Skip to content

Commit bb8f3de

Browse files
hjballhjball
authored
feat: add env var to allow invalid SSL certs (#262)
* feat: add env var to allow invalid SSL certs * Update readme
1 parent d3c8cbd commit bb8f3de

File tree

6 files changed

+52
-37
lines changed

6 files changed

+52
-37
lines changed

.env.example

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ SMTP_USER=
1717
SMTP_PASSWORD=
1818
EMAIL_FROM= # e.g. "Kan <[email protected]>"
1919
SMTP_SECURE= # set to "false" to use port 587
20+
SMTP_REJECT_UNAUTHORIZED= # set to "false" to accept invalid certs
2021

2122
# Switch email features off entirely (optional)
2223
NEXT_PUBLIC_DISABLE_EMAIL=

README.md

Lines changed: 37 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -138,42 +138,43 @@ pnpm dev
138138

139139
## Environment Variables 🔐
140140

141-
| Variable | Description | Required | Example |
142-
| ----------------------------------------- | -------------------------------------------------------- | ------------------------ | ----------------------------------------------------------- |
143-
| `POSTGRES_URL` | PostgreSQL connection URL | To use external database | `postgres://user:pass@localhost:5432/db` |
144-
| `EMAIL_FROM` | Sender email address | For Email | `"Kan <[email protected]>"` |
145-
| `SMTP_HOST` | SMTP server hostname | For Email | `smtp.resend.com` |
146-
| `SMTP_PORT` | SMTP server port | For Email | `465` |
147-
| `SMTP_USER` | SMTP username/email | No | `resend` |
148-
| `SMTP_PASSWORD` | SMTP password/token | No | `re_xxxx` |
149-
| `SMTP_SECURE` | Use secure SMTP connection (defaults to true if not set) | For Email | `true` |
150-
| `NEXT_PUBLIC_DISABLE_EMAIL` | To disable all email features | For Email | `true` |
151-
| `NEXT_PUBLIC_BASE_URL` | Base URL of your installation | Yes | `http://localhost:3000` |
152-
| `BETTER_AUTH_SECRET` | Auth encryption secret | Yes | Random 32+ char string |
153-
| `BETTER_AUTH_TRUSTED_ORIGINS` | Allowed callback origins | No | `http://localhost:3000,http://localhost:3001` |
154-
| `GOOGLE_CLIENT_ID` | Google OAuth client ID | For Google login | `xxx.apps.googleusercontent.com` |
155-
| `GOOGLE_CLIENT_SECRET` | Google OAuth client secret | For Google login | `xxx` |
156-
| `DISCORD_CLIENT_ID` | Discord OAuth client ID | For Discord login | `xxx` |
157-
| `DISCORD_CLIENT_SECRET` | Discord OAuth client secret | For Discord login | `xxx` |
158-
| `GITHUB_CLIENT_ID` | GitHub OAuth client ID | For GitHub login | `xxx` |
159-
| `GITHUB_CLIENT_SECRET` | GitHub OAuth client secret | For GitHub login | `xxx` |
160-
| `OIDC_CLIENT_ID` | Generic OIDC client ID | For OIDC login | `xxx` |
161-
| `OIDC_CLIENT_SECRET` | Generic OIDC client secret | For OIDC login | `xxx` |
162-
| `OIDC_DISCOVERY_URL` | OIDC discovery URL | For OIDC login | `https://auth.example.com/.well-known/openid-configuration` |
163-
| `TRELLO_APP_API_KEY` | Trello app API key | For Trello import | `xxx` |
164-
| `TRELLO_APP_API_SECRET` | Trello app API secret | For Trello import | `xxx` |
165-
| `S3_REGION` | S3 storage region | For file uploads | `WEUR` |
166-
| `S3_ENDPOINT` | S3 endpoint URL | For file uploads | `https://xxx.r2.cloudflarestorage.com` |
167-
| `S3_ACCESS_KEY_ID` | S3 access key | For file uploads | `xxx` |
168-
| `S3_SECRET_ACCESS_KEY` | S3 secret key | For file uploads | `xxx` |
169-
| `S3_FORCE_PATH_STYLE` | Use path-style URLs for S3 | For file uploads | `true` |
170-
| `NEXT_PUBLIC_STORAGE_URL` | Storage service URL | For file uploads | `https://storage.kanbn.com` |
171-
| `NEXT_PUBLIC_STORAGE_DOMAIN` | Storage domain name | For file uploads | `kanbn.com` |
172-
| `NEXT_PUBLIC_AVATAR_BUCKET_NAME` | S3 bucket name for avatars | For file uploads | `avatars` |
173-
| `NEXT_PUBLIC_ATTACHMENTS_BUCKET_NAME` | S3 bucket name for attatchments | For file uploads | `attatchments` |
