Installing using Docker¶

With dockerized Weblate deployment you can get your personal Weblate instance up and running in seconds. All of Weblate’s dependencies are already included. PostgreSQL is set up as the default database and Valkey as a caching backend.

Domosdoshmëri hardware¶

Weblate should run on any contemporary hardware without problems, the following is the minimal configuration required to run Weblate on a single host (Weblate, database and web server):

3 GB of RAM
2 CPU cores
1 GB of storage space

Shënim

Actual requirements for your installation of Weblate vary heavily based on the size of the translations managed in it.

Memory usage¶

The more memory the better - it is used for caching on all levels (file system, database and Weblate). For hundreds of translation components, at least 4 GB of RAM is recommended.

Ndihmëz

For systems with less memory than recommended, Single-process Celery setup is recommended.

CPU usage¶

Many concurrent users increase the amount of needed CPU cores.

Storage usage¶

The typical database storage usage is around 300 MB per 1 million hosted words.

Storage space needed for cloned repositories varies, but Weblate tries to keep their size minimal by doing shallow clones.

Nodes¶

For small and medium-sized sites (millions of hosted words), all Weblate components (see Architecture overview) can be run on a single node.

When you grow to hundreds of millions of hosted words, it is recommended to have a dedicated node for database (see Ujdisje baze të dhënash për Weblate).

Instalim¶

Ndihmëz

The following examples assume you have a working Docker environment, with docker-compose-plugin installed. Please check the Docker documentation for instructions.

This creates a Weblate deployment server via HTTP, so you should place it behind HTTPS terminating proxy. You can also deploy with a HTTPS proxy, see Automatic SSL certificates using Let’s Encrypt. For larger setups, please see Scaling horizontally.

Clone the weblate-docker repo:

git clone https://github.com/WeblateOrg/docker-compose.git weblate-docker
cd weblate-docker

Create a docker-compose.override.yml file with your settings. See Ndryshore mjedisi Docker for full list of environment variables.

services:
  weblate:
    image: weblate/weblate:latest
    environment:
      WEBLATE_EMAIL_HOST: smtp.example.com
      WEBLATE_EMAIL_HOST_USER: user
      WEBLATE_EMAIL_HOST_PASSWORD: pass
      WEBLATE_SERVER_EMAIL: weblate@example.com
      WEBLATE_DEFAULT_FROM_EMAIL: weblate@example.com
      WEBLATE_SITE_DOMAIN: weblate.example.com
      WEBLATE_ADMIN_PASSWORD: password for the admin user
      WEBLATE_ADMIN_EMAIL: weblate.admin@example.com
    ports:
    - 80:8080

Shënim

If WEBLATE_ADMIN_PASSWORD is not set, the admin user is created with a random password shown on first startup.

The provided example makes Weblate listen on port 80, edit the port mapping in the docker-compose.override.yml file to change it.

Start Weblate containers:
```
docker compose up
```

Enjoy your Weblate deployment, it’s accessible on port 80 of the weblate container.

Shihni edhe

Invoking management commands

Choosing Docker image registry¶

Weblate containers are published to following registries:

Docker Hub, see https://hub.docker.com/r/weblate/weblate
GitHub Packages registry, see https://github.com/WeblateOrg/docker/pkgs/container/weblate

Shënim

All examples currently fetch images from Docker Hub, please adjust the configuration accordingly to use a different registry.

Choosing Docker image tag¶

Please choose a tag that matches your environment and expectations:

Tag name	Përshkrim	Use case
`latest`	Weblate stable release, matches latest tagged release	Rolling updates in a production environment
`<YEAR>`	Weblate stable release	Rolling updates within a calendar year in a production environment
`<YEAR>.<MONTH>`	Weblate stable release	Rolling updates within a monthly release in a production environment
`<YEAR>.<MONTH>.<PATCH>.<BUILD>`	Weblate stable release	Well defined deploy in a production environment
`edge`	Weblate stable release with development changes in the Docker container (for example updated dependencies)	Rolling updates in a staging environment
`edge-<DATE>-<SHA>`	Weblate stable release with development changes in the Docker container (for example updated dependencies)	Well defined deploy in a staging environment
`bleeding`	Development version Weblate from Git	Rolling updates to test upcoming Weblate features
`bleeding-<DATE>-<SHA>`	Development version Weblate from Git	Well defined deploy to test upcoming Weblate features

Every image is tested by our CI before it gets published, so even the bleeding version should be quite safe to use.

Full list of published tags can be found at GitHub Packages

Docker container with HTTPS support¶

Please see Instalim for generic deployment instructions, this section only mentions differences compared to it.

SSL terminating proxy¶

SSL can be terminated outside Weblate container. To make this work well together, several headers need to be passed to the container so that it is aware of its actual environment. In more detail, these headers are described in Running behind reverse proxy.

Example nginx reverse proxy configuration for a Docker container.¶

location / {
    proxy_pass http://127.0.0.1:8080;
    proxy_read_timeout 3600s;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $server_name;
}

Docker container environment for external SSL termination.¶

WEBLATE_ENABLE_HTTPS=1
WEBLATE_IP_PROXY_HEADER=HTTP_X_FORWARDED_FOR

Using own SSL certificates¶

In case you have own SSL certificate you want to use, simply place the files into the Weblate data volume (see Docker container volumes):

ssl/fullchain.pem containing the certificate including any needed CA certificates
ssl/privkey.pem containing the private key

Both of these files must be owned by the same user as the one starting the docker container and have file mask set to 600 (readable and writable only by the owning user).

Additionally, Weblate container will now accept SSL connections on port 4443, you will want to include the port forwarding for HTTPS in docker compose override:

version: '3'
services:
  weblate:
    ports:
      - 80:8080
      - 443:4443

If you already host other sites on the same server, it is likely ports 80 and 443 are used by a reverse proxy, such as NGINX. To pass the HTTPS connection from NGINX to the docker container, you can use the following configuration:

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name <SITE_URL>;
    ssl_certificate /etc/letsencrypt/live/<SITE>/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/<SITE>/privkey.pem;

    location / {
            proxy_set_header HOST $host;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $server_name;
            proxy_pass https://127.0.0.1:<EXPOSED_DOCKER_PORT>;
    }
}

Replace <SITE_URL>, <SITE> and <EXPOSED_DOCKER_PORT> with actual values from your environment.

Automatic SSL certificates using Let’s Encrypt¶

In case you want to use Let’s Encrypt automatically generated SSL certificates on public installation, you need to add a reverse HTTPS proxy an additional Docker container, https-portal will be used for that. This is made use of in the docker-compose-https.yml file. Then create a docker-compose-https.override.yml file with your settings:

version: '3'
services:
  weblate:
    environment:
      WEBLATE_EMAIL_HOST: smtp.example.com
      WEBLATE_EMAIL_HOST_USER: user
      WEBLATE_EMAIL_HOST_PASSWORD: pass
      WEBLATE_SITE_DOMAIN: weblate.example.com
      WEBLATE_ADMIN_PASSWORD: password for admin user
  https-portal:
    environment:
      DOMAINS: 'weblate.example.com -> http://weblate:8080'

Whenever invoking docker compose you need to pass both files to it, and then do:

docker compose -f docker-compose-https.yml -f docker-compose-https.override.yml build
docker compose -f docker-compose-https.yml -f docker-compose-https.override.yml up

Upgrading the Docker container¶

Usually it is good idea to only update the Weblate container and keep the PostgreSQL container at the version you have, as upgrading PostgreSQL is quite painful and in most cases does not bring many benefits.

You can do this by sticking with the existing docker-compose and just pull the latest images and then restart:

# Fetch latest versions of the images
docker compose pull
# Stop and destroy the containers
docker compose down
# Spawn new containers in the background
docker compose up -d
# Follow the logs during upgrade
docker compose logs -f

The Weblate database should be automatically migrated on first startup, and there should be no need for additional manual actions.

Shënim

Direct upgrades are only supported for releases from the current or previous calendar year. If you need to upgrade from an older release, upgrade first to an intermediate version listed in Version-specific instructions.

You might also want to update the docker-compose repository, though it’s not needed in most case. See Upgrading PostgreSQL container for upgrading the PostgreSQL server.

Upgrading PostgreSQL container¶

Shënim

PostgreSQL 18 changed the default data directory inside the container. A common older setup mounted the database volume at /var/lib/postgresql/data, while PostgreSQL 18 now uses /var/lib/postgresql by default.

