chore: ignore local install dir created by installers

The install scripts default to ./cameleer/ for local install state.
Ignoring it prevents accidental commits of generated .env files,
TLS certs, and bootstrap data.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

.gitignore

@@ -0,0 +1,2 @@
+# Local install state created by install.sh / install.ps1 (default --install-dir)
+/cameleer/

CLAUDE.md

@@ -25,15 +25,13 @@ The installer uses static docker-compose templates in `templates/`. Templates ar
 
 ## SMTP configuration
 
-The installer prompts for SMTP settings in SaaS mode when the user opts in ("Configure SMTP for email verification?"). SMTP is required for self-service sign-up — without it, only admin-created users can sign in.
+SMTP / email connector configuration has been moved from the installer to the SaaS vendor admin UI (Email Connector page at `/vendor/email`). The installer no longer prompts for or persists SMTP settings.
 
-Env vars: `SMTP_HOST`, `SMTP_PORT` (default 587), `SMTP_USER`, `SMTP_PASS`, `SMTP_FROM_EMAIL` (default `noreply@<PUBLIC_HOST>`). Passed to the `cameleer-logto` container. The bootstrap script discovers the SMTP connector factory and creates the connector with Cameleer-branded email templates.
-
-CLI args: `--smtp-host`, `--smtp-port`, `--smtp-user`, `--smtp-pass`, `--smtp-from-email`. Persisted in `cameleer.conf` for upgrades/reconfigure.
+Previously, SMTP env vars (`SMTP_HOST`, `SMTP_PORT`, `SMTP_USER`, `SMTP_PASS`, `SMTP_FROM_EMAIL`) were passed to the `cameleer-logto` container and configured via the bootstrap script. This one-shot approach was fragile — email delivery is now configured at runtime through the Logto Management API.
 
 ## Registry configuration
 
-The installer supports pulling images from a custom Docker registry via `--registry`. Default: `gitea.siegeln.net/cameleer`.
+The installer supports pulling images from a custom Docker registry via `--registry`. Default: `registry.cameleer.io/cameleer`.
 
 When a registry is configured, the installer writes `*_IMAGE` env vars to `.env` (e.g. `TRAEFIK_IMAGE`, `POSTGRES_IMAGE`, `CAMELEER_IMAGE`) which override the defaults baked into the compose templates. In SaaS mode, provisioning image refs (`CAMELEER_SAAS_PROVISIONING_*IMAGE`) are also set from the registry.
 
@@ -45,7 +43,6 @@ For private registries, pass `--registry-user` / `--registry-token`. The install
 - `CAMELEER_SERVER_*` — server config (consumed by cameleer-server)
 - `CAMELEER_SAAS_*` — SaaS management plane config
 - `CAMELEER_SAAS_PROVISIONING_*` — "SaaS forwards this to provisioned tenant servers"
-- `SMTP_*` — email delivery config for Logto (consumed by bootstrap, SaaS mode only)
 - No prefix (e.g. `POSTGRES_PASSWORD`, `PUBLIC_HOST`) — shared infrastructure, consumed by multiple components
 
 ## Development

README.md

@@ -84,9 +84,11 @@ Settings can be provided via CLI flags, environment variables, config file (`cam
 
 | Setting | CLI Flag | Env Var | Config Key | Default |
 |---------|----------|---------|------------|---------|
-| Admin username | `--admin-user` | `SAAS_ADMIN_USER` | `admin_user` | `admin` |
+| Admin login | `--admin-user` | `SAAS_ADMIN_USER` | `admin_user` | `admin` (standalone) / `admin@<PUBLIC_HOST>` (SaaS) |
 | Admin password | `--admin-password` | `SAAS_ADMIN_PASS` | `admin_password` | auto-generated |
 
+In SaaS mode, `SAAS_ADMIN_USER` must be an email address — it is used as both the Logto username and primaryEmail. The installer validates email format in SaaS mode and auto-appends `@<PUBLIC_HOST>` if the `@` is missing. In standalone mode, any username is accepted.
+
 In standalone mode, the env vars are `SERVER_ADMIN_USER` / `SERVER_ADMIN_PASS`.
 
