🛡️ Admin Manual
This manual is for system administrators and advanced users who need to perform maintenance, manage users, or interact with the system via the command line.
📖 Overview
Most administrative and maintenance tasks are handled through the main command-line interface or configured via environment variables.
📚 Guides
The documentation is organized into three main areas:
🐳 Deployment & Exposure
- 📦 Host Installation: Manual setup using Python, Node.js, and Pipenv directly on the host machine.
- 🐳 Advanced Docker: Containerized deployment using Docker Compose, volume bindings, and user GID/UID ownership configuration.
- 🌐 Exposing with Tailscale: Securely expose your private LibreFolio instance over the internet using Tailscale.
⚙️ System Configuration
- 📝 Environment Variables: Full list of supported
.envvariables (PORT,JWT_SECRET,LIBREFOLIO_DATA_DIR, etc.) and variable resolution precedence. - ⚙️ Global Settings: Configure system-wide runtime settings (session TTL, upload limits, market data sync intervals).
🧹 Maintenance & Operations
- 🛠️ CLI Admin Tools: How to use the
dev.pyscript for administrative tasks (user management, database upgrades). - 📂 Filesystem Structure: Details on where databases, logs, uploads, and temporary folders are stored, and how to perform backups.
🔐 Authentication & Session Persistence
LibreFolio uses JWT (JSON Web Tokens) for user authentication. By default:
- If the JWT_SECRET environment variable is left empty in your .env file, the server generates a random signing secret at startup. This provides maximum security, but user sessions will be lost if the server is restarted.
- To persist sessions across server restarts (or when running multiple independent server instances behind a load balancer), define a stable JWT_SECRET key. Note that multiple uvicorn workers spawned on the same host will automatically share the parent process's generated secret, meaning session persistence is maintained across workers even when JWT_SECRET is left empty.
For technical details, see the developer-focused Security Architecture page.