Skip to content

Konfiguration

Jump to bottom
Alexander Elchlepp edited this page Mar 17, 2026 · 13 revisions

Basic Configuration

  • copy the .env.dist file and rename it to .env

    cp .env.dist .env

  • open .env with a text editor and adjust it

    • set the application language via LOCALE

      Available de (German) and en (English)

    • set APP_ENV (prod|dev)

      Use dev during development, otherwise use prod

    • generate and set a random value for APP_SECRET

      e.g. via openssl rand 23 | sha1sum

    • under DATABASE_URL set the database parameters.

    • adjust DB_SERVER_VERSION according to the comments in the file

Emails

To be able to send emails from the application (conversations), an external mail provider must exist. The credentials are entered in the MAILER_DSN parameter in the .env file (fewohbee-dockerized: .env.app).

e.g.: MAILER_DSN= smtp://username:password@yourdomain.tld:port/?encryption=tls

adjust the remaining mail parameters according to the examples in the file

Salutations

The salutation field for guests can be configured via the following parameter:

CUSTOMER_SALUTATIONS="Ms,Mr,Family"

You can specify any number of salutations separated by a , (comma).

Invoice filenames

Invoice export filenames can be configured via the following parameter (without extension):

INVOICE_FILENAME_PATTERN="Invoice-<number>"

Allowed placeholders: <company>, <lastname>, <firstname>, <status>, <payment>, <number>, <date>. The <date> placeholder is formatted as Y-m-d.

You can define fallbacks with the | separator, for example <company|lastname>. The first non-empty value will be used.

For e-invoice exports, -einvoice is appended automatically.

Webauthn / Passkey Login

Since version 4.0.0, passwordless login is possible in FewohBee. Three parameters are available for this:

RELYING_PARTY_ID=example.com
RELYING_PARTY_NAME="FewohBee"
PASSKEY_ENABLED=false

Passkeys are disabled by default (PASSKEY_ENABLED). To use the feature, RELYING_PARTY_ID must be set to the domain name under which the application is accessed.

A valid SSL certificate must exist for this domain, otherwise the login may not work correctly.

PASSKEY_ENABLED must also be set to true.

When passkey login is enabled, an additional button appears on the login screen to allow login. Users must log in once in advance with username and password. Under "Profile" each user can register for passwordless login. It is possible to store multiple devices that can be used for passwordless login (e.g. Chrome, iCloud Keychain, etc.). The user is guided through the process by the respective operating system / browser.

Trusted proxies

If fewohbee is operated behind a reverse proxy or load balancer, the trusted proxy IPs or networks must be configured via:

TRUSTED_PROXIES=172.18.0.0/16

Symfony only needs this setting when another proxy sits in front of the application and provides X-Forwarded-* headers.

Typical examples where TRUSTED_PROXIES is needed are setups with Traefik, Caddy, HAProxy, or an external Nginx reverse proxy in front of FewohBee.

Password blacklist

By default, the application checks when creating a new user and when changing a password whether it is secure. A password is considered insecure if it has appeared in the Have I Been Pwned database. This check can be configured via the following parameter.

USE_PASSWORD_BLACKLIST=true

Clone this wiki locally