 ### TLS Certificates
@@ -133,24 +135,18 @@ The Docker socket is required for tenant provisioning (SaaS mode) — the platfo
 
 | Setting | CLI Flag | Env Var | Config Key | Default |
 |---------|----------|---------|------------|---------|
-| Registry | `--registry` | `REGISTRY` | `registry` | `gitea.siegeln.net/cameleer` |
+| Registry | `--registry` | `REGISTRY` | `registry` | `registry.cameleer.io/cameleer` |
 | Registry username | `--registry-user` | `REGISTRY_USER` | `registry_user` | — |
 | Registry token | `--registry-token` | `REGISTRY_TOKEN` | `registry_token` | — |
 | Image version | `--version` | `VERSION` | `version` | `latest` |
 
 For private registries, provide credentials and the installer runs `docker login` before pulling. The registry prefix is applied to all container images.
 
-### SMTP (SaaS Mode)
+### Email / SMTP
 
-| Setting | CLI Flag | Env Var | Config Key | Default |
-|---------|----------|---------|------------|---------|
-| SMTP host | `--smtp-host` | `SMTP_HOST` | `smtp_host` | — |
-| SMTP port | `--smtp-port` | `SMTP_PORT` | `smtp_port` | `587` |
-| SMTP username | `--smtp-user` | `SMTP_USER` | `smtp_user` | — |
-| SMTP password | `--smtp-pass` | `SMTP_PASS` | `smtp_pass` | — |
-| From email | `--smtp-from-email` | `SMTP_FROM_EMAIL` | `smtp_from_email` | `noreply@<PUBLIC_HOST>` |
+Email connector configuration (SMTP, SES, etc.) is managed at runtime via the vendor admin UI at `/vendor/email`. The installer does not configure email delivery.
 
-SMTP is required for self-service sign-up (email verification codes). Without it, only admin-created users can sign in.
+Self-service registration is disabled by default and is enabled automatically when the admin configures an email connector.
 
 ### Monitoring
 
@@ -176,7 +172,6 @@ These are generated automatically and never need to be set manually:
 
 | Secret | Env Var | Description |
 |--------|---------|-------------|
-| JWT signing secret | `CAMELEER_SERVER_SECURITY_JWTSECRET` | Shared secret for JWT token signing across provisioned tenant servers |
 | Bootstrap token | `BOOTSTRAP_TOKEN` | Server initialization token (standalone mode only) |
 
 ---
@@ -246,9 +241,6 @@ All services share a single hostname. Routing:
   --tls-mode=custom \
   --cert-file=/etc/ssl/cert.pem \
   --key-file=/etc/ssl/key.pem \
-  --smtp-host=smtp.example.com \
-  --smtp-user=noreply@example.com \
-  --smtp-pass=mailpass \
   --registry=registry.example.com/cameleer \
   --registry-user=deploy \
   --registry-token=ghp_xxx