174-
| `NEXT_PUBLIC_ALLOW_CREDENTIALS` | Allow email & password login | For authentication | `true` |
175-
| `NEXT_PUBLIC_DISABLE_SIGN_UP` | Disable sign up | For authentication | `false` |
176-
| `NEXT_PUBLIC_WHITE_LABEL_HIDE_POWERED_BY` | Hide “Powered by kan.bn” on public boards (self-host) | For white labelling | `true` |
141+
| Variable | Description | Required | Example |
142+
| ----------------------------------------- | --------------------------------------------------------- | ------------------------ | ----------------------------------------------------------- |
143+
| `POSTGRES_URL` | PostgreSQL connection URL | To use external database | `postgres://user:pass@localhost:5432/db` |
144+
| `EMAIL_FROM` | Sender email address | For Email | `"Kan <[email protected]>"` |
145+
| `SMTP_HOST` | SMTP server hostname | For Email | `smtp.resend.com` |
146+
| `SMTP_PORT` | SMTP server port | For Email | `465` |
147+
| `SMTP_USER` | SMTP username/email | No | `resend` |
148+
| `SMTP_PASSWORD` | SMTP password/token | No | `re_xxxx` |
149+
| `SMTP_SECURE` | Use secure SMTP connection (defaults to true if not set) | For Email | `true` |
150+
| `SMTP_REJECT_UNAUTHORIZED` | Reject invalid certificates (defaults to true if not set) | For Email | `false` |
151+
| `NEXT_PUBLIC_DISABLE_EMAIL` | To disable all email features | For Email | `true` |
152+
| `NEXT_PUBLIC_BASE_URL` | Base URL of your installation | Yes | `http://localhost:3000` |
153+
| `BETTER_AUTH_SECRET` | Auth encryption secret | Yes | Random 32+ char string |
154+
| `BETTER_AUTH_TRUSTED_ORIGINS` | Allowed callback origins | No | `http://localhost:3000,http://localhost:3001` |
155+
| `GOOGLE_CLIENT_ID` | Google OAuth client ID | For Google login | `xxx.apps.googleusercontent.com` |
156+
| `GOOGLE_CLIENT_SECRET` | Google OAuth client secret | For Google login | `xxx` |
157+
| `DISCORD_CLIENT_ID` | Discord OAuth client ID | For Discord login | `xxx` |
158+
| `DISCORD_CLIENT_SECRET` | Discord OAuth client secret | For Discord login | `xxx` |
159+
| `GITHUB_CLIENT_ID` | GitHub OAuth client ID | For GitHub login | `xxx` |
160+
| `GITHUB_CLIENT_SECRET` | GitHub OAuth client secret | For GitHub login | `xxx` |
161+
| `OIDC_CLIENT_ID` | Generic OIDC client ID | For OIDC login | `xxx` |
162+
| `OIDC_CLIENT_SECRET` | Generic OIDC client secret | For OIDC login | `xxx` |
163+
| `OIDC_DISCOVERY_URL` | OIDC discovery URL | For OIDC login | `https://auth.example.com/.well-known/openid-configuration` |
164+
| `TRELLO_APP_API_KEY` | Trello app API key | For Trello import | `xxx` |
165+
| `TRELLO_APP_API_SECRET` | Trello app API secret | For Trello import | `xxx` |
166+
| `S3_REGION` | S3 storage region | For file uploads | `WEUR` |
167+
| `S3_ENDPOINT` | S3 endpoint URL | For file uploads | `https://xxx.r2.cloudflarestorage.com` |
168+
| `S3_ACCESS_KEY_ID` | S3 access key | For file uploads | `xxx` |
169+
| `S3_SECRET_ACCESS_KEY` | S3 secret key | For file uploads | `xxx` |
170+
| `S3_FORCE_PATH_STYLE` | Use path-style URLs for S3 | For file uploads | `true` |
171+
| `NEXT_PUBLIC_STORAGE_URL` | Storage service URL | For file uploads | `https://storage.kanbn.com` |
172+
| `NEXT_PUBLIC_STORAGE_DOMAIN` | Storage domain name | For file uploads | `kanbn.com` |
173+
| `NEXT_PUBLIC_AVATAR_BUCKET_NAME` | S3 bucket name for avatars | For file uploads | `avatars` |
174+
| `NEXT_PUBLIC_ATTACHMENTS_BUCKET_NAME` | S3 bucket name for attachments | For file uploads | `attachments` |
175+
| `NEXT_PUBLIC_ALLOW_CREDENTIALS` | Allow email & password login | For authentication | `true` |
176+
| `NEXT_PUBLIC_DISABLE_SIGN_UP` | Disable sign up | For authentication | `false` |
177+
| `NEXT_PUBLIC_WHITE_LABEL_HIDE_POWERED_BY` | Hide “Powered by kan.bn” on public boards (self-host) | For white labelling | `true` |
177178

