Skip to content
Q
QuoteNode

Setup

Configuration

Configure your QuoteNode instance — branding, email, security, currencies, and more.

Configuration

QuoteNode is configured through environment variables (for infrastructure) and the administrative panel (for business settings).

Environment Variables

Core Settings

  • DB_URL — PostgreSQL connection string (e.g., jdbc:postgresql://postgres:5432/quotenode)
  • DB_ENCRYPTION_KEY — application encryption key used for sensitive data, including encrypted SMTP credentials stored in tenant settings
  • TIMING_TOKEN_SECRET — HMAC secret for timing-token protection
  • PUBLIC_LINK_PASSWORD_SESSION_SECRET — session secret for password-protected public links
  • CORS_ALLOWED_ORIGINS — allowed browser origins for API access
  • DOMAIN — public hostname when using the built-in Caddy proxy

Email (SMTP)

QuoteNode supports two SMTP configuration models:

  • Preferred for secret hygiene: configure SMTP in Settings > Email SMTP after the first admin login.
  • Infrastructure fallback: configure the default Spring mail sender through environment variables.

In the current backend implementation, tenant SMTP settings entered in the admin panel are stored in tenant_settings, and the password is encrypted before it is saved. When tenant SMTP host settings exist, QuoteNode uses them in preference to the default env-based mail sender. If tenant SMTP is not configured, the application falls back to the environment-based sender.

Use environment variables when you need fully preprovisioned email before the first login, when you manage secrets centrally outside the app, or when you want one immutable SMTP configuration for the entire instance.

If you keep SMTP in the admin panel, remember that the encrypted password still depends on DB_ENCRYPTION_KEY for decryption and disaster recovery.

Infrastructure-level SMTP variables:

  • SMTP_HOST — SMTP server hostname
  • SMTP_PORT — SMTP port (typically 587 for TLS)
  • SMTP_USERNAME — SMTP authentication username
  • SMTP_PASSWORD — SMTP authentication password
  • SMTP_AUTH — enable SMTP authentication (true / false)
  • SMTP_STARTTLS — enable STARTTLS (true / false)

Security

  • AUTH_SESSION_IDLE_TIMEOUT_MIN — session idle timeout in minutes
  • SECURITY_MAX_FAILED_LOGINS_SOFT — failed login threshold before progressive soft defense
  • SECURITY_MAX_FAILED_LOGINS_TEMP_LOCK — failed login threshold before temporary lockout
  • SECURITY_TEMP_LOCK_MINUTES — temporary lockout duration
  • ENCRYPT_PII — Enable column-level AES-256-GCM encryption for personally identifiable information in the database (true / false, default: false). When enabled, customer names, emails, phone numbers, and tax IDs are encrypted at rest. Requires DB_ENCRYPTION_KEY. See Security for details and trade-offs.

Administrative Panel

Once logged in as an administrator, navigate to Settings to configure:

Company & Branding

  • Company name — displayed on offers, PDFs, and emails
  • Logo — PNG or SVG, used in offer headers, PDFs, and the public offer page
  • Primary color and accent color — applied to offers, PDFs, and the public page
  • Company address, phone, email — displayed in offer footers and trading conditions
  • Registration details — NIP, KRS, court of registration (displayed in PDF footer)

Offer Defaults

  • Default validity period — how many days new offers are valid (default: 30)
  • Default price mode — NET, GROSS, or NET+VAT+GROSS
  • Default currency — base currency for new offers
  • Trading terms — payment conditions, warranty terms, delivery terms (pre-filled in every new offer)

Currencies & FX

  • Enabled currencies — which currencies are available for offers
  • FX rate source — manual entry or automatic (NBP/ECB integration planned)
  • Base currency — used for pipeline reports and multi-currency conversion

VAT Configuration

  • VAT groups — define available VAT rates (23%, 8%, 5%, 0%, exempt)
  • Default VAT group — applied to new products and custom line items

Notifications

Per-user notification preferences for each event type:

  • Channels: In-app, email, or both
  • Frequency: Immediate, daily digest, or disabled
  • Events: Offer opened, accepted, rejected, replied, expiring, PDF ready

Email SMTP

Administrators can configure SMTP directly in the application:

  • Host, port, username, and password
  • Sender name and sender email
  • Reply-to address
  • SMTP auth / STARTTLS toggles
  • Work without email mode when the team sends messages outside QuoteNode
  • Connection test before saving

If a password is already stored, the UI keeps it masked and allows replacing it or clearing it explicitly.

Users & Roles

  • Admin — full access to all settings and data
  • Manager — can view all offers and reports, manage team
  • Salesperson — can manage own customers and offers
  • Viewer — read-only access to assigned data

Onboarding Wizard

On first login, the admin is guided through a step-by-step setup wizard that covers company details, logo upload, SMTP configuration, and initial user creation. This wizard can be re-accessed from the settings panel.

Last reviewed: Recently