install.ps1

@@ -100,6 +100,7 @@ $script:cfg = @{
     PublicProtocol      = $PublicProtocol
     AdminUser           = $AdminUser
     AdminPass           = $AdminPassword
+
     TlsMode             = $TlsMode
     CertFile            = $CertFile
     KeyFile             = $KeyFile
@@ -271,6 +272,7 @@ function Load-ConfigFile {
                 'public_protocol'       { if (-not $script:cfg.PublicProtocol)       { $script:cfg.PublicProtocol       = $val } }
                 'admin_user'            { if (-not $script:cfg.AdminUser)            { $script:cfg.AdminUser            = $val } }
                 'admin_password'        { if (-not $script:cfg.AdminPass)            { $script:cfg.AdminPass            = $val } }
+
                 'tls_mode'              { if (-not $script:cfg.TlsMode)              { $script:cfg.TlsMode              = $val } }
                 'cert_file'             { if (-not $script:cfg.CertFile)             { $script:cfg.CertFile             = $val } }
                 'key_file'              { if (-not $script:cfg.KeyFile)              { $script:cfg.KeyFile              = $val } }
@@ -303,6 +305,7 @@ function Load-EnvOverrides {
     if (-not $c.PublicProtocol)      { $c.PublicProtocol      = $_ENV_PUBLIC_PROTOCOL }
     if (-not $c.AdminUser)           { $c.AdminUser           = $env:SAAS_ADMIN_USER }
     if (-not $c.AdminPass)           { $c.AdminPass           = $env:SAAS_ADMIN_PASS }
+
     if (-not $c.TlsMode)             { $c.TlsMode             = $_ENV_TLS_MODE }
     if (-not $c.CertFile)            { $c.CertFile            = $_ENV_CERT_FILE }
     if (-not $c.KeyFile)             { $c.KeyFile             = $_ENV_KEY_FILE }
@@ -447,17 +450,41 @@ function Run-SimplePrompts {
     Write-Host ''
     Write-Host '--- Simple Installation ---' -ForegroundColor Cyan
     Write-Host ''
- 
+
     $c.InstallDir = Prompt-Value 'Install directory' (Coalesce $c.InstallDir $DEFAULT_INSTALL_DIR)
     $c.PublicHost = Prompt-Value 'Public hostname'   (Coalesce $c.PublicHost 'localhost')
-    $c.AdminUser  = Prompt-Value 'Admin username'    (Coalesce $c.AdminUser  $DEFAULT_ADMIN_USER)
- 
+
+    Write-Host ''
+    Write-Host '  Deployment mode:'
+    Write-Host '    [1] Multi-tenant SaaS -- manage platform, provision tenants on demand'
+    Write-Host '    [2] Single-tenant -- one server instance, local auth, no identity provider'
+    Write-Host ''
+    $deployChoice = Read-Host '  Select mode [1]'
+    if ($deployChoice -eq '2') { $c.DeploymentMode = 'standalone' } else { $c.DeploymentMode = 'saas' }
+
+    Write-Host ''
+    if ($c.DeploymentMode -eq 'saas') {
+        $defaultEmail = Coalesce $c.AdminUser "admin@$($c.PublicHost)"
+        if ($defaultEmail -and $defaultEmail -notmatch '@.+\..+') {
+            $defaultEmail = "admin@$($c.PublicHost)"
+        }
+        while ($true) {
+            $c.AdminUser = Prompt-Value 'Admin email' $defaultEmail
+            if ($c.AdminUser -match '^[^@]+@[^@]+\.[^@]+$') { break }
+            Write-Host '  Invalid email address. Must be a valid email (e.g. admin@company.com).' -ForegroundColor Red
+            $c.AdminUser = $null
+            $defaultEmail = $null
+        }
+    } else {
+        $c.AdminUser = Prompt-Value 'Admin username' (Coalesce $c.AdminUser $DEFAULT_ADMIN_USER)
+    }
+
     if (Prompt-YesNo 'Auto-generate admin password?' 'y') {
         $c.AdminPass = ''
     } else {
         $c.AdminPass = Prompt-Password 'Admin password'
     }
- 
+
     Write-Host ''
     if (Prompt-YesNo 'Use custom TLS certificates? (no = self-signed)') {
         $c.TlsMode  = 'custom'
@@ -469,7 +496,7 @@ function Run-SimplePrompts {
     } else {
         $c.TlsMode = 'self-signed'
     }
- 
+
     Write-Host ''
     $c.MonitoringNetwork = Prompt-Value 'Monitoring network name (empty = skip)' ''
 
@@ -480,14 +507,6 @@ function Run-SimplePrompts {
         $c.RegistryToken = Prompt-Password 'Registry token/password' (Coalesce $c.RegistryToken '')
     }
 