178179
See `.env.example` for a complete list of supported environment variables.
179180

cloud/docker-compose.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,7 @@ services:
3535
- SMTP_PASSWORD=${SMTP_PASSWORD}
3636
- SMTP_SECURE=${SMTP_SECURE}
3737
- EMAIL_FROM=${EMAIL_FROM}
38+
- SMTP_REJECT_UNAUTHORIZED=${SMTP_REJECT_UNAUTHORIZED}
3839

3940
# Notifications
4041
- NOVU_API_KEY=${NOVU_API_KEY}

docker-compose.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ services:
2424
- SMTP_USER=${SMTP_USER}
2525
- SMTP_PASSWORD=${SMTP_PASSWORD}
2626
- EMAIL_FROM=${EMAIL_FROM}
27+
- SMTP_REJECT_UNAUTHORIZED=${SMTP_REJECT_UNAUTHORIZED}
2728

2829
# Disable email features entirely (optional)
2930
- NEXT_PUBLIC_DISABLE_EMAIL=${NEXT_PUBLIC_DISABLE_EMAIL}

packages/email/src/sendEmail.tsx

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,17 @@ const emailTemplates: Record<Templates, React.FC> = {
1616
const transporter = nodemailer.createTransport({
1717
host: process.env.SMTP_HOST,
1818
port: Number(process.env.SMTP_PORT),
19-
secure: process.env.SMTP_SECURE !== "false",
19+
secure:
20+
process.env.SMTP_SECURE === undefined
21+
? true
22+
: process.env.SMTP_SECURE?.toLowerCase() === "true",
23+
tls: {
24+
// do not fail on invalid certs
25+
rejectUnauthorized:
26+
process.env.SMTP_REJECT_UNAUTHORIZED === undefined
27+
? true
28+
: process.env.SMTP_REJECT_UNAUTHORIZED?.toLowerCase() === "true",
29+
},
2030
...(process.env.SMTP_USER &&
2131
process.env.SMTP_PASSWORD && {
2232
auth: {

turbo.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -96,6 +96,7 @@
9696
"SMTP_USER",
9797
"SMTP_PASSWORD",
9898
"SMTP_SECURE",
99+
"SMTP_REJECT_UNAUTHORIZED",
99100
"NEXT_PUBLIC_KAN_ENV",
100101
"NEXT_PUBLIC_WHITE_LABEL_HIDE_POWERED_BY",
101102
"STRIPE_SECRET_KEY",

0 commit comments

Comments
 (0)