If you are upgrading from an older version, either update the mount target in your Docker configuration to the new path, or keep the old mount target and set PGDATA accordingly.

Leaving the old mount target unchanged without setting PGDATA can cause PostgreSQL to write its data outside the persisted volume.

See PGDATA documentation for more information.

PostgreSQL containers do not support automatic upgrading between version, you need to perform the upgrade manually. Following steps show one of the options of upgrading.

Shihni edhe

https://github.com/docker-library/postgres/issues/37

Stop Weblate container:
```
docker compose stop weblate cache
```

Kopjeruani bazën e të dhënave:

docker compose exec database pg_dumpall --clean --if-exists --username weblate > backup.sql

Ndale kontejnerin e bazës së të dhënave:
```
docker compose stop database
```
Hiqe vëllimin PostgreSQL:
```
docker compose rm -v database
docker volume remove weblate-docker_postgres-data
```
Ndihmëz

The volume name contains name of the Docker Compose project, which is by default the directory name what is weblate-docker in this documentation.
Adjust docker-compose.yml to use new PostgreSQL version.
Start the database container:
```
docker compose up -d database
```

Restore the database from the backup:

cat backup.sql | docker compose exec -T database psql --username weblate --dbname weblate

Ndihmëz

Please check that the database name matches POSTGRES_DB.

(Optional) Update password for the Weblate user. This might be needed when migrating to PostgreSQL 14 or 15 as way of storing passwords has been changed:
```
docker compose exec -T database psql --username weblate --dbname weblate -c "ALTER USER weblate WITH PASSWORD 'weblate'"
```
Ndihmëz

Please check that the database name matches POSTGRES_DB.
Vër në punë krejt kontejnerët e mbetur:
```
docker compose up -d
```

Admin sign in¶

After container setup, you can sign in as admin user with password provided in WEBLATE_ADMIN_PASSWORD, or a random password generated on first start if that was not set.

To reset admin password, restart the container with WEBLATE_ADMIN_PASSWORD set to new password.

Shihni edhe

WEBLATE_ADMIN_PASSWORD
WEBLATE_ADMIN_NAME
WEBLATE_ADMIN_EMAIL

Number of processes and memory consumption¶

The number of worker processes for both WSGI and Celery is determined automatically based on number of CPUs. This works well for most cloud virtual machines as these typically have few CPUs and good amount of memory.

In case you have a lot of CPU cores and hit out of memory issues, try reducing number of workers:

environment:
  WEBLATE_WORKERS: 2

You can also fine-tune individual worker categories:

environment:
  WEB_WORKERS: 4
  CELERY_MAIN_OPTIONS: --concurrency 2
  CELERY_NOTIFY_OPTIONS: --concurrency 1
  CELERY_TRANSLATE_OPTIONS: --concurrency 1

Memory usage can be further reduced by running only a single Celery process:

environment:
  CELERY_SINGLE_PROCESS: 1

Shihni edhe

WEBLATE_WORKERS
CELERY_MAIN_OPTIONS
CELERY_NOTIFY_OPTIONS
CELERY_MEMORY_OPTIONS
CELERY_TRANSLATE_OPTIONS
CELERY_BACKUP_OPTIONS
CELERY_BEAT_OPTIONS
CELERY_SINGLE_PROCESS
WEB_WORKERS

Scaling horizontally¶

Shtuar në versionin 4.6.

You can run multiple Weblate containers to scale the service horizontally. The /app/data volume has to be shared by all containers, it is recommended to use cluster filesystem such as GlusterFS for this. The /app/cache volume should be separate for each container.

Each Weblate container has defined role using WEBLATE_SERVICE environment variable. Please follow carefully the documentation as some of the services should be running just once in the cluster, and the order of the services matters as well.

You can find example setup in the docker-compose repo as docker-compose-split.yml.

Ndryshore mjedisi Docker¶

Many of Weblate’s Formësim can be set in the Docker container using the environment variables described below.

If you need to define a setting not exposed through Docker environment variables, see Configuration beyond environment variables.

Passing secrets¶

Shtuar në versionin 5.0.

Weblate container supports passing secrets as files. To utilize that, append _FILE suffix to the environment variable and pass secret file via Docker.

Related docker-compose.yml might look like:

services:
   weblate:
      environment:
         POSTGRES_PASSWORD_FILE: /run/secrets/db_password
      secrets:
         - db_password
   database:
      environment:
         POSTGRES_PASSWORD_FILE: /run/secrets/db_password
      secrets:
         - db_password


secrets:
   db_password:
     file: db_password.txt

Shihni edhe

How to use secrets in Docker Compose

Rregullime të përgjithshme¶

WEBLATE_DEBUG¶

Configures Django debug mode using DEBUG.

Example:

environment:
  WEBLATE_DEBUG: 1

Shihni edhe

Disable debug mode

WEBLATE_LOGLEVEL¶

Configures the logging verbosity. Set this to DEBUG to get more detailed logs.

Defaults to INFO when WEBLATE_DEBUG is turned off, DEBUG is used when debug mode is turned on.

For more silent logging use ERROR or WARNING.

WEBLATE_LOGLEVEL_DATABASE¶: Configures the logging of the database queries verbosity.

WEBLATE_LOG_GELF_HOST¶: Shtuar në versionin 5.9.

Configures remote logging using GELF TCP connection. Can be used to integrate with Graylog.

WEBLATE_LOG_GELF_PORT¶: Shtuar në versionin 5.9.

Use custom port for WEBLATE_LOG_GELF_HOST, defaults to 12201.

WEBLATE_SITE_TITLE¶: Changes the site-title shown in the header of all pages.

WEBLATE_SITE_DOMAIN¶

Configures the site domain. This parameter is required.

Include port if using a non-standard one.

Example:

environment:
  WEBLATE_SITE_DOMAIN: example.com:8080

Shihni edhe

WEBLATE_ADMIN_NAME¶

WEBLATE_ADMIN_EMAIL¶

Configures the site-admin’s name and e-mail. It is used for both ADMINS setting and creating admin user (see WEBLATE_ADMIN_PASSWORD for more info on that).

Example:

environment:
  WEBLATE_ADMIN_NAME: Weblate admin
  WEBLATE_ADMIN_EMAIL: noreply@example.com

Shihni edhe

WEBLATE_ADMIN_PASSWORD¶

Sets the password for the admin user.

If not set and admin user does not exist, it is created with a random password shown on first container startup.
If not set and admin user exists, no action is performed.
If set the admin user is adjusted on every container startup to match WEBLATE_ADMIN_PASSWORD, WEBLATE_ADMIN_NAME and WEBLATE_ADMIN_EMAIL.

Sinjalizim

It might be a security risk to store password in the configuration file. Consider using this variable only for initial setup (or let Weblate generate random password on initial startup) or for password recovery.

Shihni edhe

Admin sign in
Passing secrets
WEBLATE_ADMIN_PASSWORD
WEBLATE_ADMIN_NAME
WEBLATE_ADMIN_EMAIL

WEBLATE_ADMIN_NOTIFY_ERROR¶

Whether to send e-mail to admins upon server error. Turned on by default.

You might want to use other error collection like Sentry or Rollbar and turn this off.

Shihni edhe

WEBLATE_SERVER_EMAIL¶

The email address that error messages are sent from.

Shihni edhe

WEBLATE_DEFAULT_FROM_EMAIL¶

Configures the address for outgoing e-mails.

Shihni edhe

WEBLATE_ADMINS_CONTACT¶: Configures ADMINS_CONTACT.

WEBLATE_CONTACT_FORM¶: Configures contact form behavior, see CONTACT_FORM.

WEBLATE_ALLOWED_HOSTS¶

Configures allowed HTTP hostnames using ALLOWED_HOSTS.

Defaults to * which allows all hostnames.

Example:

environment:
  WEBLATE_ALLOWED_HOSTS: weblate.example.com,example.com

Shihni edhe

WEBLATE_REGISTRATION_OPEN¶

Configures whether registrations are open by toggling REGISTRATION_OPEN.

Example:

environment:
  WEBLATE_REGISTRATION_OPEN: 0

WEBLATE_REGISTRATION_CAPTCHA¶

Shtuar në versionin 5.10.

Configures whether captcha is used for registration and other unauthenticated actions, see REGISTRATION_CAPTCHA.