-    Write-Host ''
-    Write-Host '  Deployment mode:'
-    Write-Host '    [1] Multi-tenant SaaS -- manage platform, provision tenants on demand'
-    Write-Host '    [2] Single-tenant -- one server instance, local auth, no identity provider'
-    Write-Host ''
-    $deployChoice = Read-Host '  Select mode [1]'
-    if ($deployChoice -eq '2') { $c.DeploymentMode = 'standalone' } else { $c.DeploymentMode = 'saas' }
-
 }
  
 function Run-ExpertPrompts {
@@ -538,7 +557,15 @@ function Merge-Config {
     if (-not $c.InstallDir)          { $c.InstallDir          = $DEFAULT_INSTALL_DIR }
     if (-not $c.PublicHost)          { $c.PublicHost          = 'localhost' }
     if (-not $c.PublicProtocol)      { $c.PublicProtocol      = $DEFAULT_PUBLIC_PROTOCOL }
-    if (-not $c.AdminUser)           { $c.AdminUser           = $DEFAULT_ADMIN_USER }
+    if ($c.DeploymentMode -eq 'saas') {
+        if (-not $c.AdminUser) { $c.AdminUser = "admin@$($c.PublicHost)" }
+        if ($c.AdminUser -notmatch '^[^@]+@[^@]+\.[^@]+$') {
+            Write-Host "ERROR: SAAS_ADMIN_USER must be a valid email address (e.g. admin@company.com), got: '$($c.AdminUser)'" -ForegroundColor Red
+            exit 1
+        }
+    } else {
+        if (-not $c.AdminUser) { $c.AdminUser = $DEFAULT_ADMIN_USER }
+    }
     if (-not $c.TlsMode)             { $c.TlsMode             = $DEFAULT_TLS_MODE }
     if (-not $c.HttpPort)            { $c.HttpPort            = $DEFAULT_HTTP_PORT }
     if (-not $c.HttpsPort)           { $c.HttpsPort           = $DEFAULT_HTTPS_PORT }
@@ -631,7 +658,6 @@ function Generate-EnvFile {
     $ts  = (Get-Date -Format 'yyyy-MM-dd HH:mm:ss') + ' UTC'
     $bt  = Generate-Password
  
-    $jwtSecret = Generate-Password
 
     if ($c.DeploymentMode -eq 'standalone') {
         $content = @"
@@ -654,9 +680,6 @@ SERVER_ADMIN_USER=$($c.AdminUser)
 # Bootstrap token
 BOOTSTRAP_TOKEN=$bt
 
-# JWT signing secret (required by server, must be non-empty)
-CAMELEER_SERVER_SECURITY_JWTSECRET=$jwtSecret
-
 # Docker
 DOCKER_SOCKET=$($c.DockerSocket)
 DOCKER_GID=$gid
@@ -736,8 +759,6 @@ CAMELEER_SAAS_PROVISIONING_SERVERIMAGE=$reg/cameleer-server:$($c.Version)
 CAMELEER_SAAS_PROVISIONING_SERVERUIIMAGE=$reg/cameleer-server-ui:$($c.Version)
 CAMELEER_SAAS_PROVISIONING_RUNTIMEBASEIMAGE=$reg/cameleer-runtime-base:$($c.Version)
 
-# JWT signing secret (forwarded to provisioned tenant servers, must be non-empty)
-CAMELEER_SERVER_SECURITY_JWTSECRET=$jwtSecret
 "@
         $content += $provisioningBlock
         # Passwords appended with single-quoting for special character safety
@@ -1031,10 +1052,10 @@ ClickHouse:       default / $($c.ClickhousePassword)
 Admin Console:  $($c.PublicProtocol)://$($c.PublicHost)/platform/
 Admin User:     $($c.AdminUser)
 Admin Password: $($c.AdminPass)
- 
+
 PostgreSQL:     cameleer / $($c.PostgresPassword)
 ClickHouse:     default / $($c.ClickhousePassword)
- 
+
 $logtoLine
 "@
     }
@@ -1485,10 +1506,6 @@ function Main {
     Generate-Passwords
  
