Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-17 00:40:14 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

🧹📚 docs: refactor and clean up (#1392)

Browse source 
* 📑 update mkdocs

* rename docker override file and add to gitignore

* update .env.example - GOOGLE_MODELS

* update index.md

* doc refactor: split installation and configuration in two sub-folders

* doc update: installation guides

* doc update: configuration guides

* doc: new docker override guide

* doc: new beginner's guide for contributions - Thanks @Berry-13

* doc: update documentation_guidelines.md

* doc: update testing.md

* doc: update deployment guides

* doc: update /dev readme

* doc: update general_info

* doc: add 0 value to doc weight

* doc: add index.md to every doc folders

* doc: add weight to index.md and move openrouter from free_ai_apis.md to ai_setup.md

* doc: update toc so they display properly on the right had side in mkdocs

* doc: update pandoranext.md

* doc: index logging_system.md

* doc: update readme.md

* doc: update litellm.md

* doc: update ./dev/readme.md

* doc:🔖 new presets.md

* doc: minor corrections

* doc update: user_auth_system.md and presets.md, doc feat: add mermaid support to mkdocs

* doc update: add screenshots to presets.md

* doc update: add screenshots to - OpenID with AWS Cognito

* doc update: BingAI cookie instruction

* doc update: discord auth

* doc update: facebook auth

* doc: corrections to user_auth_system.md

* doc update: github auth

* doc update: google auth

* doc update: auth clean up

* doc organization: installation

* doc organization: configuration

* doc organization: features+plugins & update:plugins screenshots

* doc organization: deploymend + general_info  & update: tech_stack.md

* doc organization: contributions

* doc: minor fixes

* doc: minor fixes
This commit is contained in:
Fuegovic 2023-12-22 08:36:42 -05:00 committed by GitHub
parent 5c27fa304a
commit 51050cc4d3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
66 changed files with 1617 additions and 869 deletions
Download patch file Download diff file Expand all files Collapse all files

111
docs/install/ai_setup.md → docs/install/configuration/ai_setup.md
View file

@ -1,28 +1,37 @@
# Table of Contents
---
title: 🤖 AI Setup
weight: -8
---
1. [AI Setup](#ai-setup)
- [General Information](#general)
- [Free AI APIs](#free-ai-apis)
- [Setting a Default Endpoint](#setting-a-default-endpoint)
- [Setting a Default Preset](#setting-a-default-preset)
- [OpenAI](#openai)
- [Anthropic](#anthropic)
- [Google](#google)
- [Generative Language API (Gemini)](#generative-language-api-gemini)
- [Vertex AI (PaLM 2 & Codey)](#vertex-ai-palm-2--codey)
- [Azure OpenAI](#azure-openai)
- [Required Variables](#required-variables)
- [Model Deployments](#model-deployments)
- [Setting a Default Model for Azure](#setting-a-default-model-for-azure)
- [Enabling Auto-Generated Titles with Azure](#enabling-auto-generated-titles-with-azure)
- [Using GPT-4 Vision with Azure](#using-gpt-4-vision-with-azure)
- [Setting Azure OpenAI as the Default Endpoint](#setting-azure-openai-as-the-default-endpoint)
- [Optional Variables](#optional-variables)
- [Using Plugins with Azure](#using-plugins-with-azure)
- [Unofficial APIs](#unofficial-apis)
- [ChatGPTBrowser](#chatgptbrowser)
- [BingAI](#bingai)
2. [Conclusion](#conclusion)
<!-- # Table of Contents
- [Table of Contents](#table-of-contents)
- [AI Setup](#ai-setup)
- [General](#general)
- [Free AI APIs](#free-ai-apis)
- [Setting a Default Endpoint](#setting-a-default-endpoint)
- [Setting a Default Preset](#setting-a-default-preset)
- [OpenAI](#openai)
- [Anthropic](#anthropic)
- [Google](#google)
- [Generative Language API (Gemini)](#generative-language-api-gemini)
- [Vertex AI (PaLM 2 \& Codey)](#vertex-ai-palm-2--codey)
- [1. Once signed up, Enable the Vertex AI API on Google Cloud:](#1-once-signed-up-enable-the-vertex-ai-api-on-google-cloud)
- [2. Create a Service Account with Vertex AI role:](#2-create-a-service-account-with-vertex-ai-role)
- [3. Create a JSON key to Save in your Project Directory:](#3-create-a-json-key-to-save-in-your-project-directory)
- [Azure OpenAI](#azure-openai)
- [Required Variables](#required-variables)
- [Model Deployments](#model-deployments)
- [Setting a Default Model for Azure](#setting-a-default-model-for-azure)
- [Enabling Auto-Generated Titles with Azure](#enabling-auto-generated-titles-with-azure)
- [Using GPT-4 Vision with Azure](#using-gpt-4-vision-with-azure)
- [Optional Variables](#optional-variables)
- [Using Plugins with Azure](#using-plugins-with-azure)
- [OpenRouter](#openrouter)
- [Unofficial APIs](#unofficial-apis)
- [ChatGPTBrowser](#chatgptbrowser)
- [BingAI](#bingai)
- [Conclusion](#conclusion) -->
---
@ -310,6 +319,35 @@ To use Azure with the Plugins endpoint, make sure the following environment vari
---
## [OpenRouter](https://openrouter.ai/)
[OpenRouter](https://openrouter.ai/) is a legitimate proxy service to a multitude of LLMs, both closed and open source, including:
- OpenAI models (great if you are barred from their API for whatever reason)
- Anthropic Claude models (same as above)
- Meta's Llama models
- pygmalionai/mythalion-13b
- and many more open source models. Newer integrations are usually discounted, too!
> See their available models and pricing here: [Supported Models](https://openrouter.ai/docs#models)
OpenRouter is so great, I decided to integrate it to the project as a standalone feature.
**Setup:**
- Signup to [OpenRouter](https://openrouter.ai/) and create a key. You should name it and set a limit as well.
- Set the environment variable `OPENROUTER_API_KEY` in your .env file to the key you just created.
- Set something in the `OPENAI_API_KEY`, it can be anyting, but **do not** leave it blank or set to `user_provided`
- Restart your LibreChat server and use the OpenAI or Plugins endpoints.
**Notes:**
- [TODO] **In the future, you will be able to set up OpenRouter from the frontend as well.**
- This will override the official OpenAI API or your reverse proxy settings for both Plugins and OpenAI.
- On initial setup, you may need to refresh your page twice to see all their supported models populate automatically.
- Plugins: Functions Agent works with OpenRouter when using OpenAI models.
- Plugins: Turn functions off to try plugins with non-OpenAI models (ChatGPT plugins will not work and others may not work as expected).
- Plugins: Make sure `PLUGINS_USE_AZURE` is not set in your .env file when wanting to use OpenRouter and you have Azure configured.
---
## Unofficial APIs
**Important:** Stability for Unofficial APIs are not guaranteed. Access methods to these APIs are hacky, prone to errors, and patching, and are marked lowest in priority in LibreChat's development.
@ -322,7 +360,7 @@ This is not to be confused with [OpenAI's Official API](#openai)!
> Note that this is disabled by default and requires additional configuration to work.
> Also, using this may have your data exposed to 3rd parties if using a proxy, and OpenAI may flag your account.
> See: [ChatGPT Reverse Proxy](../features/pandoranext.md)
> See: [ChatGPT Reverse Proxy](../../features/pandoranext.md)
To get your Access token for ChatGPT Browser Access, you need to:
@ -336,19 +374,20 @@ Warning: There may be a chance of your account being banned if you deploy the ap
---
### BingAI
I recommend using Microsoft Edge for this:
To get your Bing Access Token, you have a few options:
- Navigate to **[Bing Chat](https://www.bing.com/chat)**
- **Login** if you haven't already
- Initiate a conversation with Bing
- Open `Dev Tools`, usually with `F12` or `Ctrl + Shift + C`
- Navigate to the `Network` tab
- Look for `lsp.asx` (if it's not there look into the other entries for one with a **very long** cookie)
- Copy the whole cookie value. (Yes it's very long 😉)
- Use this **"full cookie string"** for your "BingAI Token"
- You can try leaving it blank and see if it works (fingers crossed 🤞)
- You can follow these [new instructions](https://github.com/danny-avila/LibreChat/issues/370#issuecomment-1560382302) (thanks @danny-avila for sharing 🙌)
- You can use MS Edge, navigate to bing.com, and do the following:
- Make sure you are logged in
- Open the DevTools by pressing F12 on your keyboard
- Click on the tab "Application" (On the left of the DevTools)
- Expand the "Cookies" (Under "Storage")
- Copy the value of the "\_U" cookie and save it in ./.env as BING_ACCESS_TOKEN
<p align="left">
<img src="https://github.com/danny-avila/LibreChat/assets/32828263/d4dfd370-eddc-4694-ab16-076f913ff430" width="50%">
</p>
---

7
docs/install/default_language.md → docs/install/configuration/default_language.md
View file

@ -1,3 +1,8 @@
---
title: 🌍 Default Language
weight: -3
---
# Default Language 🌍
## How to change the default language
@ -33,4 +38,4 @@ export default { lang };
```
---
> **❗If you wish to contribute your own translation to LibreChat, please refer to this document for instructions: [Contribute a Translation](../contributions/translation_contribution.md)**
> **❗If you wish to contribute your own translation to LibreChat, please refer to this document for instructions: [Contribute a Translation](../../contributions/translation_contribution.md)**

76
docs/install/configuration/docker_override.md Normal file
View file

@ -0,0 +1,76 @@
---
title: 🐋 Docker Compose Override
weight: -9
---
# How to Use the Docker Compose Override File
In Docker Compose, an override file is a powerful feature that allows you to modify the default configuration provided by the main `docker-compose.yml` without the need to directly edit or duplicate the whole file. The primary use of the override file is for local development customizations, and Docker Compose merges the configurations of the `docker-compose.yml` and the `docker-compose.override.yml` files when you run `docker-compose up`.
Here's a quick guide on how to use the `docker-compose.override.yml`:
> Note: Please consult the `docker-compose.override.yml.example` for more examples
See the the official docker documentation for more info:
- **[docker docs - understanding-multiple-compose-files](https://docs.docker.com/compose/multiple-compose-files/extends/#understanding-multiple-compose-files)**
- **[docker docs - merge-compose-files](https://docs.docker.com/compose/multiple-compose-files/merge/#merge-compose-files)**
- **[docker docs - specifying-multiple-compose-files](https://docs.docker.com/compose/reference/#specifying-multiple-compose-files)**
## Step 1: Create a `docker-compose.override.yml` file
If you don't already have a `docker-compose.override.yml` file, you can create one by copying the example override content:
```bash
cp docker-compose.override.yml.example docker-compose.override.yml
```
This file will be picked up by Docker Compose automatically when you run docker-compose commands.
## Step 2: Edit the override file
Open your `docker-compose.override.yml` file with vscode or any text editor.
Make your desired changes by uncommenting the relevant sections and customizing them as needed.
For example, if you want to use a prebuilt image for the `api` service and expose MongoDB's port, your `docker-compose.override.yml` might look like this:
```yaml
version: '3.4'
services:
api:
image: ghcr.io/danny-avila/librechat:latest
mongodb:
ports:
- 27018:27017
```
> Note: Be cautious with exposing ports like MongoDB to the public, as it can make your database vulnerable to attacks.
## Step 3: Apply the changes
To apply your configuration changes, simply run Docker Compose as usual. Docker Compose automatically takes into account both the `docker-compose.yml` and the `docker-compose.override.yml` files:
```bash
docker-compose up -d
```
If you want to invoke a build with the changes before starting containers:
```bash
docker-compose build
docker-compose up -d
```
## Step 4: Verify the changes
After starting your services with the modified configuration, you can verify that the changes have been applied using the `docker ps` command to list the running containers and their properties, such as ports.
## Important Considerations
- **Order of Precedence**: Values defined in the override file take precedence over those specified in the original `docker-compose.yml` file.
- **Security**: When customizing ports and publicly exposing services, always be conscious of the security implications. Avoid using defaults for production or sensitive environments.
By following these steps and considerations, you can easily and safely modify your Docker Compose configuration without altering the original `docker-compose.yml` file, making it simpler to manage and maintain different environments or local customizations.

135
docs/install/dotenv.md → docs/install/configuration/dotenv.md
View file

@ -1,3 +1,8 @@
---
title: ⚙️ Environment Variables
weight: -10
---
# .env File Configuration
Welcome to the comprehensive guide for configuring your application's environment with the `.env` file. This document is your one-stop resource for understanding and customizing the environment variables that will shape your application's behavior in different contexts.
@ -13,7 +18,20 @@ npm run update:docker
docker-compose build --no-cache
```
Alternatively, you can create a new file named `docker-compose.override.yml` in the same directory as your main `docker-compose.yml` file for LibreChat, where you can set your .env variables as needed under `environment`. See the [docker docs](https://docs.docker.com/compose/multiple-compose-files/extends/#understanding-multiple-compose-files) for more info, and you can also view an example of an override file for LibreChat in the ["Manage Your Database" section](https://docs.librechat.ai/features/manage_your_database.html)
Alternatively, you can create a new file named `docker-compose.override.yml` in the same directory as your main `docker-compose.yml` file for LibreChat, where you can set your .env variables as needed under `environment`, or modify the default configuration provided by the main `docker-compose.yml`, without the need to directly edit or duplicate the whole file.
For more info see:
- Our quick guide:
- **[Docker Override](../configuration/docker_override.md)**
- The official docker documentation:
- **[docker docs - understanding-multiple-compose-files](https://docs.docker.com/compose/multiple-compose-files/extends/#understanding-multiple-compose-files)**
- **[docker docs - merge-compose-files](https://docs.docker.com/compose/multiple-compose-files/merge/#merge-compose-files)**
- **[docker docs - specifying-multiple-compose-files](https://docs.docker.com/compose/reference/#specifying-multiple-compose-files)**
- You can also view an example of an override file for LibreChat in your LibreChat folder and on GitHub:
- **[docker-compose.override.example](https://github.com/danny-avila/LibreChat/blob/main/docker-compose.override.yaml.example)**
---
@ -29,29 +47,6 @@ APP_TITLE=LibreChat
CUSTOM_FOOTER="My custom footer"
```
### Logging
LibreChat has built-in central logging.
- Debug logging is enabled by default and crucial for development.
- To report issues, reproduce the error and submit logs from `./api/logs/debug-%DATE%.log` at [LibreChat GitHub Issues](https://github.com/danny-avila/LibreChat/issues).
- Error logs are stored in the same location.
- Keep debug logs active by default or disable them by setting `DEBUG_LOGGING=FALSE` in the environment variable.
- For more information about this feature, read our docs: https://docs.librechat.ai/features/logging_system.html
```bash
DEBUG_LOGGING=TRUE
```
- Enable verbose server output in the console with `DEBUG_CONSOLE=TRUE`, though it's not recommended due to high verbosity.
```bash
DEBUG_CONSOLE=TRUE
```
This is not recommend, however, as the outputs can be quite verbose, and so it's disabled by default.
### Port
- The server will listen to localhost:3080 by default. You can change the target IP as you want. If you want to make this server available externally, for example to share the server with others or expose this from a Docker container, set host to 0.0.0.0 or your external IP interface.
@ -73,7 +68,7 @@ PORT=3080
- Instruction on how to create an online MongoDB database (useful for use without docker):
- [Online MongoDB](./mongodb.md)
- Securely access your docker MongoDB database:
- [Manage your database](../features/manage_your_database.md)
- [Manage your database](../../features/manage_your_database.md)
```bash
MONGO_URI=mongodb://127.0.0.1:27018/LibreChat
@ -89,6 +84,37 @@ DOMAIN_CLIENT=http://localhost:3080
DOMAIN_SERVER=http://localhost:3080
```
### Prevent Public Search Engines Indexing
By default, your website will not be indexed by public search engines (e.g. Google, Bing, …). This means that people will not be able to find your website through these search engines. If you want to make your website more visible and searchable, you can change the following setting to `false`
```bash
NO_INDEX=true
```
> ❗**Note:** This method is not guaranteed to work for all search engines, and some search engines may still index your website or web page for other purposes, such as caching or archiving. Therefore, you should not rely solely on this method to protect sensitive or confidential information on your website or web page.
### Logging
LibreChat has built-in central logging, see [Logging System](../../features/logging_system.md) for more info.
- Debug logging is enabled by default and crucial for development.
- To report issues, reproduce the error and submit logs from `./api/logs/debug-%DATE%.log` at [LibreChat GitHub Issues](https://github.com/danny-avila/LibreChat/issues).
- Error logs are stored in the same location.
- Keep debug logs active by default or disable them by setting `DEBUG_LOGGING=false` in the environment variable.
- For more information about this feature, read our docs: https://docs.librechat.ai/features/logging_system.html
```bash
DEBUG_LOGGING=true
```
- Enable verbose server output in the console with `DEBUG_CONSOLE=TRUE`, though it's not recommended due to high verbosity.
```bash
DEBUG_CONSOLE=false
```
This is not recommend, however, as the outputs can be quite verbose, and so it's disabled by default.
### Permission
> UID and GID are numbers assigned by Linux to each user and group on the system. If you have permission problems, set here the UID and GID of the user running the docker compose command. The applications in the container will run with these uid/gid.
@ -169,7 +195,7 @@ PLUGINS_USE_AZURE="true"
```
### BingAI
Bing, also used for Sydney, jailbreak, and Bing Image Creator, see: [Bing Access token](./ai_setup.md#bingai) and [Bing Jailbreak](../features/bing_jailbreak.md)
Bing, also used for Sydney, jailbreak, and Bing Image Creator, see: [Bing Access token](./ai_setup.md#bingai) and [Bing Jailbreak](../../features/bing_jailbreak.md)
- Follow these instructions to get your bing access token (it's best to use the full cookie string for that purpose): [Bing Access Token](https://github.com/danny-avila/LibreChat/issues/370#issuecomment-1560382302)
- Leave `BINGAI_TOKEN=` blank to disable this endpoint
@ -187,7 +213,7 @@ BINGAI_HOST=
### ChatGPT
see: [ChatGPT Free Access token](./ai_setup.md#chatgptbrowser)
> **Warning**: To use this endpoint you'll have to set up your own reverse proxy. Here is the installation guide to deploy your own (based on [PandoraNext](https://github.com/pandora-next/deploy)): **[PandoraNext Deployment Guide](../features/pandoranext.md)**
> **Warning**: To use this endpoint you'll have to set up your own reverse proxy. Here is the installation guide to deploy your own (based on [PandoraNext](https://github.com/pandora-next/deploy)): **[PandoraNext Deployment Guide](../../features/pandoranext.md)**
```bash
CHATGPT_REVERSE_PROXY=<YOUR-REVERSE-PROXY>
@ -304,9 +330,9 @@ OPENROUTER_API_KEY=
### Plugins
Here are some useful documentation about plugins:
- [Introduction](../features/plugins/introduction.md)
- [Make Your Own](../features/plugins/make_your_own.md)
- [Using official ChatGPT Plugins](../features/plugins/chatgpt_plugins_openapi.md)
- [Introduction](../../features/plugins/introduction.md)
- [Make Your Own](../../features/plugins/make_your_own.md)
- [Using official ChatGPT Plugins](../../features/plugins/chatgpt_plugins_openapi.md)
#### General Configuration:
- Identify the available models, separated by commas **without spaces**. The first model in the list will be set as default. Leave it blank or commented out to use internal settings.
@ -332,7 +358,7 @@ CREDS_IV=e2341419ec3dd3d19b13a1a87fafcbfb
```
#### Azure AI Search
This plugin supports searching Azure AI Search for answers to your questions. See: [Azure AI Search](../features/plugins/azure_ai_search.md)
This plugin supports searching Azure AI Search for answers to your questions. See: [Azure AI Search](../../features/plugins/azure_ai_search.md)
```bash
AZURE_AI_SEARCH_SERVICE_ENDPOINT=
@ -377,7 +403,7 @@ DALLE_REVERSE_PROXY=
> Note: if you have PROXY set, it will be used for DALL-E calls also, which is universal for the app
#### Google Search
See detailed instructions here: [Google Search](../features/plugins/google_search.md)
See detailed instructions here: [Google Search](../../features/plugins/google_search.md)
```bash
GOOGLE_API_KEY=
@ -392,7 +418,7 @@ SERPAPI_API_KEY=
```
#### Stable Diffusion (Automatic1111)
See detailed instructions here: [Stable Diffusion](../features/plugins/stable_diffusion.md)
See detailed instructions here: [Stable Diffusion](../../features/plugins/stable_diffusion.md)
- Use "http://127.0.0.1:7860" with local install and "http://host.docker.internal:7860" for docker
@ -401,7 +427,7 @@ SD_WEBUI_URL=http://host.docker.internal:7860
```
#### WolframAlpha
See detailed instructions here: [Wolfram Alpha](../features/plugins/wolfram.md)
See detailed instructions here: [Wolfram Alpha](../../features/plugins/wolfram.md)
```bash
WOLFRAM_APP_ID=
@ -462,13 +488,23 @@ This section contains the configuration for:
### Moderation
The Automated Moderation System uses a scoring mechanism to track user violations. As users commit actions like excessive logins, registrations, or messaging, they accumulate violation scores. Upon reaching a set threshold, the user and their IP are temporarily banned. This system ensures platform security by monitoring and penalizing rapid or suspicious activities.
see: [Automated Moderation](../features/mod_system.md)
see: [Automated Moderation](../../features/mod_system.md)
#### Basic Moderation Settings
- `OPENAI_MODERATION`: Set to true or false, Whether or not to enable OpenAI moderation on the **OpenAI** and **Plugins** endpoints
- `OPENAI_MODERATION_API_KEY`: Your OpenAI API key
- `OPENAI_MODERATION_REVERSE_PROXY`: Note: Commented out by default, this is not working with all reverse proxys
```bash
OPENAI_MODERATION=false
OPENAI_MODERATION_API_KEY=
OPENAI_MODERATION_REVERSE_PROXY=
```
- `BAN_VIOLATIONS`: Whether or not to enable banning users for violations (they will still be logged)
- `BAN_DURATION`: How long the user and associated IP are banned for (in milliseconds)
- `BAN_INTERVAL` The user will be banned everytime their score reaches/crosses over the interval threshold
- `BAN_INTERVAL`: The user will be banned everytime their score reaches/crosses over the interval threshold
```bash
BAN_VIOLATIONS=true
@ -539,7 +575,7 @@ MESSAGE_USER_WINDOW=1
### Balance
The following enables user balances for the OpenAI/Plugins endpoints, which you can add manually or you will need to build out a balance accruing system for users.
see: [Token Usage](../features/token_usage.md)
see: [Token Usage](../../features/token_usage.md)
- To manually add balances, run the following command:`npm run add-balance`
- You can also specify the email and token credit amount to add, e.g.:`npm run add-balance example@example.com 1000`
@ -553,7 +589,7 @@ CHECK_BALANCE=false
```
### Registration and Login
see: [User/Auth System](../install/user_auth_system.md)
see: [User/Auth System](../configuration/user_auth_system.md)
![image](https://github.com/danny-avila/LibreChat/assets/81851188/52a37d1d-7392-4a9a-a79f-90ed2da7f841)
@ -566,6 +602,7 @@ see: [User/Auth System](../install/user_auth_system.md)
> **Quick Tip:** Even with registration disabled, add users directly to the database using `npm run create-user`.
```bash
ALLOW_EMAIL_LOGIN=true
ALLOW_REGISTRATION=true
ALLOW_SOCIAL_LOGIN=false
ALLOW_SOCIAL_REGISTRATION=false
@ -589,9 +626,9 @@ JWT_REFRESH_SECRET=eaa5191f2914e30b9387fd84e254e4ba6fc51b4654968a9b0803b456a54b8
### Social Logins
#### [Discord](../install/user_auth_system.md#discord-authentication)
#### [Discord](../configuration/user_auth_system.md#discord-authentication)
for more information: [Discord](../install/user_auth_system.md#discord-authentication)
for more information: [Discord](../configuration/user_auth_system.md#discord-authentication)
```bash
# Discord
@ -600,9 +637,9 @@ DISCORD_CLIENT_SECRET=your_client_secret
DISCORD_CALLBACK_URL=/oauth/discord/callback
```
#### [Facebook](../install/user_auth_system.md#facebook-authentication)
#### [Facebook](../configuration/user_auth_system.md#facebook-authentication)
for more information: [Facebook](../install/user_auth_system.md#facebook-authentication)
for more information: [Facebook](../configuration/user_auth_system.md#facebook-authentication)
```bash
# Facebook
@ -611,9 +648,9 @@ FACEBOOK_CLIENT_SECRET=
FACEBOOK_CALLBACK_URL=/oauth/facebook/callback
```
#### [GitHub](../install/user_auth_system.md#github-authentication)
#### [GitHub](../configuration/user_auth_system.md#github-authentication)
for more information: [GitHub](../install/user_auth_system.md#github-authentication)
for more information: [GitHub](../configuration/user_auth_system.md#github-authentication)
```bash
# GitHub
@ -622,9 +659,9 @@ GITHUB_CLIENT_SECRET=your_client_secret
GITHUB_CALLBACK_URL=/oauth/github/callback
```
#### [Google](../install/user_auth_system.md#google-authentication)
#### [Google](../configuration/user_auth_system.md#google-authentication)
for more information: [Google](../install/user_auth_system.md#google-authentication)
for more information: [Google](../configuration/user_auth_system.md#google-authentication)
```bash
# Google
@ -633,9 +670,9 @@ GOOGLE_CLIENT_SECRET=
GOOGLE_CALLBACK_URL=/oauth/google/callback
```
#### [OpenID](../install/user_auth_system.md#openid-authentication-with-azure-ad)
#### [OpenID](../configuration/user_auth_system.md#openid-authentication-with-azure-ad)
for more information: [Azure OpenID](../install/user_auth_system.md#openid-authentication-with-azure-ad) or [AWS Cognito OpenID](../install/user_auth_system.md#openid-authentication-with-aws-cognito)
for more information: [Azure OpenID](../configuration/user_auth_system.md#openid-authentication-with-azure-ad) or [AWS Cognito OpenID](../configuration/user_auth_system.md#openid-authentication-with-aws-cognito)
```bash
# OpenID
@ -651,7 +688,7 @@ OPENID_IMAGE_URL=
```
### Email Password Reset
Email is used for password reset. See: [Email Password Reset](../install/user_auth_system.md#email-and-password-reset)
Email is used for password reset. See: [Email Password Reset](../configuration/user_auth_system.md#email-and-password-reset)
- Note that all either service or host, username and password and the From address must be set for email to work.

31
docs/install/free_ai_apis.md → docs/install/configuration/free_ai_apis.md
View file

@ -1,34 +1,15 @@
---
title: 💸 Free AI APIs
weight: -6
---
# Free AI APIs
There are APIs offering free/free-trial access to AI APIs via reverse proxy.
Here is a well-maintained public list of [Free AI APIs](https://github.com/zukixa/cool-ai-stuff) that may or may not be compatible with LibreChat
### [OpenRouter](https://openrouter.ai/) ⇆ (preferred)
While not completely free, you get free trial credits when you [sign up to OpenRouter](https://openrouter.ai/), a legitimate proxy service to a multitude of LLMs, both closed and open source, including:
- OpenAI models (great if you are barred from their API for whatever reason)
- Anthropic Claude models (same as above)
- Meta's Llama models
- pygmalionai/mythalion-13b
- and many more open source models. Newer integrations are usually discounted, too!
OpenRouter is so great, I decided to integrate it to the project as a standalone feature.
**Setup:**
- Signup to [OpenRouter](https://openrouter.ai/) and create a key. You should name it and set a limit as well.
- Set the environment variable `OPENROUTER_API_KEY` in your .env file to the key you just created.
- Restart your LibreChat server and use the OpenAI or Plugins endpoints.
**Notes:**
- [TODO] **In the future, you will be able to set up OpenRouter from the frontend as well.**
- This will override the official OpenAI API or your reverse proxy settings for both Plugins and OpenAI.
- On initial setup, you may need to refresh your page twice to see all their supported models populate automatically.
- Plugins: Functions Agent works with OpenRouter when using OpenAI models.
- Plugins: Turn functions off to try plugins with non-OpenAI models (ChatGPT plugins will not work and others may not work as expected).
- Plugins: Make sure `PLUGINS_USE_AZURE` is not set in your .env file when wanting to use OpenRouter and you have Azure configured.
> ⚠️ OpenRouter is in a category of its own, and is highly recommended over the "free" services below. NagaAI and other 'free' API proxies tend to have intermittent issues, data leaks, and/or problems with the guidelines of the platforms they advertise on. Use the below at your own risk.
> ⚠️ [OpenRouter](./ai_setup.md#openrouter) is in a category of its own, and is highly recommended over the "free" services below. NagaAI and other 'free' API proxies tend to have intermittent issues, data leaks, and/or problems with the guidelines of the platforms they advertise on. Use the below at your own risk.
### NagaAI

18
docs/install/configuration/index.md Normal file
View file

@ -0,0 +1,18 @@
---
title: Configuration
weight: 2
---
# Configuration
* ⚙️ [Environment Variables](./dotenv.md)
* 🐋 [Docker Compose Override](./docker_override.md)
---
* 🤖 [AI Setup](./ai_setup.md)
* 🚅 [LiteLLM](./litellm.md)
* 💸 [Free AI APIs](./free_ai_apis.md)
---
* 🛂 [Authentication System](./user_auth_system.md)
* 🍃 [Online MongoDB](./mongodb.md)
* 🌍 [Default Language](./default_language.md)
* 🌀 [Miscellaneous](./misc.md)

9
docs/install/litellm.md → docs/install/configuration/litellm.md
View file

@ -1,9 +1,16 @@
---
title: 🚅 LiteLLM
weight: -7
---
# Using LibreChat with LiteLLM Proxy
Use LiteLLM Proxy for:
Use [LiteLLM Proxy](https://docs.litellm.ai/docs/simple_proxy) for:
* Calling 100+ LLMs Huggingface/Bedrock/TogetherAI/etc. in the OpenAI ChatCompletions & Completions format
* Load balancing - between Multiple Models + Deployments of the same model LiteLLM proxy can handle 1k+ requests/second during load tests
* Authentication & Spend Tracking Virtual Keys
https://docs.litellm.ai/docs/simple_proxy
## Start LiteLLM Proxy Server
### Pip install litellm
```shell

6
docs/install/misc.md → docs/install/configuration/misc.md
View file

@ -1,3 +1,9 @@
---
title: 🌀 Miscellaneous
weight: -2
author: danny-avila and jerkstorecaller
---
As LibreChat has varying use cases and environment possibilities, this page will host niche setup/configurations, as contributed by the community, that are not better delegated to any of the other guides.
# Using LibreChat behind a reverse proxy with Basic Authentication

5
docs/install/mongodb.md → docs/install/configuration/mongodb.md
View file

@ -1,3 +1,8 @@
---
title: 🍃 Online MongoDB
weight: -4
---
# Set Up an Online MongoDB Database
## Create an account

576
docs/install/configuration/user_auth_system.md Normal file
View file

@ -0,0 +1,576 @@
---
title: 🛂 Authentication System
weight: -5
---
# User Authentication System
LibreChat has a user authentication system that allows users to sign up and log in securely and easily. The system is scalable and can handle a large number of concurrent users without compromising performance or security.
By default, we have email signup and login enabled, which means users can create an account using their email address and a password. They can also reset their password if they forget it.
Additionally, our system can integrate social logins from various platforms such as Google, GitHub, Discord, OpenID, and more. This means users can log in using their existing accounts on these platforms, without having to create a new account or remember another password.
>❗**Important:** When you run the app for the first time, you need to create a new account by clicking on "Sign up" on the login page. The first account you make will be the admin account. The admin account doesn't have any special features right now, but it might be useful if you want to make an admin dashboard to manage other users later.
>> **Note:** The first account created should ideally be a local account (email and password).
## Basic Configuration:
### General
Here's an overview of the general configuration, located in the `.env` file at the root of the LibreChat folder.
- `ALLOW_EMAIL_LOGIN`: Email login. Set to `true` or `false` to enable or disable ONLY email login.
- `ALLOW_REGISTRATION`: Email registration of new users. Set to `true` or `false` to enable or disable Email registration.
- `ALLOW_SOCIAL_LOGIN`: Allow users to connect to LibreChat with various social networks, see below. Set to `true` or `false` to enable or disable.
- `ALLOW_SOCIAL_REGISTRATION`: Enable or disable registration of new user using various social network. Set to `true` or `false` to enable or disable.
> **Note:** OpenID does not support the ability to disable only registration.
>> **Quick Tip:** Even with registration disabled, add users directly to the database using `npm run create-user`. If you can't get npm to work, try `sudo docker exec -ti LibreChat sh` first to "ssh" into the container.
![image](https://github.com/danny-avila/LibreChat/assets/81851188/52a37d1d-7392-4a9a-a79f-90ed2da7f841)
```bash
ALLOW_EMAIL_LOGIN=true
ALLOW_REGISTRATION=true
ALLOW_SOCIAL_LOGIN=false
ALLOW_SOCIAL_REGISTRATION=false
```
### Session Expiry and Refresh Token
- Default values: session expiry: 15 minutes, refresh token expiry: 7 days
- For more information: [Refresh Token](https://github.com/danny-avila/LibreChat/pull/927)
```bash
SESSION_EXPIRY=1000 * 60 * 15
REFRESH_TOKEN_EXPIRY=(1000 * 60 * 60 * 24) * 7
```
``` mermaid
sequenceDiagram
Client->>Server: Login request with credentials
Server->>Passport: Use authentication strategy (e.g., 'local', 'google', etc.)
Passport-->>Server: User object or false/error
Note over Server: If valid user...
Server->>Server: Generate access and refresh tokens
Server->>Database: Store hashed refresh token
Server-->>Client: Access token and refresh token
Client->>Client: Store access token in HTTP Header and refresh token in HttpOnly cookie
Client->>Server: Request with access token from HTTP Header
Server-->>Client: Requested data
Note over Client,Server: Access token expires
Client->>Server: Request with expired access token
Server-->>Client: Unauthorized
Client->>Server: Request with refresh token from HttpOnly cookie
Server->>Database: Retrieve hashed refresh token
Server->>Server: Compare hash of provided refresh token with stored hash
Note over Server: If hashes match...
Server-->>Client: New access token and refresh token
Client->>Server: Retry request with new access token
Server-->>Client: Requested data
```
### JWT Secret and Refresh Secret
- You should use new secure values. The examples given are 32-byte keys (64 characters in hex).
- Use this replit to generate some quickly: [JWT Keys](https://replit.com/@daavila/crypto#index.js)
```bash
JWT_SECRET=16f8c0ef4a5d391b26034086c628469d3f9f497f08163ab9b40137092f2909ef
JWT_REFRESH_SECRET=eaa5191f2914e30b9387fd84e254e4ba6fc51b4654968a9b0803b456a54b8418
```
---
## Automated Moderation System (optional)
The Automated Moderation System is enabled by default. It uses a scoring mechanism to track user violations. As users commit actions like excessive logins, registrations, or messaging, they accumulate violation scores. Upon reaching a set threshold, the user and their IP are temporarily banned. This system ensures platform security by monitoring and penalizing rapid or suspicious activities.
To set up the mod system, review [the setup guide](../../features/mod_system.md).
> *Please Note: If you want this to work in development mode, you will need to create a file called `.env.development` in the root directory and set `DOMAIN_CLIENT` to `http://localhost:3090` or whatever port is provided by vite when runnning `npm run frontend-dev`*
---
## **Email and Password Reset**
### General setup
in the .env file modify these variables:
```
EMAIL_SERVICE= # eg. gmail - see https://community.nodemailer.com/2-0-0-beta/setup-smtp/well-known-services/
EMAIL_HOST= # eg. example.com - if EMAIL_SERVICE is not set, connect to this server.
EMAIL_PORT=25 # eg. 25 - mail server port to connect to with EMAIL_HOST (usually 25, 465, 587)
EMAIL_ENCRYPTION= # eg. starttls - valid values: starttls (force STARTTLS), tls (obligatory TLS), anything else (use STARTTLS if available)
EMAIL_ENCRYPTION_HOSTNAME= # eg. example.com - check the name in the certificate against this instead of EMAIL_HOST
EMAIL_ALLOW_SELFSIGNED= # eg. true - valid values: true (allow self-signed), anything else (disallow self-signed)
EMAIL_USERNAME= # eg. me@gmail.com - the username used for authentication. For consumer services, this MUST usually match EMAIL_FROM.
EMAIL_PASSWORD= # eg. password - the password used for authentication
EMAIL_FROM_NAME= # eg. LibreChat - the human-readable address in the From is constructed as "EMAIL_FROM_NAME <EMAIL_FROM>". Defaults to APP_TITLE.
```
If you want to use one of the predefined services, configure only these variables:
EMAIL\_SERVICE is the name of the email service you are using (Gmail, Outlook, Yahoo Mail, ProtonMail, iCloud Mail, etc.) as defined in the NodeMailer well-known services linked above.
EMAIL\_USERNAME is the username of the email service (usually, it will be the email address, but in some cases, it can be an actual username used to access the account).
EMAIL\_PASSWORD is the password used to access the email service. This is not the password to access the email account directly, but a password specifically generated for this service.
EMAIL\_FROM is the email address that will appear in the "from" field when a user receives an email.
EMAIL\_FROM\_NAME is the name that will appear in the "from" field when a user receives an email. If left unset, it defaults to the app title.
If you want to use a generic SMTP service or need advanced configuration for one of the predefined providers, configure these variables:
EMAIL\_HOST is the hostname to connect to, or an IP address.
EMAIL\_PORT is the port to connect to. Be aware that different ports usually come with different requirements - 25 is for mailserver-to-mailserver, 465 requires encryption at the start of the connection, and 587 allows submission of mail as a user.
EMAIL\_ENCRYPTION defines if encryption is required at the start (`tls`) or started after the connection is set up (`starttls`). If either of these values are set, they are enforced. If they are not set, an encrypted connection is started if available.
EMAIL\_ENCRYPTION\_HOSTNAME allows specification of a hostname against which the certificate is validated. Use this if the mail server does have a valid certificate, but you are connecting with an IP or a different name for some reason.
EMAIL\_ALLOW\_SELFSIGNED defines whether self-signed certificates can be accepted from the server. As the mails being sent contain sensitive information, ONLY use this for testing.
NOTE: ⚠️ **Failing to perform either of the below setups will result in LibreChat using the unsecured password reset! This allows anyone to reset any password on your server immediately, without mail being sent at all!** The variable EMAIL\_FROM does not support all email providers **but is still required**. To stay updated, check the bug fixes [here](https://github.com/danny-avila/LibreChat/tags).
### Setup with Gmail
1. Create a Google Account and enable 2-step verification.
2. In the [Google Account settings](https://myaccount.google.com/), click on the "Security" tab and open "2-step verification."
3. Scroll down and open "App passwords." Choose "Mail" for the app and select "Other" for the device, then give it a random name.
4. Click on "Generate" to create a password, and copy the generated password.
5. In the .env file, modify the variables as follows:
```
EMAIL_SERVICE=gmail
EMAIL_USERNAME=your-email
EMAIL_PASSWORD=your-app-password
EMAIL_FROM=email address for the from field, e.g., noreply@librechat.ai
EMAIL_FROM_NAME="My LibreChat Server"
```
### Setup with custom mail server
1. Gather your SMTP login data from your provider. The steps are different for each, but they will usually list values for all variables.
2. In the .env file, modify the variables as follows, assuming some sensible example values:
```
EMAIL_HOST=mail.example.com
EMAIL_PORT=587
EMAIL_ENCRYPTION=starttls
EMAIL_USERNAME=your-email
EMAIL_PASSWORD=your-app-password
EMAIL_FROM=email address for the from field, e.g., noreply@librechat.ai
EMAIL_FROM_NAME="My LibreChat Server"
```
---
## Social Authentication - Setup and Configuration
![image](https://github.com/danny-avila/LibreChat/assets/138638445/cacc2ee0-acf9-4d05-883a-ca9952de1165)
### Discord
#### Create a new Discord Application
- Go to **[Discord Developer Portal](https://discord.com/developers)**
- Create a new Application and give it a name
![image](https://github.com/danny-avila/LibreChat/assets/32828263/7e7cdfa0-d1d6-4b6b-a8a9-905aaa40d135)
#### Discord Application Configuration
- In the OAuth2 general settings add a valid redirect URL:
- Example for localhost: `http://localhost:3080/oauth/discord/callback`
- Example for a domain: `https://example.com/oauth/discord/callback`
![image](https://github.com/danny-avila/LibreChat/assets/32828263/6c56fb92-f4ab-43b9-981b-f98babeeb19d)
- In `Default Authorization Link`, select `In-app Authorization` and set the scopes to `applications.commands`
![image](https://github.com/danny-avila/LibreChat/assets/32828263/2ce94670-9422-48d2-97e9-ec40bd331573)
- Save changes and reset the Client Secret
![image](https://github.com/danny-avila/LibreChat/assets/32828263/3af164fc-66ed-4e5e-9f5a-9bcab3df37b4)
![image](https://github.com/danny-avila/LibreChat/assets/32828263/2ece3935-68e6-4f2e-8656-9721cba5388a)
#### .env Configuration
- Paste your `Client ID` and `Client Secret` in the `.env` file:
```bash
DISCORD_CLIENT_ID=your_client_id
DISCORD_CLIENT_SECRET=your_client_secret
DISCORD_CALLBACK_URL=/oauth/discord/callback
```
- Save the `.env` file
> Note: If using docker, run `docker-compose up -d` to apply the .env configuration changes
---
### Facebook - WIP
> ⚠️ **Warning: Work in progress, not currently functional**
> ❗ Note: Facebook Authentication will not work from `localhost`
#### Create a Facebook Application
- Go to the **[Facebook Developer Portal](https://developers.facebook.com/)**
- Click on "My Apps" in the header menu
![image](https://github.com/danny-avila/LibreChat/assets/32828263/b75ccb8b-d56b-41b7-8b0d-a32c2e762962)
- Create a new application
![image](https://github.com/danny-avila/LibreChat/assets/32828263/706f050d-5423-44cc-80f0-120913695d8f)
- Select "Authenticate and request data from users with Facebook Login"
![image](https://github.com/danny-avila/LibreChat/assets/32828263/2ebbb571-afe8-429e-ab39-be6e83d12c01)
- Choose "No, I'm not creating a game"
![image](https://github.com/danny-avila/LibreChat/assets/32828263/88b5160a-9c72-414a-bbcc-7717b81106f3)
- Provide an `app name` and `App contact email` and click `Create app`
![image](https://github.com/danny-avila/LibreChat/assets/32828263/e1282c9e-4e7d-4cbe-82c9-cc76967f83e1)
#### Facebook Application Configuration
- In the side menu, select "Use cases" and click "Customize" under "Authentication and account creation."
![image](https://github.com/danny-avila/LibreChat/assets/32828263/39f4bb70-d9dc-4d1c-8443-2666fe56499b)
- Add the `email permission`
![image](https://github.com/danny-avila/LibreChat/assets/32828263/dfa20879-2cb8-4daf-883d-3790854afca0)
- Now click `Go to settings`
![image](https://github.com/danny-avila/LibreChat/assets/32828263/512213a2-bd8b-4fd3-96c7-0de6d3222ddd)
- Ensure that `Client OAuth login`, `Web OAuth login` and `Enforce HTTPS` are **enabled**.
![image](https://github.com/danny-avila/LibreChat/assets/32828263/3a7d935b-97bf-493b-b909-39ecf9b3432b)
- Add a `Valid OAuth Redirect URIs` and "Save changes"
- Example for a domain: `https://example.com/oauth/facebook/callback`
![image](https://github.com/danny-avila/LibreChat/assets/32828263/ef8e54ee-a766-4871-9719-d4eff7a770b6)
- Click `Go back` and select `Basic` in the `App settings` tab
![image](https://github.com/danny-avila/LibreChat/assets/32828263/0d14f702-5183-422e-a12c-5d1b6031581b)
- Click "Show" next to the App secret.
![image](https://github.com/danny-avila/LibreChat/assets/32828263/9a009e37-2bb6-4da6-b5c7-9139c3db6185)
#### .env Configuration
- Copy the `App ID` and `App Secret` and paste them into the `.env` file as follows:
```bash
FACEBOOK_CLIENT_ID=your_app_id
FACEBOOK_CLIENT_SECRET=your_app_secret
FACEBOOK_CALLBACK_URL=/oauth/facebook/callback
```
- Save the `.env` file.
> Note: If using docker, run `docker-compose up -d` to apply the .env configuration changes
---
### GitHub
#### Create a GitHub Application
- Go to your **[Github Developer settings](https://github.com/settings/apps)**
- Create a new Github app
![image](https://github.com/danny-avila/LibreChat/assets/138638445/3a8b88e7-78f8-426e-bfc2-c5e3f8b21ccb)
#### GitHub Application Configuration
- Give it a `GitHub App name` and set your `Homepage URL`
- Example for localhost: `http://localhost:3080`
- Example for a domain: `https://example.com`
![image](https://github.com/danny-avila/LibreChat/assets/138638445/f10d497d-460b-410f-9504-08735662648b)
- Add a valid `Callback URL`:
- Example for localhost: `http://localhost:3080/oauth/github/callback`
- Example for a domain: `https://example.com/oauth/github/callback`
![image](https://github.com/danny-avila/LibreChat/assets/138638445/4e7e6dba-0afb-4ed8-94bf-4c61b0f29240)
- Uncheck the box labeled `Active` in the `Webhook` section
![image](https://github.com/danny-avila/LibreChat/assets/138638445/aaeb3ecb-2e76-4ea5-8264-edfbdd53de1a)
- Scroll down to `Account permissions` and set `Email addresses` to `Access: Read-only`
![image](https://github.com/danny-avila/LibreChat/assets/138638445/3e561aa4-1f9e-4cb7-ace8-dbba8f0c0d55)
![image](https://github.com/danny-avila/LibreChat/assets/138638445/7b5f99af-7bde-43ee-9b43-6d3ce79ee00a)
- Click on `Create GitHub App`
![image](https://github.com/danny-avila/LibreChat/assets/138638445/4cc48550-eac3-4970-939b-81a23fa9c7cf)
#### .env Configuration
- Click `Generate a new client secret`
![image](https://github.com/danny-avila/LibreChat/assets/138638445/484c7851-71dd-4167-a59e-9a56c4e08c36)
- Copy the `Client ID` and `Client Secret` in the `.env` file
![image](https://github.com/danny-avila/LibreChat/assets/138638445/aaf78840-48a9-44e1-9625-4109ed91d965)
```bash
GITHUB_CLIENT_ID=your_client_id
GITHUB_CLIENT_SECRET=your_client_secret
GITHUB_CALLBACK_URL=/oauth/github/callback
```
- Save the `.env` file
> Note: If using docker, run `docker-compose up -d` to apply the .env configuration changes
---
### Google
#### Create a Google Application
- Visit: **[Google Cloud Console](https://cloud.google.com)** and open the `Console`
![image](https://github.com/danny-avila/LibreChat/assets/138638445/a7d290ea-6031-43b3-b367-36ce00e46f20)
- Create a New Project and give it a name
![image](https://github.com/danny-avila/LibreChat/assets/138638445/ce71c9ca-7ddd-4021-9133-a872c64c20c4)
![image](https://github.com/danny-avila/LibreChat/assets/138638445/8abbd41e-8332-4851-898d-9cddb373c527)
#### Google Application Configuration
- Select the project you just created and go to `APIs and Services`
![image](https://github.com/danny-avila/LibreChat/assets/138638445/c6265582-2cf6-430f-ae51-1edbdd9f2c48)
![image](https://github.com/danny-avila/LibreChat/assets/138638445/006e16ba-56b8-452d-b324-5f2d202637ab)
- Select `Credentials` and click `CONFIGURE CONSENT SCREEN`
![image](https://github.com/danny-avila/LibreChat/assets/138638445/e4285cbb-833f-4366-820d-addf04a2ad77)
- Select `External` then click `CREATE`
![image](https://github.com/danny-avila/LibreChat/assets/138638445/232d46c0-dd00-4637-b538-3ba3bdbdc0b2)
- Fill in your App information
> Note: You can get a logo from your LibreChat folder here: `docs\assets\favicon_package\android-chrome-192x192.png`
![image](https://github.com/danny-avila/LibreChat/assets/138638445/e6c4c8ec-2f02-4af5-9458-c72394d0b7c5)
- Configure your `App domain` and add your `Developer contact information` then click `SAVE AND CONTINUE`
![image](https://github.com/danny-avila/LibreChat/assets/138638445/6c2aa557-9b9b-412d-bc2b-76a0dc11f394)
- Configure the `Sopes`
- Add `email`,`profile` and `openid`
- Click `UPDATE` and `SAVE AND CONTINUE`
![image](https://github.com/danny-avila/LibreChat/assets/138638445/46af2fb9-8cfd-41c5-a763-814b308e45c3)
![image](https://github.com/danny-avila/LibreChat/assets/138638445/4e832970-d392-4c67-bb38-908a5c51660a)
- Click `SAVE AND CONTINUE`
- Review your app and go back to dashboard
- Go back to the `Credentials` tab, click on `+ CREATE CREDENTIALS` and select `OAuth client ID`
![image](https://github.com/danny-avila/LibreChat/assets/138638445/beef1982-55a3-4837-8e8c-20bad8d846ba)
- Select `Web application` and give it a name
![image](https://github.com/danny-avila/LibreChat/assets/138638445/badde864-f6b5-468f-a72f-bac93326ffa5)
- Configure the `Authorized JavaScript origins`, you can add both your domain and localhost if you desire
- Example for localhost: `http://localhost:3080`
- Example for a domain: `https://example.com`
![image](https://github.com/danny-avila/LibreChat/assets/138638445/f7e3763a-5f74-4850-8638-44f81693b9ac)
- Add a valid `Authorized redirect URIs`
- Example for localhost: `http://localhost:3080/oauth/google/callback`
- Example for a domain: `https://example.com/oauth/google/callback`
![image](https://github.com/danny-avila/LibreChat/assets/138638445/0db34b19-d780-4651-9c2f-d33e24a74d55)
#### .env Configuration
- Click `CREATE` and copy your `Client ID` and `Client secret`
![image](https://github.com/danny-avila/LibreChat/assets/138638445/fa8572bf-f482-457a-a285-aec7d41af76b)
- Add them to your `.env` file:
```bash
GOOGLE_CLIENT_ID=your_client_id
GOOGLE_CLIENT_SECRET=your_client_secret
GOOGLE_CALLBACK_URL=/oauth/github/callback
```
- Save the `.env` file
> Note: If using docker, run `docker-compose up -d` to apply the .env configuration changes
---
### OpenID with AWS Cognito
#### Create a new User Pool in Cognito
- Visit: **[https://console.aws.amazon.com/cognito/](https://console.aws.amazon.com/cognito/)**
- Sign in as Root User
- Click on `Create user pool`
![image](https://github.com/danny-avila/LibreChat/assets/32828263/e9b412c3-2cf1-4f54-998c-d1d6c12581a5)
#### Configure sign-in experience
Your Cognito user pool sign-in options should include `User Name` and `Email`.
![image](https://github.com/danny-avila/LibreChat/assets/32828263/d2cf362d-469e-4993-8466-10282da114c2)
#### Configure Security Requirements
You can configure the password requirements now if you desire
![image](https://github.com/danny-avila/LibreChat/assets/32828263/e125e8f1-961b-4a38-a6b7-ed1faf29c4a3)
#### Configure sign-up experience
Choose the attributes required at signup. The minimum required is `name`. If you want to require users to use their full name at sign up use: `given_name` and `family_name` as required attributes.
![image](https://github.com/danny-avila/LibreChat/assets/32828263/558b8e2c-afbd-4dd1-87f3-c409463b5f7c)
#### Configure message delivery
Send email with Cognito can be used for free for up to 50 emails a day
![image](https://github.com/danny-avila/LibreChat/assets/32828263/fcb2323b-708e-488c-9420-7eb482974648)
#### Integrate your app
Select `Use Cognitio Hosted UI` and chose a domain name
![image](https://github.com/danny-avila/LibreChat/assets/32828263/111b3dd4-3b20-4e3e-80e1-7167d2ad0f62)
Set the app type to `Confidential client`
Make sure `Generate a client secret` is set.
Set the `Allowed callback URLs` to `https://YOUR_DOMAIN/oauth/openid/callback`
![image](https://github.com/danny-avila/LibreChat/assets/32828263/1f92a532-7c4d-4632-a55d-9d00bf77fc4d)
Under `Advanced app client settings` make sure `Profile` is included in the `OpenID Connect scopes` (in the bottom)
![image](https://github.com/danny-avila/LibreChat/assets/32828263/5b035eae-4a8e-482c-abd5-29cee6502eeb)
#### Review and create
You can now make last minute changes, click on `Create user pool` when you're done reviewing the configuration
![image](https://github.com/danny-avila/LibreChat/assets/32828263/dc8b2374-9adb-4065-85dc-a087d625372d)
![image](https://github.com/danny-avila/LibreChat/assets/32828263/67efb1e9-dfe3-4ebd-9ebb-92186c514b5c)
![image](https://github.com/danny-avila/LibreChat/assets/32828263/9f819175-ace1-44b1-ba68-af21ac9f6735)
![image](https://github.com/danny-avila/LibreChat/assets/32828263/3e7b8b17-4e12-49af-99cf-78981d6331df)
#### Get your environment variables
1. Open your User Pool
![image](https://github.com/danny-avila/LibreChat/assets/32828263/b658ff2a-d252-4f3d-90a7-9fbde42c01db)
2. The `User Pool ID` and your AWS region will be used to construct the `OPENID_ISSUER` (see below)
![image](https://github.com/danny-avila/LibreChat/assets/32828263/dc8ae403-cbff-4aae-9eee-42d7cf3485e7)
![image](https://github.com/danny-avila/LibreChat/assets/32828263/d606f5c8-c60b-4d20-bdb2-d0d69e49ea1e)
3. Go to the `App Integrations` tab
![image](https://github.com/danny-avila/LibreChat/assets/32828263/58713bdc-24bc-47de-bdca-020dc321e997)
4. Open the app client
![image](https://github.com/danny-avila/LibreChat/assets/32828263/271bf7d2-3df2-43a7-87fc-e50294e49b2e)
5. Toggle `Show Client Secret`
![image](https://github.com/danny-avila/LibreChat/assets/32828263/a844fe65-313d-4754-81b4-380336e0e336)
- Use the `Client ID` for `OPENID_CLIENT_ID`
- Use the `Client secret` for `OPENID_CLIENT_SECRET`
- Generate a random string for the `OPENID_SESSION_SECRET`
> The `OPENID_SCOPE` and `OPENID_CALLBACK_URL` are pre-configured with the correct values
6. Open the `.env` file at the root of your LibreChat folder and add the following variables with the values you copied:
```bash
OPENID_CLIENT_ID=Your client ID
OPENID_CLIENT_SECRET=Your client secret
OPENID_ISSUER=https://cognito-idp.[AWS REGION].amazonaws.com/[USER POOL ID]/.well-known/openid-configuration
OPENID_SESSION_SECRET=Any random string
OPENID_SCOPE=openid profile email
OPENID_CALLBACK_URL=/oauth/openid/callback
```
7. Save the .env file
> Note: If using docker, run `docker-compose up -d` to apply the .env configuration changes
---
### OpenID with Azure AD
1. Go to the [Azure Portal](https://portal.azure.com/) and sign in with your account.
2. In the search box, type "Azure Active Directory" and click on it.
3. On the left menu, click on App registrations and then on New registration.
4. Give your app a name and select Web as the platform type.
5. In the Redirect URI field, enter `http://localhost:3080/oauth/openid/callback` and click on Register.
6. You will see an Overview page with some information about your app. Copy the Application (client) ID and the Directory (tenant) ID and save them somewhere.
7. On the left menu, click on Authentication and check the boxes for Access tokens and ID tokens under Implicit grant and hybrid flows.
8. On the left menu, click on Certificates & Secrets and then on New client secret. Give your secret a name and an expiration date and click on Add.
9. You will see a Value column with your secret. Copy it and save it somewhere. Don't share it with anyone!
10. Open the .env file in your project folder and add the following variables with the values you copied:
```bash
OPENID_CLIENT_ID=Your Application (client) ID
OPENID_CLIENT_SECRET=Your client secret
OPENID_ISSUER=https://login.microsoftonline.com/Your Directory (tenant ID)/v2.0/
OPENID_SESSION_SECRET=Any random string
OPENID_SCOPE=openid profile email #DO NOT CHANGE THIS
OPENID_CALLBACK_URL=/oauth/openid/callback # this should be the same for everyone
```
11. Save the .env file
> Note: If using docker, run `docker-compose up -d` to apply the .env configuration changes
---

26
docs/install/index.md Normal file
View file

@ -0,0 +1,26 @@
---
title: Installation and Configuration
weight: 1
---
# Installation and Configuration
## **[Installation](./installation/index.md)**
* 🐳 [Docker Compose (✨ Recommended)](./installation/docker_compose_install.md)
* 🦦 [Container (podman)](./installation/container_install.md)
* 🐧 [Linux](./installation/linux_install.md)
* 🍎 [Mac](./installation/mac_install.md)
* 🪟 [Windows](./installation/windows_install.md)
## **[Configuration](./configuration/index.md)**
* ⚙️ [Environment Variables](./configuration/dotenv.md)
* 🐋 [Docker Compose Override](./configuration/docker_override.md)
* 🤖 [AI Setup](./configuration/ai_setup.md)
* 🚅 [LiteLLM](./configuration/litellm.md)
* 💸 [Free AI APIs](./configuration/free_ai_apis.md)
* 🛂 [Authentication System](./configuration/user_auth_system.md)
* 🍃 [Online MongoDB](./configuration/mongodb.md)
* 🌍 [Default Language](./configuration/default_language.md)
* 🌀 [Miscellaneous](./configuration/misc.md)

11
docs/install/container_install.md → docs/install/installation/container_install.md
View file

@ -1,12 +1,15 @@
---
title: 🦦 Container (podman)
weight: 0
---
# Container installation guide
# Container Installation Guide (podman)
If you don't like docker compose, don't want a bare-metal installation, but still want to leverage the benefits from the isolation and modularity of containers - this is the guide you should use.
> Likewise, If you are actively developing LibreChat, aren't using the service productively (i.e production environments), you should avoid this guide and look to something easier to work with such as docker compose.
**Important:** `docker` and `podman` commands are for the most part, interoperable and interchangeable. Since podman should be the better "Libre" choice, code instructions below will use (and heavily favor) `podman` - and some commands will need to be tweaked to compensate for this.
**Important:** `docker` and `podman` commands are for the most part, interoperable and interchangeable. The code instructions below will use (and heavily favor) `podman`.
## Creating the base image
@ -45,7 +48,7 @@ cp ./LibreChat/.env.example .env
This will add the env file to the top level directory that we will create the containers, allowing us to pass it easily as via the `--env-file` command argument.
Follow [this guide](https://docs.librechat.ai/install/free_ai_apis.html) to populate the containers with the correct env values for various apis. There are other env values of interest that might be worth changing, documented within the env itself. Afterwords, edit the following lines in the `.env` file.
Follow [this guide](../configuration/ai_setup.md) to populate the containers with the correct env values for various apis. There are other env values of interest that might be worth changing, documented within the env itself. Afterwords, edit the following lines in the `.env` file.
```
HOST=0.0.0.0

76
docs/install/docker_compose_install.md → docs/install/installation/docker_compose_install.md
View file

@ -1,8 +1,14 @@
---
title: 🐳 Docker Compose ✨(Recommended)
weight: -10
---
# Docker Compose Installation Guide
Docker Compose installation is recommended for most use cases. It's the easiest, simplest, and most reliable method to get started.
See the video guide for [Windows](windows_install.md#recommended) or [Ubuntu 22.04 LTS](linux_install.md#recommended)
If you prefer to watch a video, we have video guides for [Windows](./windows_install.md#recommended) and [Ubuntu 22.04 LTS](./linux_install.md#recommended)
## Installation and Configuration
### Preparation
@ -23,13 +29,13 @@ Before running LibreChat with Docker, you need to configure some settings:
- Provide all necessary credentials in the `.env` file before the next step.
- Docker will read this env file. See the `.env.example` file for reference.
#### [AI Setup](ai_setup.md) (Required)
#### [AI Setup](../configuration/ai_setup.md) (Required)
At least one AI endpoint should be setup for use.
#### [Manage Your MongoDB Database](../features/manage_your_database.md) (Optional)
#### [Manage Your MongoDB Database](../../features/manage_your_database.md) (Optional)
Safely access and manage your MongoDB database using Mongo Express
#### [User Authentication System Setup](../install/user_auth_system.md) (Optional)
#### [User Authentication System Setup](../configuration/user_auth_system.md) (Optional)
How to set up the user/auth system and Google login.
### Running LibreChat
@ -75,7 +81,23 @@ docker-compose up
### Config notes for docker-compose.yml file
Modification to the `docker-compose.yml` should be made with `docker-compose.override.yml` whenever possible to prevent conflicts when updating. You can create a new file named `docker-compose.override.yml` in the same directory as your main `docker-compose.yml` file for LibreChat, where you can set your .env variables as needed under `environment`, or modify the default configuration provided by the main `docker-compose.yml`, without the need to directly edit or duplicate the whole file.
For more info see:
- Our quick guide:
- **[Docker Override](../configuration/docker_override.md)**
- The official docker documentation:
- **[docker docs - understanding-multiple-compose-files](https://docs.docker.com/compose/multiple-compose-files/extends/#understanding-multiple-compose-files)**
- **[docker docs - merge-compose-files](https://docs.docker.com/compose/multiple-compose-files/merge/#merge-compose-files)**
- **[docker docs - specifying-multiple-compose-files](https://docs.docker.com/compose/reference/#specifying-multiple-compose-files)**
- You can also view an example of an override file for LibreChat in your LibreChat folder and on GitHub:
- **[docker-compose.override.example](https://github.com/danny-avila/LibreChat/blob/main/docker-compose.override.yaml.example)**
- Any environment variables set in your compose file will override variables with the same name in your .env file. Note that the following variables are necessary to include in the compose file so they work in the docker environment, so they are included for you.
```yaml
env_file:
- .env
@ -91,55 +113,27 @@ docker-compose up
environment:
- MEILI_HOST=http://meilisearch:7700
- MEILI_HTTP_ADDR=meilisearch:7700
```
- If you'd like to change the app title, edit the following lines (the ones in your .env file are not read during building)
```yaml
args:
APP_TITLE: LibreChat # default, change to your desired app name
```
- If for some reason you're not able to build the app image, you can pull the latest image from **Dockerhub**.
- Comment out the following lines (CTRL+/ on most IDEs, or put a `#` in front each line)
- Create a new file named `docker-compose.override.yml` in the same directory as your main `docker-compose.yml` with this content:
```yaml
image: node # Comment this & uncomment below to build from docker hub image
build:
context: .
target: node
args:
APP_TITLE: LibreChat # default, change to your desired app name
version: '3.4'
services:
api:
image: ghcr.io/danny-avila/librechat-dev:latest
```
- Comment this line in (remove the `#` key)
- Then use `docker-compose build` as you would normally
- **Note:** There are different Dockerhub images. the `librechat:latest` image is only updated with new release tags, so it may not have the latest changes to the main branch. To get the latest changes you can use `librechat-dev:latest` instead
```yaml
# image: ghcr.io/danny-avila/librechat:latest # Uncomment this & comment above to build from docker hub image
```
- **Note:** The latest Dockerhub image is only updated with new release tags, so it may not have the latest changes to the main branch
- You also can't edit the title or toggle google login off as shown above, as these variables are set during build time.
- If you are running APIs in other docker containers that you need access to, you will need to uncomment the following lines
```yaml
# extra_hosts: # if you are running APIs on docker you need access to, you will need to uncomment this line and next
# - "host.docker.internal:host-gateway"
```
- Usually, these are reverse proxies, which you can set as shown below under `environment:`
```yaml
environment:
- HOST=0.0.0.0
- MONGO_URI=mongodb://mongodb:27017/LibreChat
- CHATGPT_REVERSE_PROXY=http://host.docker.internal:8080/api/conversation # if you are hosting your own chatgpt reverse proxy with docker
- OPENAI_REVERSE_PROXY=http://host.docker.internal:8070/v1/chat/completions # if you are hosting your own chatgpt reverse proxy with docker
```
### **[LibreChat on Docker Hub](https://hub.docker.com/r/chatgptclone/app/tags)**
### **[Create a MongoDB database](mongodb.md)** (Not required if you'd like to use the local database installed by Docker)
### **[Create a MongoDB database](../configuration/mongodb.md)** (Not required if you'd like to use the local database installed by Docker)
---

11
docs/install/installation/index.md Normal file
View file

@ -0,0 +1,11 @@
---
title: Installation
weight: 1
---
# Installation
* 🐳 [Docker Compose (✨ Recommended)](docker_compose_install.md)
* 🦦 [Container (podman)](container_install.md)
* 🐧 [Linux](linux_install.md)
* 🍎 [Mac](mac_install.md)
* 🪟 [Windows](windows_install.md)

39
docs/install/linux_install.md → docs/install/installation/linux_install.md
View file

@ -1,3 +1,7 @@
---
title: 🐧 Linux
weight: 0
---
# Linux Installation Guide
## **Recommended:**
@ -32,13 +36,14 @@ Here are the steps to follow:
Note: If you run the command on the same computer and want to access it, navigate to `localhost:3080`. You should see a login page where you can create or sign in to your account. Then you can choose an AI model and start chatting.
- [Manage Your MongoDB Database (optional)](../features/manage_your_database.md)
- [Manage Your MongoDB Database (optional)](../../features/manage_your_database.md)
Safely access and manage your MongoDB database using Mongo Express
Have fun!
---
## **[Docker Install](docker_compose_install.md)** (General documentation)
> Note: See the [Docker Compose Install Guide](./docker_compose_install.md) for more details
- 👆 Docker Compose installation is recommended for most use cases. It's the easiest, simplest, and most reliable method to get started.
---
## **Manual Installation:**
@ -89,12 +94,12 @@ curl -fsSL https://deb.nodesource.com/setup_lts.x | sudo -E bash -
sudo apt-get install -y nodejs
```
## [Create a MongoDB database](mongodb.md) (Required)
## [Create a MongoDB database](../configuration/mongodb.md) (Required)
## [Setup your AI Endpoints](ai_setup.md) (Required)
## [Setup your AI Endpoints](../configuration/ai_setup.md) (Required)
- At least one AI endpoint should be setup for use.
## [User/Auth System](../install/user_auth_system.md) (Optional)
## [User/Auth System](../configuration/user_auth_system.md) (Optional)
- How to set up the user/auth system and Google login.
## Run the project
@ -137,28 +142,6 @@ If you're having issues running this command, you can try running what the scrip
Prefix commands with `sudo` according to your environment permissions.
### Docker
```bash
# Fetch the latest changes from Github
git fetch origin
# Switch to the repo's main branch
git checkout main
# Pull the latest changes to the main branch from Github
git pull origin main
# Prune all LibreChat Docker images
docker rmi librechat:latest
# Remove all unused dangling Docker images
docker image prune -f
# Building a new LibreChat image
docker-compose build
# Start LibreChat
docker-compose up
```
### Local (npm)
```bash
# Bash Terminal

16
docs/install/mac_install.md → docs/install/installation/mac_install.md
View file

@ -1,5 +1,11 @@
---
title: 🍎 Mac
weight: 0
---
# Mac Installation Guide
## **Recommended : [Docker Install](docker_compose_install.md)**
- 👆 Docker Compose installation is recommended for most use cases. It's the easiest, simplest, and most reliable method to get started.
---
@ -12,22 +18,22 @@
### Download LibreChat (Required)
- Open Terminal and clone the repository by running `git clone https://github.com/danny-avila/LibreChat.git`
- Change into the cloned directory by running `cd LibreChat`
- Create a .env file in the api directory by running `cp .env.example .env`
- Create a .env file by running `cp .env.example .env`
- Install dependencies by running: `npm ci`
- Build the client by running: `npm run frontend`
> You will only need to add your `MONGO_URI` (next step) for LibreChat to work. Make sure LibreChat works with the basic configuration first, you can always come back to the `.env` later for advanced configurations. See: [.env configuration](dotenv.md)
> You will only need to add your `MONGO_URI` (next step) for LibreChat to work. Make sure LibreChat works with the basic configuration first, you can always come back to the `.env` later for advanced configurations. See: [.env configuration](../configuration/dotenv.md)
### Create a MongoDB database (Required)
- [Create an online MongoDB database](mongodb.md) **or** Install MongoDB by running `brew tap mongodb/brew` and `brew install mongodb-community`
- [Create an online MongoDB database](../configuration/mongodb.md) **or** Install MongoDB by running `brew tap mongodb/brew` and `brew install mongodb-community`
- add your `MONGO_URI` in the .env file (use vscode or any text editor)
> Choose only one option, online or brew. Both have pros and cons
### [Setup your AI Endpoints](ai_setup.md) (Required)
### [Setup your AI Endpoints](../configuration/ai_setup.md) (Required)
- At least one AI endpoint should be setup for use.
### [User/Auth System](../install/user_auth_system.md) (Optional)
### [User/Auth System](../configuration/user_auth_system.md) (Optional)
- Set up the user/auth system and various social logins.
### **Download MeiliSearch for macOS (Optional):**

46
docs/install/windows_install.md → docs/install/installation/windows_install.md
View file

@ -1,3 +1,8 @@
---
title: 🪟 Windows
weight: 0
---
# Windows Installation Guide
## **Recommended:**
@ -31,26 +36,30 @@ In this video we're going to install LibreChat on Windows 11 using Docker and Gi
- `docker-compose up`
- Visit http://localhost:3080/ to access LibreChat. Create an account and start chatting.
- [Manage Your MongoDB Database (optional)](../features/manage_your_database.md)
- [Manage Your MongoDB Database (optional)](../../features/manage_your_database.md)
Safely access and manage your MongoDB database using Mongo Express
Have fun!
> Note: See the [Docker Compose Install Guide](./docker_compose_install.md) for more details
- 👆 Docker Compose installation is recommended for most use cases. It's the easiest, simplest, and most reliable method to get started.
---
## **Manual Installation**
- Install the prerequisites on your machine 👇
### Download and Install Node.js (Required)
- Navigate to https://nodejs.org/en/download and to download the latest Node.js version for your OS (The Node.js installer includes the NPM package manager.)
### Download and Install Git (Recommended)
- Git: https://git-scm.com/download/win
### [Create a MongoDB database](mongodb.md) (Required)
### [Setup your AI Endpoints](ai_setup.md) (Required)
### [Create a MongoDB database](../configuration/mongodb.md) (Required)
### [Setup your AI Endpoints](../configuration/ai_setup.md) (Required)
- At least one AI endpoint should be setup for use.
### Download LibreChat (Required)
@ -61,15 +70,14 @@ Have fun!
- **IMPORTANT : If you install the files somewhere else modify the instructions accordingly**
### Enable the Conversation search feature: (optional)
- Download MeiliSearch latest release from : https://github.com/meilisearch/meilisearch/releases
- Copy it to "C:/LibreChat/"
- Rename the file to "meilisearch.exe"
- Open it by double clicking on it
- Copy the generated Master Key and save it somewhere (You will need it later)
### [User/Auth System](../install/user_auth_system.md) (Optional)
### [User/Auth System](../configuration/user_auth_system.md) (Optional)
- How to set up the user/auth system and Google login.
## Setup and Run LibreChat
@ -109,28 +117,6 @@ Using the command line (in the root directory)
If you're having issues running this command, you can try running what the script does manually:
### Docker
```bash
# Fetch the latest changes from Github
git fetch origin
# Switch to the repo's main branch
git checkout main
# Pull the latest changes to the main branch from Github
git pull origin main
# Prune all LibreChat Docker images
docker rmi librechat:latest
# Remove all unused dangling Docker images
docker image prune -f
# Building a new LibreChat image
docker-compose build
# Start LibreChat
docker-compose up
```
### Local (npm)
```powershell
# Windows PowerShell terminal

262
docs/install/user_auth_system.md
View file

@ -1,262 +0,0 @@
# User/Auth System
>⚠️ Note: If you're having trouble, before creating a new issue, please search for similar ones on our [#issues thread on our discord](https://discord.gg/weqZFtD9C4) or our [troubleshooting discussion](https://github.com/danny-avila/LibreChat/discussions/categories/troubleshooting) on our Discussions page. If you don't find a relevant issue, feel free to create a new one and provide as much detail as possible.
## **First Time Setup**
In order for the auth system to function properly, there are some environment variables that are needed. Note that this information is also included in the [/.env.example](/.env.example) file.
In /.env, you will need to set the following variables:
```bash
# Change the secrets to a secure, random string
JWT_SECRET=secret
JWT_REFRESH_SECRET=refresh_secret
# Set the expiration delay for the secure cookie with the JWT token
# Delay is in milliseconds e.g. 7 days is 1000*60*60*24*7
# Recommended session expiry is 15 minutes. Make it longer if you want the user to be able to revist the page without logging in for a longer duration of time.
# Recommended refresh token expiry is 7 days
SESSION_EXPIRY=1000 * 60 * 15
REFRESH_TOKEN_EXPIRY=(1000 * 60 * 60 * 24) * 7
DOMAIN_SERVER=http://localhost:3080
DOMAIN_CLIENT=http://localhost:3080
```
## Automated Moderation System (optional)
The Automated Moderation System uses a scoring mechanism to track user violations. As users commit actions like excessive logins, registrations, or messaging, they accumulate violation scores. Upon reaching a set threshold, the user and their IP are temporarily banned. This system ensures platform security by monitoring and penalizing rapid or suspicious activities.
To set up the mod system, review [the setup guide](../features/mod_system.md).
*Please Note: If you are wanting this to work in development mode, you will need to create a file called `.env.development` in the root directory and set `DOMAIN_CLIENT` to `http://localhost:3090` or whatever port is provided by vite when runnning `npm run frontend-dev`*
Important: When you run the app for the first time, you need to create a new account by clicking on "Sign up" on the login page. The first account you make will be the admin account. The admin account doesn't have any special features right now, but it might be useful if you want to make an admin dashboard to manage other users later.
⚠️ **__For the first time, you should use a local account (email and password) to sign up and log in.__**
---
## **OAuth2/Social Login**
## Before enabling Social Authentication, set ALLOW_SOCIAL_LOGIN=true in the .env file
## Google Authentication
To enable Google login, you must create an application in the [Google Cloud Console](https://cloud.google.com) and provide the client ID and client secret in the `/.env` file.
1. Go to "APIs and Services" in your Google Cloud account and click on "Credentials".
2. Click on "Configure consent screen" and select "External" as the user type.
3. Add "profile", "email" and "openid" as the scopes for your app. These are the first three checkboxes when you click on "Add or remove scopes".
4. Click on "Save and continue" and then "Back to dashboard".
5. Click on "Create Credentials" and then "OAuth client ID".
6. Select "Web application" as the application type and give it a name.
7. Add `https://yourdomain`, `http://localhost:3080` and `http://localhost:3090` to the authorized JavaScript origins.
8. Add `https://your-domain/oauth/google/callback` to the authorized redirect URIs. (if you use localhost then use this `http://localhost:3080/oauth/google/callback`)
9. Click on "Create" and copy your client ID and client secret.
10. Paste them into your `/.env` file.
11. Enable the feature in the `/.env` file
---
## Facebook Authentication
### (It only works with a domain, not with localhost)
1. Go to the [Facebook Developer Portal](https://developers.facebook.com/).
2. Create a new application and select "Authenticate and request data from users with Facebook Login."
3. Choose "No, I'm not creating a game" and provide a name for your application.
4. In the Dashboard tab, go to "Use cases" and click "Customize" under "Authentication and account creation." Add the email permission by clicking "add" under email's permission.
5. In the settings section, click "go to settings." Ensure that "Client OAuth login," "Web OAuth login," and "Enforce HTTPS" are **enabled**.
6. Add `your-domain/oauth/facebook/callback` to the Valid OAuth Redirect URIs (e.g., https://example.com/oauth/facebook/callback).
7. Save changes. In the "App settings" tab, click "show" next to the App secret.
8. Copy the Client ID and Client Secret and paste them into the .env file as follows: (`App ID=Client ID` & `App secret=Client Secret`)
```bash
FACEBOOK_CLIENT_ID=your_client_id
FACEBOOK_CLIENT_SECRET=your_client_secret
FACEBOOK_CALLBACK_URL=/oauth/facebook/callback # this should be the same for everyone
```
9. Save the .env file.
Make sure to replace "your_client_id" and "your_client_secret" with the actual values from your Facebook Developer Portal
---
## OpenID Authentication with Azure AD
1. Go to the [Azure Portal](https://portal.azure.com/) and sign in with your account.
2. In the search box, type "Azure Active Directory" and click on it.
3. On the left menu, click on App registrations and then on New registration.
4. Give your app a name and select Web as the platform type.
5. In the Redirect URI field, enter `http://localhost:3080/oauth/openid/callback` and click on Register.
6. You will see an Overview page with some information about your app. Copy the Application (client) ID and the Directory (tenant) ID and save them somewhere.
7. On the left menu, click on Authentication and check the boxes for Access tokens and ID tokens under Implicit grant and hybrid flows.
8. On the left menu, click on Certificates & Secrets and then on New client secret. Give your secret a name and an expiration date and click on Add.
9. You will see a Value column with your secret. Copy it and save it somewhere. Don't share it with anyone!
10. Open the .env file in your project folder and add the following variables with the values you copied:
```
OPENID_CLIENT_ID=Your Application (client) ID
OPENID_CLIENT_SECRET=Your client secret
OPENID_ISSUER=https://login.microsoftonline.com/Your Directory (tenant ID)/v2.0/
OPENID_SESSION_SECRET=Any random string
OPENID_SCOPE=openid profile email #DO NOT CHANGE THIS
OPENID_CALLBACK_URL=/oauth/openid/callback # this should be the same for everyone
```
11. Save the .env file and you're done! You have successfully set up OpenID authentication with Azure AD for your app.
## OpenID Authentication with AWS Cognito
1. Create a new User Pool in Cognito:
1. Ensure your Cognito user pool sign-in options include `User Name` and `Email`.
2. Ensure that `given_name` and `family_name` are required attributes.
3. Add an initial app client:
1. Set the app type to `Confidential client`
2. Select `Use Cognitio Hosted UI` and chose a domain name
3. Make sure `Generate a client secret` is set.
4. Set the `Allowed callback URLs` to `https://YOUR_DOMAIN/oauth/openid/callback`
5. Under advanced settings make sure `Profile` is included in the `OpenID Connect scopes`
2. Open your User Pool
3. Go to the `App Integrations` tab
4. Open the app client we created above.
5. Use the `User Pool ID`and your AWS region to construct the OPENID_ISSUER (see below)
6. Toggle `Show Client Secret`
6. Use the `Client ID` for `OPENID_CLIENT_ID`
7. Use the `Client secret` for `OPENID_CLIENT_SECRET`
8. Open the .env file in your project folder and add the following variables with the values you copied:
```
OPENID_CLIENT_ID=Your client ID
OPENID_CLIENT_SECRET=Your client secret
OPENID_ISSUER=https://cognito-idp.[AWS REGION].amazonaws.com/[USER POOL ID]/.well-known/openid-configuration
OPENID_SESSION_SECRET=Any random string
OPENID_SCOPE=openid profile email
OPENID_CALLBACK_URL=/oauth/openid/callback
```
9. Save the .env file and you're done! You have successfully set up OpenID authentication with Cognito for your app.
---
## GitHub Authentication
1. Go to your [Github Developer settings](https://github.com/settings/apps)
2. Create a new Github app
3. Give it a GitHub App name and set in the Homepage URL "your-domain") (example: http://localhost:3080)
4. Add a callback URL and set it as "your-domain/oauth/github/callback" (example: http://localhost:3080/oauth/github/callback)
5. Remove the Active checkbox in the Webhook section
6. Save changes and generate a Client Secret
7. In the Permissions & events tab select, open the Account Permissions and set Email addresses to Read-only
8. Put the Client ID and Client Secret in the .env file:
```
GITHUB_CLIENT_ID=your_client_id
GITHUB_CLIENT_SECRET=your_client_secret
GITHUB_CALLBACK_URL=/oauth/github/callback # this should be the same for everyone
```
9. Save the .env file
---
## Discord Authentication
1. Go to [Discord Developer Portal](https://discord.com/developers)
2. Create a new Application and give it a name
4. In the OAuth2 general settings add a redirect URL and set it as "your-domain/oauth/discord/callback" (example: http://localhost:3080/oauth/discord/callback)
5. in the Default Authorization Link set applications.commands
6. Save changes and reset the Client Secret
7. Put the Client ID and Client Secret in the .env file:
```
DISCORD_CLIENT_ID=your_client_id
DISCORD_CLIENT_SECRET=your_client_secret
DISCORD_CALLBACK_URL=/oauth/discord/callback # this should be the same for everyone
```
8. Save the .env file
---
## **Email and Password Reset**
### General setup
in the .env file modify these variables:
```
EMAIL_SERVICE= # eg. gmail - see https://community.nodemailer.com/2-0-0-beta/setup-smtp/well-known-services/
EMAIL_HOST= # eg. example.com - if EMAIL_SERVICE is not set, connect to this server.
EMAIL_PORT=25 # eg. 25 - mail server port to connect to with EMAIL_HOST (usually 25, 465, 587)
EMAIL_ENCRYPTION= # eg. starttls - valid values: starttls (force STARTTLS), tls (obligatory TLS), anything else (use STARTTLS if available)
EMAIL_ENCRYPTION_HOSTNAME= # eg. example.com - check the name in the certificate against this instead of EMAIL_HOST
EMAIL_ALLOW_SELFSIGNED= # eg. true - valid values: true (allow self-signed), anything else (disallow self-signed)
EMAIL_USERNAME= # eg. me@gmail.com - the username used for authentication. For consumer services, this MUST usually match EMAIL_FROM.
EMAIL_PASSWORD= # eg. password - the password used for authentication
EMAIL_FROM_NAME= # eg. LibreChat - the human-readable address in the From is constructed as "EMAIL_FROM_NAME <EMAIL_FROM>". Defaults to APP_TITLE.
```
If you want to use one of the predefined services, configure only these variables:
EMAIL\_SERVICE is the name of the email service you are using (Gmail, Outlook, Yahoo Mail, ProtonMail, iCloud Mail, etc.) as defined in the NodeMailer well-known services linked above.
EMAIL\_USERNAME is the username of the email service (usually, it will be the email address, but in some cases, it can be an actual username used to access the account).
EMAIL\_PASSWORD is the password used to access the email service. This is not the password to access the email account directly, but a password specifically generated for this service.
EMAIL\_FROM is the email address that will appear in the "from" field when a user receives an email.
EMAIL\_FROM\_NAME is the name that will appear in the "from" field when a user receives an email. If left unset, it defaults to the app title.
If you want to use a generic SMTP service or need advanced configuration for one of the predefined providers, configure these variables:
EMAIL\_HOST is the hostname to connect to, or an IP address.
EMAIL\_PORT is the port to connect to. Be aware that different ports usually come with different requirements - 25 is for mailserver-to-mailserver, 465 requires encryption at the start of the connection, and 587 allows submission of mail as a user.
EMAIL\_ENCRYPTION defines if encryption is required at the start (`tls`) or started after the connection is set up (`starttls`). If either of these values are set, they are enforced. If they are not set, an encrypted connection is started if available.
EMAIL\_ENCRYPTION\_HOSTNAME allows specification of a hostname against which the certificate is validated. Use this if the mail server does have a valid certificate, but you are connecting with an IP or a different name for some reason.
EMAIL\_ALLOW\_SELFSIGNED defines whether self-signed certificates can be accepted from the server. As the mails being sent contain sensitive information, ONLY use this for testing.
NOTE: ⚠️ **Failing to perform either of the below setups will result in LibreChat using the unsecured password reset! This allows anyone to reset any password on your server immediately, without mail being sent at all!** The variable EMAIL\_FROM does not support all email providers **but is still required**. To stay updated, check the bug fixes [here](https://github.com/danny-avila/LibreChat/tags).
### Setup with Gmail
1. Create a Google Account and enable 2-step verification.
2. In the [Google Account settings](https://myaccount.google.com/), click on the "Security" tab and open "2-step verification."
3. Scroll down and open "App passwords." Choose "Mail" for the app and select "Other" for the device, then give it a random name.
4. Click on "Generate" to create a password, and copy the generated password.
5. In the .env file, modify the variables as follows:
```
EMAIL_SERVICE=gmail
EMAIL_USERNAME=your-email
EMAIL_PASSWORD=your-app-password
EMAIL_FROM=email address for the from field, e.g., noreply@librechat.ai
EMAIL_FROM_NAME="My LibreChat Server"
```
### Setup with custom mail server
1. Gather your SMTP login data from your provider. The steps are different for each, but they will usually list values for all variables.
2. In the .env file, modify the variables as follows, assuming some sensible example values:
```
EMAIL_HOST=mail.example.com
EMAIL_PORT=587
EMAIL_ENCRYPTION=starttls
EMAIL_USERNAME=your-email
EMAIL_PASSWORD=your-app-password
EMAIL_FROM=email address for the from field, e.g., noreply@librechat.ai
EMAIL_FROM_NAME="My LibreChat Server"
```
## **Disable User Registration**
To disable or re-enable registration, open up the root `.env` file and set `ALLOW_REGISTRATION=true` or `ALLOW_REGISTRATION=false` depending on if you want registration open or closed.
To disable or re-enable social registration, open up the root `.env` file and set `ALLOW_SOCIAL_REGISTRATION=true` or `ALLOW_SOCIAL_REGISTRATION=false` depending on if you want social registration open or closed.
**NOTE: OpenID does not support the ability to disable only registration.**
### ⚠️***Warning***
If you previously implemented your own user system using the original scaffolding that was provided, you will no longer see conversations and presets by switching to the new user system. This is because of a design flaw in the scaffolding implementation that was problematic for the inclusion of social login.
### For user updating from an older version of the app:
When the first account is registered, the application will automatically migrate any conversations and presets that you created before the user system was implemented to that account.
if you use login for the first time with a social login account (eg. Google, facebook, etc.), the conversations and presets that you created before the user system was implemented will NOT be migrated to that account.
## **Manual User Registration**
You can use `npm run create-user` to create a user. If you can't get npm to work, try `sudo docker exec -ti LibreChat sh` first to "ssh" into the container.