Skip to content

Ente

Ente

What is Ente?

Ente is a service that provides a fully open-source, end-to-end encrypted platform for you to store your data in the cloud without needing to trust the service provider. On top of the platform, Ente has built two apps so far: Ente Photos (an alternative to Apple and Google Photos) and Ente Auth (a 2FA alternative to the deprecated Authy).

Learn more at help.ente.io.

Configuring Object Store

  • Once you have selected your service. You will need to set up of some environment variables for your S3 bucket or substitute like MinIO.

1. Remote S3 bucket

  • For AWS S3 you can create a bucket and allow access via IAM Roles/User Permissions. Which will generate an access key and secrect key for your S3 Bucket.

  • For the S3 bucket, apply the following CORS policy for proper access control from the museum service.

json
[
  {
    "AllowedOrigins": ["*"],
    "AllowedHeaders": ["*"],
    "AllowedMethods": ["GET", "HEAD", "POST", "PUT", "DELETE"],
    "MaxAgeSeconds": 3000,
    "ExposeHeaders": ["Etag"]
  }
]
  • Fill the credentials like endpoint, region, bucket, access key, secret key.

  • Deploy the Service and you are good to go.

2. Coolify minio bucket.

  • Minio is expected to be exposed over HTTPS and needs SSL/TLS, so make sure your proxies are setup properly. Here is a useful link for set up and configuration.

  • Once you have deployed the Minio service from Coolify you can login to the service from the console URL and use the same username and password as set in the environment variables user the API URL for backend or shell based usecases.

bash
# Set Alias
mc alias set <alias> <API_ENDPOINT> <ACCESS_KEY> <SECRET_KEY>

# List buckets (same us used in coolify to validate S3)
minio/mc ls myminio
  • Once logged in, create a bucket for your use in Ente.

  • The default region for Minio is us-east-1, so you can use the same.

  • Use the API endpoint as bucket endpoint for Ente config.

Note: Additional details are available here.

Environment Variables

Variable NameServiceDescriptionDefault ValueRequiredPrefilled
SERVICE_URL_MUSEUM_8080museumURL for the museum service on port 8080-YesYes
ENTE_HTTP_USE_TLSmuseumEnable/disable TLS for HTTP connectionsfalseNoYes
SERVICE_URL_WEB_3002museumURL for the web albums service-YesYes
SERVICE_URL_WEB_3004museumURL for the web cast service-YesYes
SERVICE_URL_WEB_3001museumURL for the web accounts service-YesYes
ENTE_DB_HOSTmuseumPostgreSQL database hostpostgresNoYes
ENTE_DB_PORTmuseumPostgreSQL database port5432NoYes
ENTE_DB_NAMEmuseumPostgreSQL database nameente_dbNoYes
SERVICE_USER_POSTGRESmuseumPostgreSQL database usernamepguserNoYes
SERVICE_PASSWORD_POSTGRESmuseumPostgreSQL database password-YesYes
SERVICE_REALBASE64_ENCRYPTIONmuseumBase64 encoded encryption key-YesYes
SERVICE_REALBASE64_64_HASHmuseumBase64 encoded hash key-YesYes
SERVICE_REALBASE64_JWTmuseumBase64 encoded JWT secret-YesYes
ENTE_INTERNAL_ADMINmuseumInternal admin user ID1580559962386438NoYes
ENTE_INTERNAL_DISABLE_REGISTRATIONmuseumDisable user registrationfalseNoYes
PRIMARY_STORAGE_ARE_LOCAL_BUCKETSmuseumUse local buckets for primary storage (false unless you are connecting to bucket over http)falseNoYes
PRIMARY_STORAGE_USE_PATH_STYLE_URLSmuseumUse path-style URLs for storagetrueNoYes
S3_STORAGE_KEYmuseumS3 storage access key-YesNo
S3_STORAGE_SECRETmuseumS3 storage secret key-YesNo
S3_STORAGE_ENDPOINTmuseumS3 storage endpoint URL-YesNo
S3_STORAGE_REGIONmuseumS3 storage regionus-east-1NoYes
S3_STORAGE_BUCKETmuseumS3 storage bucket name-YesNo
SERVICE_URL_WEB_3000webURL for the main web service-YesYes
SERVICE_URL_MUSEUMwebURL for the museum service-YesYes
SERVICE_URL_WEB_3002webURL for the albums service-YesYes
SERVICE_USER_POSTGRESpostgresPostgreSQL usernamepguserNoYes
SERVICE_PASSWORD_POSTGRESpostgresPostgreSQL password-YesYes
SERVICE_DB_NAMEpostgresPostgreSQL database nameente_dbNoYes