     # Resolve to absolute path NOW.
-    # [System.IO.File]::WriteAllText uses .NET's Environment.CurrentDirectory,
-    # which differs from PowerShell's $PWD on Windows (e.g. resolves ./cameleer
-    # to C:\Users\Hendrik\cameleer instead of the script's working directory).
-    # GetUnresolvedProviderPathFromPSPath always uses PowerShell's current location.
     $script:cfg.InstallDir = $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath(
         $script:cfg.InstallDir)
  

install.sh

@@ -56,6 +56,7 @@ AUTH_HOST=""
 PUBLIC_PROTOCOL=""
 ADMIN_USER=""
 ADMIN_PASS=""
+
 TLS_MODE=""
 CERT_FILE=""
 KEY_FILE=""
@@ -168,6 +169,7 @@ parse_args() {
       --public-protocol)  PUBLIC_PROTOCOL="$2"; shift ;;
       --admin-user)       ADMIN_USER="$2"; shift ;;
       --admin-password)   ADMIN_PASS="$2"; shift ;;
+
       --tls-mode)         TLS_MODE="$2"; shift ;;
       --cert-file)        CERT_FILE="$2"; shift ;;
       --key-file)         KEY_FILE="$2"; shift ;;
@@ -262,6 +264,7 @@ load_config_file() {
       public_protocol)      [ -z "$PUBLIC_PROTOCOL" ] && PUBLIC_PROTOCOL="$value" ;;
       admin_user)           [ -z "$ADMIN_USER" ] && ADMIN_USER="$value" ;;
       admin_password)       [ -z "$ADMIN_PASS" ] && ADMIN_PASS="$value" ;;
+
       tls_mode)             [ -z "$TLS_MODE" ] && TLS_MODE="$value" ;;
       cert_file)            [ -z "$CERT_FILE" ] && CERT_FILE="$value" ;;
       key_file)             [ -z "$KEY_FILE" ] && KEY_FILE="$value" ;;
@@ -292,6 +295,7 @@ load_env_overrides() {
   [ -z "$PUBLIC_PROTOCOL" ] && PUBLIC_PROTOCOL="$_ENV_PUBLIC_PROTOCOL"
   [ -z "$ADMIN_USER" ] && ADMIN_USER="${SAAS_ADMIN_USER:-}"
   [ -z "$ADMIN_PASS" ] && ADMIN_PASS="${SAAS_ADMIN_PASS:-}"
+
   [ -z "$TLS_MODE" ] && TLS_MODE="$_ENV_TLS_MODE"
   [ -z "$CERT_FILE" ] && CERT_FILE="$_ENV_CERT_FILE"
   [ -z "$KEY_FILE" ] && KEY_FILE="$_ENV_KEY_FILE"
@@ -425,7 +429,37 @@ run_simple_prompts() {
 
   prompt INSTALL_DIR "Install directory" "${INSTALL_DIR:-$DEFAULT_INSTALL_DIR}"
   prompt PUBLIC_HOST "Public hostname" "${PUBLIC_HOST:-localhost}"
-  prompt ADMIN_USER "Admin username" "${ADMIN_USER:-$DEFAULT_ADMIN_USER}"
+
+  echo ""
+  echo "  Deployment mode:"
+  echo "    [1] Multi-tenant SaaS — manage platform, provision tenants on demand"
+  echo "    [2] Single-tenant — one server instance, local auth, no identity provider"
+  echo ""
+  local deploy_choice
+  read -rp "  Select mode [1]: " deploy_choice
+  case "${deploy_choice:-1}" in
+    2)
+      DEPLOYMENT_MODE="standalone"
+      ;;
+    *)
+      DEPLOYMENT_MODE="saas"
+      ;;
+  esac
+
+  echo ""
+  if [ "$DEPLOYMENT_MODE" = "saas" ]; then
+    while true; do
+      prompt ADMIN_USER "Admin email" "${ADMIN_USER:-admin@${PUBLIC_HOST:-localhost}}"
+      # Validate email: must be user@domain.tld format
+      if echo "$ADMIN_USER" | grep -qE '^[^@]+@[^@]+\.[^@]+$'; then
+        break
+      fi
+      echo -e "  ${RED}Invalid email address.${NC} Must be a valid email (e.g. admin@company.com)."
+      ADMIN_USER=""
+    done
+  else
+    prompt ADMIN_USER "Admin username" "${ADMIN_USER:-$DEFAULT_ADMIN_USER}"
+  fi
 
   if prompt_yesno "Auto-generate admin password?" "y"; then
     ADMIN_PASS=""
@@ -455,22 +489,6 @@ run_simple_prompts() {
     prompt_password REGISTRY_TOKEN "Registry token/password" "${REGISTRY_TOKEN:-}"
   fi
 
-  echo ""
-  echo "  Deployment mode:"
-  echo "    [1] Multi-tenant SaaS — manage platform, provision tenants on demand"
-  echo "    [2] Single-tenant — one server instance, local auth, no identity provider"
-  echo ""
-  local deploy_choice
-  read -rp "  Select mode [1]: " deploy_choice
-  case "${deploy_choice:-1}" in
-    2)
-      DEPLOYMENT_MODE="standalone"
-      ;;
-    *)
-      DEPLOYMENT_MODE="saas"
-      ;;
-  esac
-
 }
 
 run_expert_prompts() {
@@ -522,7 +540,16 @@ merge_config() {
   : "${INSTALL_DIR:=$DEFAULT_INSTALL_DIR}"
   : "${PUBLIC_HOST:=localhost}"
   : "${PUBLIC_PROTOCOL:=$DEFAULT_PUBLIC_PROTOCOL}"
-  : "${ADMIN_USER:=$DEFAULT_ADMIN_USER}"
+  if [ "$DEPLOYMENT_MODE" = "saas" ]; then
+    : "${ADMIN_USER:=admin@${PUBLIC_HOST}}"
+    # Validate email format in SaaS mode
+    if ! echo "$ADMIN_USER" | grep -qE '^[^@]+@[^@]+\.[^@]+$'; then
+      echo -e "${RED}ERROR:${NC} SAAS_ADMIN_USER must be a valid email address (e.g. admin@company.com), got: '$ADMIN_USER'" >&2
+      exit 1
+    fi
+  else
+    : "${ADMIN_USER:=$DEFAULT_ADMIN_USER}"
+  fi
   : "${TLS_MODE:=$DEFAULT_TLS_MODE}"
   : "${HTTP_PORT:=$DEFAULT_HTTP_PORT}"
   : "${HTTPS_PORT:=$DEFAULT_HTTPS_PORT}"
@@ -597,6 +624,7 @@ generate_passwords() {
     ADMIN_PASS=$(generate_password)
     log_info "Generated admin password."
   fi
+
   if [ -z "$POSTGRES_PASSWORD" ]; then
     POSTGRES_PASSWORD=$(generate_password)
     log_info "Generated PostgreSQL password."
@@ -644,9 +672,6 @@ SERVER_ADMIN_USER=${ADMIN_USER}
 # Bootstrap token (required by server, not used externally in standalone mode)
 BOOTSTRAP_TOKEN=$(generate_password)
 
-# JWT signing secret (required by server, must be non-empty)
-CAMELEER_SERVER_SECURITY_JWTSECRET=$(generate_password)
-
 # Docker
 DOCKER_SOCKET=${DOCKER_SOCKET}
 DOCKER_GID=$(stat -c '%g' "${DOCKER_SOCKET}" 2>/dev/null || echo "0")
@@ -738,9 +763,6 @@ CAMELEER_SAAS_PROVISIONING_SERVERIMAGE=${REGISTRY}/cameleer-server:${VERSION}
 CAMELEER_SAAS_PROVISIONING_SERVERUIIMAGE=${REGISTRY}/cameleer-server-ui:${VERSION}
 CAMELEER_SAAS_PROVISIONING_RUNTIMEBASEIMAGE=${REGISTRY}/cameleer-runtime-base:${VERSION}
 
