the Gotify server origin, such as `https://gotify.example.com`, to `WEBHOOK_ALLOWED_ORIGINS`.
|
||||||
</Tab>
|
</Tab>
|
||||||
|
|
||||||
<Tab value="ntfy">
|
<Tab value="ntfy">
|
||||||
|
|
@ -178,6 +186,8 @@ Each assignment is independent. One schedule can send failures to Email, warning
|
||||||
|
|
||||||
**Notes**
|
**Notes**
|
||||||
|
|
||||||
|
- Leave `Server URL` empty to use `ntfy.sh`.
|
||||||
|
- Add self-hosted ntfy origins, such as `https://ntfy.example.com`, to `WEBHOOK_ALLOWED_ORIGINS`.
|
||||||
- If you set an access token, it takes precedence over username and password.
|
- If you set an access token, it takes precedence over username and password.
|
||||||
- Priority values are `max`, `high`, `default`, `low`, and `min`.
|
- Priority values are `max`, `high`, `default`, `low`, and `min`.
|
||||||
|
|
||||||
|
|
@ -236,6 +246,7 @@ Each assignment is independent. One schedule can send failures to Email, warning
|
||||||
|
|
||||||
**Notes**
|
**Notes**
|
||||||
|
|
||||||
|
- Add the webhook origin, such as `https://hooks.example.com`, to `WEBHOOK_ALLOWED_ORIGINS`.
|
||||||
- Headers are entered one per line as `Key: Value`.
|
- Headers are entered one per line as `Key: Value`.
|
||||||
- With JSON mode enabled, Zerobyte sends a body shaped like `{titleKey: "...", messageKey: "..."}`.
|
- With JSON mode enabled, Zerobyte sends a body shaped like `{titleKey: "...", messageKey: "..."}`.
|
||||||
- With JSON mode disabled, the request body is plain notification text.
|
- With JSON mode disabled, the request body is plain notification text.
|
||||||
|
|
@ -261,6 +272,8 @@ Each assignment is independent. One schedule can send failures to Email, warning
|
||||||
|
|
||||||
See the [Shoutrrr documentation](https://shoutrrr.nickfedor.com/services/overview) for the supported URL formats and service-specific options.
|
See the [Shoutrrr documentation](https://shoutrrr.nickfedor.com/services/overview) for the supported URL formats and service-specific options.
|
||||||
|
|
||||||
|
If the Shoutrrr URL targets a custom HTTP endpoint, add that endpoint origin to `WEBHOOK_ALLOWED_ORIGINS`.
|
||||||
|
|
||||||
**Fields**
|
**Fields**
|
||||||
|
|
||||||
- `Shoutrrr URL`
|
- `Shoutrrr URL`
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue