Add the optional web UI to your install. One prompt at install time, or three lines of .env on an existing stack.
The web UI ships as a separate prebuilt image (ghcr.io/nordalf/eddytor-ce-ui) behind the ui compose profile. The installer asks whether to include it on a fresh install — answer Y and it serves at http://localhost:3000.
EDDYTOR_WITH_UI=true sh -c "$(curl -fsSL https://get.eddytor.com)" # re-run installerOr by hand — enabling the UI is three lines in .env:
COMPOSE_PROFILES=ui
EDDYTOR_UI_VERSION=<published ui tag> # from get.eddytor.com/ui/VERSION
EDDYTOR__SERVER__WEB_REDIRECT_URIS=http://localhost:3000/auth/callbackThen docker compose pull && docker compose up -d.
It registers the UI origin as an OAuth redirect_uri on the server — without it sign-in fails with redirect_uri does not match any registered URI. It's an env override: it replaces any web_redirect_uris in config.toml, so add further URIs to that line, comma-separated.
No CORS changes are needed: the browser only talks to the UI's own origin, and a same-origin proxy inside the UI forwards to the server over the compose network.
On a real domain the UI is a second public origin with its own knobs in .env:
| Variable | Meaning |
|---|---|
EDDYTOR_UI_ORIGIN | The UI's public origin (e.g. https://ui.example.com). Also update EDDYTOR__SERVER__WEB_REDIRECT_URIS to ${EDDYTOR_UI_ORIGIN}/auth/callback. |
EDDYTOR_UI_API_BASE_URL | Backend origin the browser is redirected to for OAuth login — your public server URL, not the compose service name. |
EDDYTOR_UI_COOKIE_DOMAIN | Auth cookie domain. Empty (default) = host-only, correct for separate origins. |
Terminate TLS for the UI origin at your edge proxy exactly like the API — the UI container serves plaintext on :3000. Disable the UI again by removing the COMPOSE_PROFILES line and running docker compose up -d --remove-orphans.
Can't find it? Ask support and a human will answer, usually within a few hours.