-# JWT signing secret (forwarded to provisioned tenant servers, must be non-empty)
-CAMELEER_SERVER_SECURITY_JWTSECRET=$(generate_password)
-
 # Compose file assembly
 COMPOSE_FILE=docker-compose.yml:docker-compose.saas.yml$([ "$TLS_MODE" = "custom" ] && echo ":docker-compose.tls.yml")$([ -n "$MONITORING_NETWORK" ] && echo ":docker-compose.monitoring.yml")
 EOF

templates/.env.example

@@ -50,7 +50,9 @@ CLICKHOUSE_PASSWORD=CHANGE_ME
 # ============================================================
 # Admin credentials (SaaS mode)
 # ============================================================
-SAAS_ADMIN_USER=admin
+# In SaaS mode, this must be an email address (primary user identity).
+# In standalone mode, any username is accepted.
+SAAS_ADMIN_USER=admin@example.com
 SAAS_ADMIN_PASS=CHANGE_ME
 
 # ============================================================
@@ -61,14 +63,10 @@ SAAS_ADMIN_PASS=CHANGE_ME
 # BOOTSTRAP_TOKEN=CHANGE_ME
 
 # ============================================================
-# SMTP (for email verification during registration)
+# Email / SMTP
 # ============================================================
-# Required for self-service sign-up. Without SMTP, only admin-created users can sign in.
-SMTP_HOST=
-SMTP_PORT=587
-SMTP_USER=
-SMTP_PASS=
-SMTP_FROM_EMAIL=noreply@cameleer.io
+# Email connector configuration is managed at runtime via the vendor
+# admin UI (Email Connector page at /vendor/email). No SMTP env vars needed.
 
 # ============================================================
 # TLS

templates/docker-compose.saas.yml

@@ -85,7 +85,6 @@ services:
       CAMELEER_SAAS_PROVISIONING_DATASOURCEUSERNAME: ${POSTGRES_USER:-cameleer}
       CAMELEER_SAAS_PROVISIONING_DATASOURCEPASSWORD: ${POSTGRES_PASSWORD}
       CAMELEER_SAAS_PROVISIONING_CLICKHOUSEPASSWORD: ${CLICKHOUSE_PASSWORD}
-      CAMELEER_SERVER_SECURITY_JWTSECRET: ${CAMELEER_SERVER_SECURITY_JWTSECRET:?CAMELEER_SERVER_SECURITY_JWTSECRET must be set in .env}
       CAMELEER_SAAS_PROVISIONING_SERVERIMAGE: ${CAMELEER_SAAS_PROVISIONING_SERVERIMAGE:-registry.cameleer.io/cameleer/cameleer-server:latest}
       CAMELEER_SAAS_PROVISIONING_SERVERUIIMAGE: ${CAMELEER_SAAS_PROVISIONING_SERVERUIIMAGE:-registry.cameleer.io/cameleer/cameleer-server-ui:latest}
       CAMELEER_SAAS_PROVISIONING_RUNTIMEBASEIMAGE: ${CAMELEER_SAAS_PROVISIONING_RUNTIMEBASEIMAGE:-registry.cameleer.io/cameleer/cameleer-runtime-base:latest}

templates/docker-compose.server.yml

@@ -29,7 +29,6 @@ services:
       CAMELEER_SERVER_CLICKHOUSE_USERNAME: default
       CAMELEER_SERVER_CLICKHOUSE_PASSWORD: ${CLICKHOUSE_PASSWORD}
       CAMELEER_SERVER_SECURITY_BOOTSTRAPTOKEN: ${BOOTSTRAP_TOKEN:?BOOTSTRAP_TOKEN must be set in .env}
-      CAMELEER_SERVER_SECURITY_JWTSECRET: ${CAMELEER_SERVER_SECURITY_JWTSECRET:?CAMELEER_SERVER_SECURITY_JWTSECRET must be set in .env}
       CAMELEER_SERVER_SECURITY_UIUSER: ${SERVER_ADMIN_USER:-admin}
       CAMELEER_SERVER_SECURITY_UIPASSWORD: ${SERVER_ADMIN_PASS:?SERVER_ADMIN_PASS must be set in .env}
       CAMELEER_SERVER_SECURITY_CORSALLOWEDORIGINS: ${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost}