k1nq/TREK
1
0
Fork 0
mirror of https://github.com/mauriceboe/TREK.git synced 2026-06-19 21:31:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
45fa6fd0d3ab11aa5ea1686607890f5c74539ecc
TREK/wiki/Install-Docker.md
T
jubnl c1b9d11173 docs: add full wiki with 74 pages, assets, and CI workflow 
Adds the complete TREK documentation wiki covering installation,
trip planning, admin panel, MCP/AI integration, addons, and operations.

Also fixes encrypt-at-rest gaps: mapbox_access_token, Synology
credentials, per-user webhook/ntfy tokens, and photo passphrases
are now rotated by migrate-encryption.ts and stored encrypted via
settingsService.
2026-04-20 10:11:53 +02:00

2.4 KiB
Raw Blame History

Install: Docker

Single-container Docker run — suitable for testing or simple personal installs.

Run Command

docker run -d \
  --name trek \
  -p 3000:3000 \
  -v ./data:/app/data \
  -v ./uploads:/app/uploads \
  -e ENCRYPTION_KEY=<your-32-byte-hex-key> \
  --restart unless-stopped \
  mauriceboe/trek:latest

ENCRYPTION_KEY is strongly recommended but not strictly required. If omitted, a key is auto-generated on first start and persisted to data/.encryption_key. Setting it explicitly means you can recreate the container from scratch (e.g. on a new host) without losing access to stored encrypted data (API keys, SMTP credentials, OIDC secrets, MFA secrets).

Generate an encryption key with:

openssl rand -hex 32

Common optional variables

Pass additional -e flags for timezone and CORS/email link support:

  -e TZ=Europe/Berlin \
  -e ALLOWED_ORIGINS=https://trek.example.com \

See [Environment-Variables] for the full list.

Volume Reference

Volume Container path What lives there
./data /app/data travel.db (SQLite database), logs/trek.log, .jwt_secret, .encryption_key
./uploads /app/uploads Uploaded files (photos, documents, covers, avatars)

Both volumes must survive container replacement — they are your persistent state. Never remove them before pulling a new image.

Health Check

The container exposes a health endpoint at:

http://localhost:3000/api/health

Docker polls it automatically (interval: 30 s, timeout: 5 s, retries: 3, start period: 15 s). You can check it manually:

curl -s http://localhost:3000/api/health

Verify the Container Is Running

docker ps --filter name=trek
docker logs trek

Limitations of docker run

A bare docker run command has no built-in secret management and is harder to reproduce after a system reboot. For production, see [Install-Docker-Compose], which adds security hardening (read_only, cap_drop, cap_add, no-new-privileges, tmpfs) and makes it easy to manage environment variables through a .env file.

Next Steps

  • [Reverse-Proxy] — HTTPS is required for PWA install and the trek_session cookie secure flag
  • [Install-Docker-Compose] — recommended for production
  • [Environment-Variables] — full list of configurable variables
  • [Updating] — how to pull a new image without losing data
Reference in New Issue View Git Blame Copy Permalink