Example:

environment:
  WEBLATE_REGISTRATION_CAPTCHA: 0

WEBLATE_REGISTRATION_ALLOW_BACKENDS¶

Configure which authentication methods can be used to create new account via REGISTRATION_ALLOW_BACKENDS.

Example:

environment:
  WEBLATE_REGISTRATION_OPEN: 0
  WEBLATE_REGISTRATION_ALLOW_BACKENDS: azuread-oauth2,azuread-tenant-oauth2

WEBLATE_REGISTRATION_REBIND¶: Shtuar në versionin 4.16.

Configures REGISTRATION_REBIND.

WEBLATE_REGISTRATION_ALLOW_DISPOSABLE_EMAILS¶

Shtuar në versionin 5.16.1.

Configures REGISTRATION_ALLOW_DISPOSABLE_EMAILS.

Example:

environment:
  WEBLATE_REGISTRATION_ALLOW_DISPOSABLE_EMAILS: 1

WEBLATE_PROJECT_WEB_RESTRICT_PRIVATE¶

Shtuar në versionin 5.17.

Configures PROJECT_WEB_RESTRICT_PRIVATE.

Defaults to enabled.

WEBLATE_PROJECT_WEB_RESTRICT_ALLOWLIST¶

Shtuar në versionin 5.17.

Configures PROJECT_WEB_RESTRICT_ALLOWLIST.

Expects a comma-separated list of trusted project slugs.

WEBLATE_WEBHOOK_RESTRICT_PRIVATE¶

Shtuar në versionin 5.17.

Configures WEBHOOK_RESTRICT_PRIVATE.

Defaults to enabled.

WEBLATE_WEBHOOK_PRIVATE_ALLOWLIST¶

Shtuar në versionin 5.17.

Configures WEBHOOK_PRIVATE_ALLOWLIST.

Expects a comma-separated list of trusted hostnames or domains.

WEBLATE_ASSET_RESTRICT_PRIVATE¶

Shtuar në versionin 2025.5.

Configures ASSET_RESTRICT_PRIVATE.

Defaults to enabled.

WEBLATE_ASSET_PRIVATE_ALLOWLIST¶

Shtuar në versionin 2025.5.

Configures ASSET_PRIVATE_ALLOWLIST.

Expects a comma-separated list of trusted hostnames or domains.

WEBLATE_TIME_ZONE¶

Configures the used time zone in Weblate, see TIME_ZONE.

Shënim

To change the time zone of the Docker container itself, use the TZ environment variable.

Example:

environment:
  WEBLATE_TIME_ZONE: Europe/Prague

WEBLATE_ENABLE_HTTPS¶

Makes Weblate assume it is operated behind a reverse HTTPS proxy, it makes Weblate use HTTPS in e-mail and API links or set secure flags on cookies.

Ndihmëz

Please see ENABLE_HTTPS documentation for possible caveats.

Shënim

This does not make the Weblate container accept HTTPS connections, you need to configure that as well, see Docker container with HTTPS support for examples.

Example:

environment:
  WEBLATE_ENABLE_HTTPS: 1

Shihni edhe

WEBLATE_NGINX_IPV6¶

Shtuar në versionin 5.17.

Controls whether the bundled NGINX listens on IPv6 addresses.

Supported values are:

auto to enable IPv6 listeners only when IPv6 is available in the container runtime. This is the default.
on to always enable IPv6 listeners.
off to disable IPv6 listeners.

Example:

environment:
  WEBLATE_NGINX_IPV6: auto

WEBLATE_IP_PROXY_HEADER¶

Lets Weblate fetch the IP address from any given HTTP header. Use this when using a reverse proxy in front of the Weblate container.

Enables IP_BEHIND_REVERSE_PROXY and sets IP_PROXY_HEADER.

Shënim

The format must conform to Django’s expectations. Django transforms raw HTTP header names as follows:

converts all characters to uppercase
replaces any hyphens with underscores
prepends HTTP_ prefix

So X-Forwarded-For would be mapped to HTTP_X_FORWARDED_FOR.

Example:

environment:
  WEBLATE_IP_PROXY_HEADER: HTTP_X_FORWARDED_FOR

WEBLATE_IP_PROXY_OFFSET¶: Shtuar në versionin 5.0.1.

Configures IP_PROXY_OFFSET.

WEBLATE_USE_X_FORWARDED_PORT¶: Shtuar në versionin 5.0.1.

A boolean that specifies whether to use the X-Forwarded-Port header in preference to the SERVER_PORT META variable. This should only be enabled if a proxy which sets this header is in use.

Shihni edhe

USE_X_FORWARDED_PORT

Shënim

This is a boolean setting (use "true" or "false").

WEBLATE_SECURE_PROXY_SSL_HEADER¶

A tuple representing an HTTP header/value combination that signifies a request is secure. This is needed when Weblate is running behind a reverse proxy doing SSL termination which does not pass standard HTTPS headers.

Example:

environment:
  WEBLATE_SECURE_PROXY_SSL_HEADER: HTTP_X_FORWARDED_PROTO,https

Shihni edhe

WEBLATE_REQUIRE_LOGIN¶

Enables REQUIRE_LOGIN to enforce authentication on whole Weblate.

Example:

environment:
  WEBLATE_REQUIRE_LOGIN: 1

WEBLATE_LEGAL_INTEGRATION¶

Enables the Legal module module in Docker deployments. By default, the integration is disabled; leave this variable unset or empty to disable it.

Supported values are:

tos-confirm to enable the legal module and enforce terms of service confirmation during social authentication and for signed-in users.
wllegal to enable the same integration and additionally load the hosted legal document templates from wllegal. These templates are used by services operated by Weblate s.r.o. and are not intended for general use.

To provide your own legal documents in Docker, override the templates in /app/data/python/customize/templates/legal/documents, see Replacing logo and other static files.

Example:

environment:
  WEBLATE_LEGAL_INTEGRATION: tos-confirm

Shihni edhe

Legal module
Replacing logo and other static files

WEBLATE_PUBLIC_ENGAGE¶: Enables PUBLIC_ENGAGE.

WEBLATE_GOOGLE_ANALYTICS_ID¶: Configures ID for Google Analytics by changing GOOGLE_ANALYTICS_ID.

WEBLATE_DEFAULT_PULL_MESSAGE¶: Configures the default title and message for pull requests via API by changing DEFAULT_PULL_MESSAGE.

Shihni edhe

DEFAULT_PULL_MESSAGE

WEBLATE_SIMPLIFY_LANGUAGES¶: Configures the language simplification policy, see SIMPLIFY_LANGUAGES.

WEBLATE_HIDE_SHARED_GLOSSARY_COMPONENTS¶: Hides glossary components when shared to other projects, see HIDE_SHARED_GLOSSARY_COMPONENTS.

WEBLATE_DEFAULT_ACCESS_CONTROL¶: Configures the default Kontroll hyrjesh for new projects, see DEFAULT_ACCESS_CONTROL.

WEBLATE_DEFAULT_TRANSLATION_REVIEW¶: Shtuar në versionin 5.16.

Configures the default value for Aktivizoni shqyrtime, turned off by default.

WEBLATE_DEFAULT_SOURCE_REVIEW¶: Shtuar në versionin 5.16.

Configures the default value for Aktivizo shqyrtime burimi, turned off by default.

WEBLATE_DEFAULT_RESTRICTED_COMPONENT¶: Configures the default value for Restricted access for new components, see DEFAULT_RESTRICTED_COMPONENT.

WEBLATE_DEFAULT_TRANSLATION_PROPAGATION¶: Configures the default value for Lejo përhapje përkthimesh for new components, see DEFAULT_TRANSLATION_PROPAGATION.

WEBLATE_DEFAULT_COMMITER_EMAIL¶: Configures DEFAULT_COMMITER_EMAIL.

WEBLATE_DEFAULT_COMMITER_NAME¶: Configures DEFAULT_COMMITER_NAME.

WEBLATE_DEFAULT_SHARED_TM¶: Configures DEFAULT_SHARED_TM.

WEBLATE_DEFAULT_AUTOCLEAN_TM¶: Configures DEFAULT_AUTOCLEAN_TM.

WEBLATE_COMMIT_PENDING_HOURS¶: Configures the default value for Moshë ndryshimesh për depozitim for new components, see COMMIT_PENDING_HOURS.

WEBLATE_GPG_IDENTITY¶: Configures GPG signing of commits, see WEBLATE_GPG_IDENTITY.

Shihni edhe

Signing Git commits with GnuPG

WEBLATE_URL_PREFIX¶: Configures URL prefix where Weblate is running, see URL_PREFIX.

WEBLATE_STATIC_URL¶: Configures URL prefix for static files served from CACHE_DIR.

WEBLATE_SILENCED_SYSTEM_CHECKS¶: Configures checks which you do not want to be displayed, see SILENCED_SYSTEM_CHECKS.

WEBLATE_CSP_SCRIPT_SRC¶

WEBLATE_CSP_IMG_SRC¶

WEBLATE_CSP_CONNECT_SRC¶

WEBLATE_CSP_STYLE_SRC¶

WEBLATE_CSP_FONT_SRC¶

WEBLATE_CSP_FORM_SRC¶

Allows to customize Content-Security-Policy HTTP header.

Shihni edhe

WEBLATE_LICENSE_FILTER¶: Configures LICENSE_FILTER.

WEBLATE_LICENSE_REQUIRED¶: Configures LICENSE_REQUIRED.

WEBLATE_WEBSITE_REQUIRED¶: Configures WEBSITE_REQUIRED.

WEBLATE_VERSION_DISPLAY¶: Configures VERSION_DISPLAY.

WEBLATE_HIDE_VERSION¶: Configures HIDE_VERSION.

WEBLATE_BASIC_LANGUAGES¶: Configures BASIC_LANGUAGES.

WEBLATE_DEFAULT_AUTO_WATCH¶: Configures DEFAULT_AUTO_WATCH.

WEBLATE_RATELIMIT_ATTEMPTS¶

WEBLATE_RATELIMIT_LOCKOUT¶

WEBLATE_RATELIMIT_WINDOW¶

Shtuar në versionin 4.6.

Configures rate limiter.

Ndihmëz

You can set configuration for any rate limiter scopes. To do that add WEBLATE_ prefix to any of setting described in Rate limiting.

Shihni edhe

WEBLATE_API_RATELIMIT_ANON¶

WEBLATE_API_RATELIMIT_USER¶: Shtuar në versionin 4.11.

Configures API rate limiting. Defaults to 100/day for anonymous and 5000/hour for authenticated users.

Shihni edhe

API rate limiting

WEBLATE_ENABLE_HOOKS¶: Shtuar në versionin 4.13.

Configures ENABLE_HOOKS.

WEBLATE_ENABLE_AVATARS¶: Shtuar në versionin 4.6.1.

Configures ENABLE_AVATARS.

WEBLATE_AVATAR_URL_PREFIX¶: Shtuar në versionin 4.15.

Configures AVATAR_URL_PREFIX.

WEBLATE_LIMIT_TRANSLATION_LENGTH_BY_SOURCE_LENGTH¶: Shtuar në versionin 4.9.

Configures LIMIT_TRANSLATION_LENGTH_BY_SOURCE_LENGTH.

WEBLATE_SSH_EXTRA_ARGS¶: Shtuar në versionin 4.9.

Configures SSH_EXTRA_ARGS.

WEBLATE_BORG_EXTRA_ARGS¶

Shtuar në versionin 4.9.

Configures BORG_EXTRA_ARGS as a comma separated list of args.

Example:

environment:
  WEBLATE_BORG_EXTRA_ARGS: --exclude,vcs/

WEBLATE_ENABLE_SHARING¶: Shtuar në versionin 4.14.1.

Configures ENABLE_SHARING.

WEBLATE_SUPPORT_STATUS_CHECK¶: Shtuar në versionin 5.5.

Configures SUPPORT_STATUS_CHECK.

WEBLATE_EXTRA_HTML_HEAD¶: Shtuar në versionin 4.15.

Configures EXTRA_HTML_HEAD.

WEBLATE_PRIVATE_COMMIT_EMAIL_TEMPLATE¶: Shtuar në versionin 4.15.

Configures PRIVATE_COMMIT_EMAIL_TEMPLATE.

WEBLATE_PRIVATE_COMMIT_EMAIL_OPT_IN¶: Shtuar në versionin 4.15.

Configures PRIVATE_COMMIT_EMAIL_OPT_IN.

WEBLATE_PRIVATE_COMMIT_NAME_TEMPLATE¶: Shtuar në versionin 5.16.

Configures PRIVATE_COMMIT_NAME_TEMPLATE.

WEBLATE_PRIVATE_COMMIT_NAME_OPT_IN¶: Shtuar në versionin 5.16.

Configures PRIVATE_COMMIT_NAME_OPT_IN.

WEBLATE_UNUSED_ALERT_DAYS¶: Shtuar në versionin 4.17.

Configures UNUSED_ALERT_DAYS.

WEBLATE_UPDATE_LANGUAGES¶: Shtuar në versionin 4.3.2.

Configures UPDATE_LANGUAGES.

WEBLATE_VCS_ALLOW_HOSTS¶: Shtuar në versionin 5.15.

Configures VCS_ALLOW_HOSTS.

WEBLATE_VCS_ALLOW_SCHEMES¶: Shtuar në versionin 5.15.

Configures VCS_ALLOW_SCHEMES.

WEBLATE_VCS_RESTRICT_PRIVATE¶: Shtuar në versionin 5.17.

Configures VCS_RESTRICT_PRIVATE.

WEBLATE_VCS_CLONE_DEPTH¶: Shtuar në versionin 5.4.

Configures VCS_CLONE_DEPTH.

WEBLATE_VCS_API_DELAY¶: Shtuar në versionin 5.4.

Configures VCS_API_DELAY.

WEBLATE_VCS_API_TIMEOUT¶: Shtuar në versionin 5.15.

Configures VCS_API_TIMEOUT.

WEBLATE_CORS_ALLOWED_ORIGINS¶

Shtuar në versionin 4.16.

Allow CORS requests to API from given origins.

Example:

environment:
  WEBLATE_CORS_ALLOWED_ORIGINS: https://example.com,https://weblate.org

WEBLATE_CORS_ALLOW_ALL_ORIGINS¶: Shtuar në versionin 5.6.1: Allows CORS requests to API from all origins.

WEBLATE_WEBSITE_ALERTS_ENABLED¶: Shtuar në versionin 5.17.

Configures WEBSITE_ALERTS_ENABLED.

CLIENT_MAX_BODY_SIZE¶

Shtuar në versionin 4.16.3.

Configures maximal body size accepted by the built-in web server.

environment:
    CLIENT_MAX_BODY_SIZE: 200m

Ndihmëz

This variable intentionally lacks WEBLATE_ prefix as it is shared with third-party container used in Automatic SSL certificates using Let’s Encrypt.

WEBLATE_TRANSLATION_UPLOAD_MAX_SIZE¶

Configures TRANSLATION_UPLOAD_MAX_SIZE.

The value is in bytes.

WEBLATE_COMPONENT_ZIP_UPLOAD_MAX_SIZE¶

Configures COMPONENT_ZIP_UPLOAD_MAX_SIZE.

The value is in bytes.

WEBLATE_PROJECT_BACKUP_UPLOAD_MAX_SIZE¶

Configures PROJECT_BACKUP_UPLOAD_MAX_SIZE.

The value is in bytes. Make sure CLIENT_MAX_BODY_SIZE is also large enough for uploaded backup files.

WEBLATE_PROJECT_BACKUP_IMPORT_MAX_MEMBERS¶: Shtuar në versionin 2026.5.

Configures PROJECT_BACKUP_IMPORT_MAX_MEMBERS.

WEBLATE_PROJECT_BACKUP_IMPORT_MAX_TOTAL_UNCOMPRESSED_SIZE¶

Shtuar në versionin 2026.5.

Configures PROJECT_BACKUP_IMPORT_MAX_TOTAL_UNCOMPRESSED_SIZE.

The value is in bytes.

WEBLATE_PROJECT_BACKUP_IMPORT_MAX_COMPRESSED_ENTRY_SIZE¶

Shtuar në versionin 2026.5.

Configures PROJECT_BACKUP_IMPORT_MAX_COMPRESSED_ENTRY_SIZE.

The value is in bytes.

WEBLATE_PROJECT_BACKUP_IMPORT_MIN_RATIO_SIZE¶

Shtuar në versionin 2026.5.

Configures PROJECT_BACKUP_IMPORT_MIN_RATIO_SIZE.

The value is in bytes.

WEBLATE_PROJECT_BACKUP_IMPORT_MAX_COMPRESSED_ENTRY_RATIO¶: Shtuar në versionin 2026.5.

Configures PROJECT_BACKUP_IMPORT_MAX_COMPRESSED_ENTRY_RATIO.

Code hosting sites credentials¶

In the Docker container, the code hosting credentials can be configured either in separate variables or using a Python dictionary to set them at once. The following examples are for GitHub pull requests, but apply to all Integrim kontrolli versioni with appropriately changed variable names.

E rëndësishme

All environment variable names must include the WEBLATE_ prefix. For example, to configure GitHub credentials, use WEBLATE_GITHUB_USERNAME, not GITHUB_USERNAME. This applies whether you’re configuring for pull requests or any other VCS integration.

An example configuration for GitHub pull requests might look like:

WEBLATE_GITHUB_USERNAME=api-user
WEBLATE_GITHUB_TOKEN=api-token
WEBLATE_GITHUB_HOST=api.github.com

Will be used as:

GITHUB_CREDENTIALS = {
    "api.github.com": {
        "username": "api-user",
        "token": "api-token",
    }
}

Alternatively the Python dictionary can be provided as a string:

WEBLATE_GITHUB_CREDENTIALS='{ "api.github.com": { "username": "api-user", "token": "api-token", } }'

Or the path to a file containing the Python dictionary:

echo '{ "api.github.com": { "username": "api-user", "token": "api-token", } }' > /path/to/github-credentials
WEBLATE_GITHUB_CREDENTIALS_FILE='/path/to/github-credentials'

WEBLATE_GITHUB_USERNAME¶

WEBLATE_GITHUB_TOKEN¶

WEBLATE_GITHUB_HOST¶

WEBLATE_GITHUB_CREDENTIALS¶: Configures GitHub pull requests by changing GITHUB_CREDENTIALS.

Shihni edhe

Configuring code hosting credentials in Docker

WEBLATE_GITLAB_USERNAME¶

WEBLATE_GITLAB_TOKEN¶

WEBLATE_GITLAB_HOST¶

WEBLATE_GITLAB_CREDENTIALS¶: Configures GitLab merge requests by changing GITLAB_CREDENTIALS.

Shihni edhe

Configuring code hosting credentials in Docker

WEBLATE_GITEA_USERNAME¶

WEBLATE_GITEA_TOKEN¶

WEBLATE_GITEA_HOST¶

WEBLATE_GITEA_CREDENTIALS¶: Configures Gitea pull requests by changing GITEA_CREDENTIALS.

Shihni edhe

Configuring code hosting credentials in Docker

WEBLATE_PAGURE_USERNAME¶

WEBLATE_PAGURE_TOKEN¶

WEBLATE_PAGURE_HOST¶

WEBLATE_PAGURE_CREDENTIALS¶: Configures Pagure merge requests by changing PAGURE_CREDENTIALS.

Shihni edhe

Configuring code hosting credentials in Docker

WEBLATE_BITBUCKETSERVER_USERNAME¶

WEBLATE_BITBUCKETSERVER_TOKEN¶

WEBLATE_BITBUCKETSERVER_HOST¶

WEBLATE_BITBUCKETSERVER_CREDENTIALS¶: Configures Bitbucket Data Center pull requests by changing BITBUCKETSERVER_CREDENTIALS.

WEBLATE_BITBUCKETCLOUD_USERNAME¶

WEBLATE_BITBUCKETCLOUD_WORKSPACE¶

WEBLATE_BITBUCKETCLOUD_TOKEN¶

WEBLATE_BITBUCKETCLOUD_HOST¶

WEBLATE_BITBUCKETCLOUD_CREDENTIALS¶: Configures Bitbucket Cloud pull requests by changing BITBUCKETCLOUD_CREDENTIALS.

Shihni edhe

Configuring code hosting credentials in Docker

WEBLATE_AZURE_DEVOPS_USERNAME¶

WEBLATE_AZURE_DEVOPS_ORGANIZATION¶

WEBLATE_AZURE_DEVOPS_TOKEN¶

WEBLATE_AZURE_DEVOPS_HOST¶

WEBLATE_AZURE_DEVOPS_CREDENTIALS¶: Configures Azure DevOps pull requests by changing AZURE_DEVOPS_CREDENTIALS.

Shihni edhe

Configuring code hosting credentials in Docker

Automatic suggestion settings¶

Ndryshuar në versionin 4.13: Automatic suggestion services are now configured in the user interface, see Sugjerime të automatizuara.

The existing environment variables are imported during the migration to Weblate 4.13, but changing them will not have any further effect.

Rregullime për mirëfilltësim¶

Ndihmëz

The e-mail based authentication is turned on unless disabled by WEBLATE_NO_EMAIL_AUTH.

LDAP¶

WEBLATE_AUTH_LDAP_SERVER_URI¶

WEBLATE_AUTH_LDAP_USER_DN_TEMPLATE¶

WEBLATE_AUTH_LDAP_USER_ATTR_MAP¶

WEBLATE_AUTH_LDAP_BIND_DN¶

WEBLATE_AUTH_LDAP_BIND_PASSWORD¶

WEBLATE_AUTH_LDAP_CONNECTION_OPTION_REFERRALS¶

WEBLATE_AUTH_LDAP_USER_SEARCH¶

WEBLATE_AUTH_LDAP_USER_SEARCH_FILTER¶

WEBLATE_AUTH_LDAP_USER_SEARCH_UNION¶

WEBLATE_AUTH_LDAP_USER_SEARCH_UNION_DELIMITER¶

LDAP authentication configuration.

Example for direct bind:

environment:
  WEBLATE_AUTH_LDAP_SERVER_URI: ldap://ldap.example.org
  WEBLATE_AUTH_LDAP_USER_DN_TEMPLATE: uid=%(user)s,ou=People,dc=example,dc=net
  # map weblate 'full_name' to ldap 'name' and weblate 'email' attribute to 'mail' ldap attribute.
  # another example that can be used with OpenLDAP: 'full_name:cn,email:mail'
  WEBLATE_AUTH_LDAP_USER_ATTR_MAP: full_name:name,email:mail

Example for search and bind:

environment:
  WEBLATE_AUTH_LDAP_SERVER_URI: ldap://ldap.example.org
  WEBLATE_AUTH_LDAP_BIND_DN: CN=ldap,CN=Users,DC=example,DC=com
  WEBLATE_AUTH_LDAP_BIND_PASSWORD: password
  WEBLATE_AUTH_LDAP_USER_ATTR_MAP: full_name:name,email:mail
  WEBLATE_AUTH_LDAP_USER_SEARCH: CN=Users,DC=example,DC=com

Example for union search and bind:

environment:
  WEBLATE_AUTH_LDAP_SERVER_URI: ldap://ldap.example.org
  WEBLATE_AUTH_LDAP_BIND_DN: CN=ldap,CN=Users,DC=example,DC=com
  WEBLATE_AUTH_LDAP_BIND_PASSWORD: password
  WEBLATE_AUTH_LDAP_USER_ATTR_MAP: full_name:name,email:mail
  WEBLATE_AUTH_LDAP_USER_SEARCH_UNION: ou=users,dc=example,dc=com|ou=otherusers,dc=example,dc=com

Example with search and bind against Active Directory:

environment:
  WEBLATE_AUTH_LDAP_BIND_DN: CN=ldap,CN=Users,DC=example,DC=com
  WEBLATE_AUTH_LDAP_BIND_PASSWORD: password
  WEBLATE_AUTH_LDAP_SERVER_URI: ldap://ldap.example.org
  WEBLATE_AUTH_LDAP_CONNECTION_OPTION_REFERRALS: 0
  WEBLATE_AUTH_LDAP_USER_ATTR_MAP: full_name:name,email:mail
  WEBLATE_AUTH_LDAP_USER_SEARCH: CN=Users,DC=example,DC=com
  WEBLATE_AUTH_LDAP_USER_SEARCH_FILTER: (sAMAccountName=%(user)s)

Shihni edhe

GitHub¶

WEBLATE_SOCIAL_AUTH_GITHUB_KEY¶

WEBLATE_SOCIAL_AUTH_GITHUB_SECRET¶

WEBLATE_SOCIAL_AUTH_GITHUB_ORG_KEY¶

WEBLATE_SOCIAL_AUTH_GITHUB_ORG_SECRET¶

WEBLATE_SOCIAL_AUTH_GITHUB_ORG_NAME¶

WEBLATE_SOCIAL_AUTH_GITHUB_TEAM_KEY¶

WEBLATE_SOCIAL_AUTH_GITHUB_TEAM_SECRET¶

WEBLATE_SOCIAL_AUTH_GITHUB_TEAM_ID¶: Enables Mirëfilltësim GitHub.

GitHub Enterprise Edition¶

WEBLATE_SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY¶

WEBLATE_SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET¶

WEBLATE_SOCIAL_AUTH_GITHUB_ENTERPRISE_URL¶

WEBLATE_SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL¶

WEBLATE_SOCIAL_AUTH_GITHUB_ENTERPRISE_SCOPE¶: Enables GitHub EE authentication.

Bitbucket¶

WEBLATE_SOCIAL_AUTH_BITBUCKET_OAUTH2_KEY¶

WEBLATE_SOCIAL_AUTH_BITBUCKET_OAUTH2_SECRET¶: Enables Mirëfilltësim Bitbucket.

Facebook¶

WEBLATE_SOCIAL_AUTH_FACEBOOK_KEY¶

WEBLATE_SOCIAL_AUTH_FACEBOOK_SECRET¶: Enables Facebook OAuth 2.

Google¶

WEBLATE_SOCIAL_AUTH_GOOGLE_OAUTH2_KEY¶

WEBLATE_SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET¶

WEBLATE_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS¶

WEBLATE_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS¶: Enables Google OAuth 2.

GitLab¶

WEBLATE_SOCIAL_AUTH_GITLAB_KEY¶

WEBLATE_SOCIAL_AUTH_GITLAB_SECRET¶

WEBLATE_SOCIAL_AUTH_GITLAB_API_URL¶: Enables GitLab OAuth 2.

Gitea¶

WEBLATE_SOCIAL_AUTH_GITEA_API_URL¶

WEBLATE_SOCIAL_AUTH_GITEA_KEY¶

WEBLATE_SOCIAL_AUTH_GITEA_SECRET¶: Enables Gitea authentication.

Microsoft Entra ID¶

WEBLATE_SOCIAL_AUTH_AZUREAD_OAUTH2_KEY¶

WEBLATE_SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET¶: Enables Microsoft Entra ID authentication, see Microsoft Entra ID.

Microsoft Entra ID with Tenant support¶

WEBLATE_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_KEY¶

WEBLATE_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_SECRET¶

WEBLATE_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_TENANT_ID¶: Enables Microsoft Entra ID authentication with Tenant support, see Microsoft Entra ID.

Keycloak¶

WEBLATE_SOCIAL_AUTH_KEYCLOAK_KEY¶

WEBLATE_SOCIAL_AUTH_KEYCLOAK_SECRET¶

WEBLATE_SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY¶

WEBLATE_SOCIAL_AUTH_KEYCLOAK_ALGORITHM¶

WEBLATE_SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL¶

WEBLATE_SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL¶

WEBLATE_SOCIAL_AUTH_KEYCLOAK_TITLE¶

WEBLATE_SOCIAL_AUTH_KEYCLOAK_IMAGE¶: Enables Keycloak authentication, see Keycloak - Open Source Red Hat SSO.

WEBLATE_SOCIAL_AUTH_KEYCLOAK_ID_KEY¶

Shtuar në versionin 5.17.

Configures which claim is used as the unique user identifier from Keycloak. Defaults to email.

Ndihmëz

When Keycloak is configured to abstract third-party IDP, you will need to configure WEBLATE_CSP_FORM_SRC for the third-party IDP domain.

Example when Keycloak is passing authentication to Microsoft.¶

environment:
  WEBLATE_CSP_FORM_SRC: login.microsoftonline.com

Linux vendors¶

You can enable authentication using Linux vendors authentication services by setting following variables to any value.

WEBLATE_SOCIAL_AUTH_FEDORA¶

WEBLATE_SOCIAL_AUTH_OPENSUSE¶

WEBLATE_SOCIAL_AUTH_OPENINFRA¶

WEBLATE_SOCIAL_AUTH_UBUNTU¶

Slack¶

WEBLATE_SOCIAL_AUTH_SLACK_KEY¶

WEBLATE_SOCIAL_AUTH_SLACK_SECRET¶: Enables Slack authentication, see Slack.

OpenID Connect¶

Shtuar në versionin 4.13-1.

WEBLATE_SOCIAL_AUTH_OIDC_OIDC_ENDPOINT¶

WEBLATE_SOCIAL_AUTH_OIDC_KEY¶

WEBLATE_SOCIAL_AUTH_OIDC_SECRET¶

WEBLATE_SOCIAL_AUTH_OIDC_USERNAME_KEY¶

WEBLATE_SOCIAL_AUTH_OIDC_TITLE¶

WEBLATE_SOCIAL_AUTH_OIDC_IMAGE¶: Configures generic OpenID Connect integration.

Shihni edhe

OIDC (OpenID Connect)

Fedora OpenID Connect¶

Shtuar në versionin 5.15.

WEBLATE_SOCIAL_AUTH_FEDORA_OIDC_KEY¶

WEBLATE_SOCIAL_AUTH_FEDORA_OIDC_SECRET¶: Configures Fedora OpenID Connect integration.

Shihni edhe

Fedora

SAML¶

Self-signed SAML keys are automatically generated on first container startup. In case you want to use own keys, place the certificate and private key in /app/data/ssl/saml.crt and /app/data/ssl/saml.key.

WEBLATE_SAML_IDP_ENTITY_ID¶

WEBLATE_SAML_IDP_URL¶

WEBLATE_SAML_IDP_X509CERT¶

WEBLATE_SAML_IDP_IMAGE¶

WEBLATE_SAML_IDP_TITLE¶: SAML Identity Provider settings, see Mirëfilltësim SAML.

WEBLATE_SAML_ID_ATTR_FULL_NAME¶

WEBLATE_SAML_ID_ATTR_FIRST_NAME¶

WEBLATE_SAML_ID_ATTR_LAST_NAME¶

WEBLATE_SAML_ID_ATTR_USERNAME¶

WEBLATE_SAML_ID_ATTR_EMAIL¶

WEBLATE_SAML_ID_ATTR_USER_PERMANENT_ID¶: Shtuar në versionin 4.18.

SAML attributes mapping.

Other authentication settings¶

WEBLATE_NO_EMAIL_AUTH¶: Disables e-mail authentication when set to any value. See Çaktivizim mirëfilltësimesh me fjalëkalim.

WEBLATE_MIN_PASSWORD_SCORE¶

Minimal password score as evaluated by the zxcvbn password strength estimator. Defaults to 3, set to 0 to disable strength checking.

Shihni edhe

Ujdisje baze të dhënash PostgreSQL¶

The database is created by docker-compose.yml, so these settings affect both Weblate and PostgreSQL containers.

Shihni edhe

Ujdisje baze të dhënash për Weblate

POSTGRES_PASSWORD¶: Fjalëkalim PostgreSQL.

Shihni edhe

Passing secrets

POSTGRES_USER¶: Emër përdoruesi PostgreSQL.

POSTGRES_DB¶: Emër baze të dhënash PostgreSQL.

POSTGRES_HOST¶: PostgreSQL server hostname or IP address. Defaults to database.

POSTGRES_PORT¶: PostgreSQL server port. Defaults to none (uses the default value).

POSTGRES_SSL_MODE¶: Configure how PostgreSQL handles SSL in connection to the server, for possible choices see SSL Mode Descriptions.

POSTGRES_ALTER_ROLE¶

Configures name of the PostgreSQL role to alter during the database migration, see Formësim i Weblate-it që të përdorë PostgreSQL-in.

Defaults to POSTGRES_USER.

POSTGRES_CONN_MAX_AGE¶

Shtuar në versionin 4.8.1.

The lifetime of a database connection, as an integer of seconds. Use 0 to close database connections at the end of each request.

Ndryshuar në versionin 5.1: The default behavior is to have unlimited persistent database connections.

Enabling connection persistence will typically, cause more open connection to the database. Please adjust your database configuration prior enabling.

Formësim shembull:

environment:
    POSTGRES_CONN_MAX_AGE: 3600

Shihni edhe

POSTGRES_DISABLE_SERVER_SIDE_CURSORS¶

Shtuar në versionin 4.9.1.

Disable server side cursors in the database. This is necessary in some pgbouncer setups.

Formësim shembull:

environment:
    POSTGRES_DISABLE_SERVER_SIDE_CURSORS: 1

Shihni edhe

WEBLATE_DATABASES¶: Shtuar në versionin 5.1.

Set to false to disable environment based configuration of the database connection. Use Overriding settings from the data volume to configure the database connection manually.

Database backup settings¶

Shihni edhe

Dumped data for backups

WEBLATE_DATABASE_BACKUP¶: Configures the daily database dump using DATABASE_BACKUP. Defaults to plain.

Ujdisje shërbyesi depozitë të dhënash¶

Using Valkey or Redis is required by the Weblate container and you have to provide a connection parameters when running Weblate in Docker.

Shihni edhe

Formësoni fshehtinë

REDIS_HOST¶: The datastore server hostname or IP address. Defaults to cache.

REDIS_PORT¶: The datastore server port. Defaults to 6379.

REDIS_DB¶: Numri i bazës së të dhënave të depozitës së të dhënave, si parazgjedhje merr 1.

REDIS_USER¶: Shtuar në versionin 5.13: The datastore database user, not used by default.

REDIS_PASSWORD¶: The datastore server password, not used by default.

Shihni edhe

Passing secrets

REDIS_TLS¶: Enables using SSL for the datastore connection.

REDIS_VERIFY_SSL¶: Can be used to disable SSL certificate verification for the datastore connection.

Ujdisje shërbyesi email-esh¶

To make outgoing e-mail work, you need to provide a mail server.

Shembull formësimi TLS-je:

environment:
    WEBLATE_EMAIL_HOST: smtp.example.com
    WEBLATE_EMAIL_HOST_USER: user
    WEBLATE_EMAIL_HOST_PASSWORD: pass

Shembull formësimi SSL-je:

environment:
    WEBLATE_EMAIL_HOST: smtp.example.com
    WEBLATE_EMAIL_PORT: 465
    WEBLATE_EMAIL_HOST_USER: user
    WEBLATE_EMAIL_HOST_PASSWORD: pass
    WEBLATE_EMAIL_USE_TLS: 0
    WEBLATE_EMAIL_USE_SSL: 1

Shihni edhe

Formësim i email-eve që dërgohen

WEBLATE_EMAIL_HOST¶

Mail server hostname or IP address.

Shihni edhe

WEBLATE_EMAIL_PORT
WEBLATE_EMAIL_USE_SSL
WEBLATE_EMAIL_USE_TLS
EMAIL_HOST

WEBLATE_EMAIL_PORT¶: Mail server port, defaults to 25.

Shihni edhe

EMAIL_PORT

WEBLATE_EMAIL_HOST_USER¶: E-mail authentication user.

Shihni edhe

EMAIL_HOST_USER

WEBLATE_EMAIL_HOST_PASSWORD¶

E-mail authentication password.

Shihni edhe

WEBLATE_EMAIL_USE_SSL¶

Whether to use an implicit TLS (secure) connection when talking to the SMTP server. In most e-mail documentation, this type of TLS connection is referred to as SSL. It is generally used on port 465. If you are experiencing problems, see the explicit TLS setting WEBLATE_EMAIL_USE_TLS.

Ndryshuar në versionin 4.11: The SSL/TLS support is automatically enabled based on the WEBLATE_EMAIL_PORT.

Shihni edhe

WEBLATE_EMAIL_PORT
WEBLATE_EMAIL_USE_TLS
EMAIL_USE_SSL

WEBLATE_EMAIL_USE_TLS¶

Whether to use a TLS (secure) connection when talking to the SMTP server. This is used for explicit TLS connections, generally on port 587 or 25. If you are experiencing connections that hang, see the implicit TLS setting WEBLATE_EMAIL_USE_SSL.

Ndryshuar në versionin 4.11: The SSL/TLS support is automatically enabled based on the WEBLATE_EMAIL_PORT.

Shihni edhe

WEBLATE_EMAIL_PORT
WEBLATE_EMAIL_USE_SSL
EMAIL_USE_TLS

WEBLATE_EMAIL_BACKEND¶

Configures Django back-end to use for sending e-mails.

Shihni edhe

WEBLATE_AUTO_UPDATE¶: Configures if and how Weblate should update repositories.

Shihni edhe

AUTO_UPDATE

Shënim

This is a Boolean setting (use "true" or "false").

Site integration¶

WEBLATE_GET_HELP_URL¶: Configures GET_HELP_URL.

WEBLATE_STATUS_URL¶: Configures STATUS_URL.

WEBLATE_LEGAL_URL¶: Configures LEGAL_URL.

WEBLATE_PRIVACY_URL¶: Configures PRIVACY_URL.

WEBLATE_PASSWORD_RESET_URL¶: Configures PASSWORD_RESET_URL.

Collecting error reports and monitoring performance¶

It is recommended to collect errors from the installation systematically, see Collecting error reports and monitoring performance.

To enable support for Rollbar, set the following:

ROLLBAR_KEY¶: Your Rollbar post server access token.

ROLLBAR_ENVIRONMENT¶: Your Rollbar environment, defaults to production.

To enable support for Sentry, set following:

SENTRY_DSN¶: Your Sentry DSN, see SENTRY_DSN.

SENTRY_ENVIRONMENT¶: Your Sentry Environment (optional), defaults to WEBLATE_SITE_DOMAIN.

SENTRY_MONITOR_BEAT_TASKS¶: Whether to monitor Celery Beat tasks with Sentry, defaults to True.

SENTRY_TRACES_SAMPLE_RATE¶

Configures SENTRY_TRACES_SAMPLE_RATE.

Example:

environment:
  SENTRY_TRACES_SAMPLE_RATE: 0.5

SENTRY_PROFILES_SAMPLE_RATE¶

Configures SENTRY_PROFILES_SAMPLE_RATE.

Example:

environment:
  SENTRY_PROFILES_SAMPLE_RATE: 0.5

SENTRY_SEND_PII¶: Configures SENTRY_SEND_PII.

CDN përkthimesh¶

WEBLATE_LOCALIZE_CDN_URL¶

WEBLATE_LOCALIZE_CDN_PATH¶

Shtuar në versionin 4.2.1.

Configuration for CDN add-ons, including CDN përkthimesh JavaScript and Translation files CDN.

The WEBLATE_LOCALIZE_CDN_PATH is path within the container. It should be stored on the persistent volume and not in the transient storage.

One of possibilities is storing that inside the Weblate data dir:

environment:
  WEBLATE_LOCALIZE_CDN_URL: https://cdn.example.com/
  WEBLATE_LOCALIZE_CDN_PATH: /app/data/l10n-cdn

Shënim

You are responsible for setting up serving of the files generated by Weblate, it only stores the files in configured location. See CDN përkthimesh for secure serving guidance.

Shihni edhe

Changing enabled apps, checks, add-ons, machine translation or autofixes¶

The built-in configuration of enabled checks, add-ons or autofixes can be adjusted by the following variables:

WEBLATE_ADD_APPS¶

WEBLATE_REMOVE_APPS¶

WEBLATE_ADD_CHECK¶

WEBLATE_REMOVE_CHECK¶

WEBLATE_ADD_AUTOFIX¶

WEBLATE_REMOVE_AUTOFIX¶

WEBLATE_ADD_ADDONS¶

WEBLATE_REMOVE_ADDONS¶

WEBLATE_ADD_MACHINERY¶: Shtuar në versionin 5.6.1.

WEBLATE_REMOVE_MACHINERY¶: Shtuar në versionin 5.6.1.

Example:

environment:
  WEBLATE_REMOVE_AUTOFIX: weblate.trans.autofixes.whitespace.SameBookendingWhitespace
  WEBLATE_ADD_ADDONS: customize.addons.MyAddon,customize.addons.OtherAddon

Shihni edhe

Container settings¶

WEBLATE_WORKERS¶

Shtuar në versionin 4.6.1.

Base number of worker processes running in the container. When not set it is determined automatically on container startup based on number of CPU cores available.

It is used to determine CELERY_MAIN_OPTIONS, CELERY_NOTIFY_OPTIONS, CELERY_MEMORY_OPTIONS, CELERY_TRANSLATE_OPTIONS, CELERY_BACKUP_OPTIONS, CELERY_BEAT_OPTIONS, and WEB_WORKERS. You can use these settings to fine-tune.

CELERY_MAIN_OPTIONS¶

CELERY_NOTIFY_OPTIONS¶

CELERY_MEMORY_OPTIONS¶

CELERY_TRANSLATE_OPTIONS¶

CELERY_BACKUP_OPTIONS¶

CELERY_BEAT_OPTIONS¶

These variables allow you to adjust Celery worker options. It can be useful to adjust concurrency (--concurrency 16) or use different pool implementation (--pool=gevent).

By default, the number of concurrent workers is based on WEBLATE_WORKERS.

Example:

environment:
  CELERY_MAIN_OPTIONS: --concurrency 16

Shihni edhe

CELERY_SINGLE_PROCESS¶

Shtuar në versionin 5.7.1: This variable can be set to 1 to run only one celery process. This reduces memory usage but may impact Weblate performance.

environment:
  CELERY_SINGLE_PROCESS: 1

Shihni edhe

Single-process Celery setup

WEB_WORKERS¶

Configure how many WSGI workers should be executed.

It defaults to half of WEBLATE_WORKERS, but is always at least 2.

Example:
environment:
  WEB_WORKERS: 4

Ndryshuar në versionin 5.13: WEB_WORKERS configures how many worker processes will used by granian.

WEBLATE_SERVICE¶

Defines which services should be executed inside the container. Use this for Scaling horizontally.

Following services are defined:

celery-beat: Celery task scheduler, only one instance should be running. This container is also responsible for the database structure migrations and it should be started prior others.
celery-backup: Celery worker for backups, only one instance should be running.
celery-celery: Generic Celery worker.
celery-memory: Translation memory Celery worker.
celery-notify: Notifications Celery worker.
celery-translate: Automatic translation Celery worker.
web: Web server.

Shihni edhe

Background tasks internals

WEBLATE_ANUBIS_URL¶

Shtuar në versionin 5.11.4.

URL of Anubis server to handle subrequest authentication. This can be useful to filter incoming HTTP requests using proof-of-work to stop AI crawlers. You need to configure Anubis for Subrequest Authentication to make it work.

Shihni edhe

Anubis Docker container integration
Anubis

Docker container volumes¶

There are two volumes (data and cache) exported by the Weblate container.

Shënim

The other service containers (such as PostgreSQL or Valkey) have their data volumes as well and are required to maintain Weblate persistence.

The PostgreSQL container stores the database in the /var/lib/postgresql volume and Valkey in the /data volume. Valkey container does not save the data by default and needs additional configuration to enable persistence.

Base your configuration on Weblate-provided examples or consult their documentation for more information.

The data volume is mounted as /app/data and is used to store Weblate persistent data such as cloned repositories or to customize Weblate installation. DATA_DIR describes in more detail what is stored here.

The data volume is also place to store Weblate customization such as Overriding settings from the data volume, Replacing logo and other static files or Customizing code.

The placement of the Docker volume on host system depends on your Docker configuration, but usually it is stored in /var/lib/docker/volumes/weblate-docker_weblate-data/_data/ (the path consist of name of your docker-compose directory, container, and volume names).

The cache volume is mounted as /app/cache and is used to store static files and CACHE_DIR. Its content is recreated on container startup and the volume can be mounted using ephemeral filesystem such as tmpfs, but the mount has to allow execution because Weblate stores generated helper files there.

When mounting /app/cache explicitly as tmpfs in Docker Compose, enable execution:

tmpfs:
  - /app/cache:exec

When also setting ownership options, keep the exec option:

tmpfs:
  - /app/cache:exec,uid=1000,gid=1000

When creating the volumes manually, the directories should be owned by UID 1000 as that is user used inside the container.

Weblate container can also be executed with a read-only root file system. In this case, two additional tmpfs volumes should be mounted: /tmp and /run.

Shihni edhe

Read-only root filesystem¶

Shtuar në versionin 4.18.

When running the container with a read-only root filesystem, two additional tmpfs volumes are required - /tmp and /run.

Configuration beyond environment variables¶

Docker environment variables are intended to expose most configuration settings of relevance for Weblate installations.

If you find a setting that is not exposed as an environment variable, and you believe that it should be, feel free to ask for it to be exposed in a future version of Weblate.

If you need to modify a setting that is not exposed as a Docker environment variable, you can still do so, either from the data volume or extending the Docker image.

Shihni edhe

Përshtatje e Weblate-it

Overriding settings from the data volume¶

You can create a file at /app/data/settings-override.py, i.e. at the root of the data volume, to extend or override settings defined through environment variables.

Overriding settings by extending the Docker image¶

To override settings at the Docker image level instead of from the data volume:

Create a custom Python package.
Add a module to your package that imports all settings from weblate.settings_docker.

For example, within the example package structure defined at Krijim i një moduli Python, you could create a file at weblate_customization/weblate_customization/settings.py with the following initial code:
```
from weblate.settings_docker import *
```

Create a custom Dockerfile that inherits from the official Weblate Docker image, and then installs your package and points the DJANGO_SETTINGS_MODULE environment variable to your settings module:

FROM weblate/weblate

USER root

COPY weblate_customization /usr/src/weblate_customization
RUN source /app/venv/bin/activate && uv pip install --no-cache-dir /usr/src/weblate_customization
ENV DJANGO_SETTINGS_MODULE=weblate_customization.settings

USER 1000

Instead of using the official Weblate Docker image, build a custom image from this Dockerfile file.

There is no clean way to do this with docker-compose.override.yml. You could add build: . to the weblate node in that file, but then your custom image will be tagged as weblate/weblate in your system, which could be problematic.

So, instead of using the docker-compose.yml straight from the official repository, unmodified, and extending it through docker-compose.override.yml, you may want to make a copy of the official docker-compose.yml file, and edit your copy to replace image: weblate/weblate with build: ..

See the Compose file build reference for details on building images from source when using docker-compose.
Extend your custom settings module to define or redefine settings.

You can define settings before or after the import statement above to determine which settings take precedence. Settings defined before the import statement can be overridden by environment variables and setting overrides defined in the data volume. Setting defined after the import statement cannot be overridden.

You can also go further. For example, you can reproduce some of the things that weblate.docker_settings does, such as exposing settings as environment variables, or allow overriding settings from Python files in the data volume.

Replacing logo and other static files¶

The static files coming with Weblate can be overridden by placing into /app/data/python/customize/static (see Docker container volumes). For example creating /app/data/python/customize/static/favicon.ico will replace the favicon.

Ndihmëz

The files are copied to the corresponding location upon container startup, so a restart of Weblate is needed after changing the content of the volume.

This approach can be also used to override Weblate templates. For example Legal module documents can be placed into /app/data/python/customize/templates/legal/documents.

Alternatively you can also include own module (see Përshtatje e Weblate-it) and add it as separate volume to the Docker container, for example:

weblate:
  volumes:
    - weblate-data:/app/data
    - ./weblate_customization/weblate_customization:/app/data/python/weblate_customization
  environment:
    WEBLATE_ADD_APPS: weblate_customization

Customizing code¶

Shënim

The internal Weblate API may vary significantly between releases and is not meant to be stable. Please review your custom code interacting with Weblate internals on each upgrade.

You can place additional Python code into /app/data/python/customize (see Docker container volumes). It is already installed as a Django application inside Weblate (this is used for customizing templates and static files as described above).

This can be used to place any code (for example Si të shkruani kontrollet tuaja) or to add custom maintenance tasks to the Celery task scheduler.

An example of custom scheduled tasks in /app/data/python/customize/tasks.py.¶

"""Custom scheduled task."""

import subprocess  # noqa: S404

from celery.schedules import crontab

from weblate.utils.celery import app


@app.task
def custom_task() -> None:
    """Execute custom task code."""
    subprocess.run(["sleep", "1"], check=True)  # noqa: S607


@app.on_after_finalize.connect
def setup_periodic_tasks(sender, **kwargs) -> None:
    """Configure when periodic task is triggered."""
    sender.add_periodic_task(
        crontab(hour=1, minute=0), custom_task.s(), name="custom-task"
    )

Integrating third-party containers¶

The Weblate Docker setup can be extended with additional containers to provide complementary services such as machine translation, spell checking, or other tools that enhance the translation workflow. These services can be integrated into your Docker Compose configuration and work alongside Weblate.

When adding third-party containers, consider the following:

Network connectivity: Ensure containers can communicate with each other by placing them on the same Docker network
Data persistence: Use volumes for services that need to persist data
Security: Configure appropriate access controls and avoid exposing unnecessary ports

LibreTranslate Docker container integration¶

LibreTranslate is a free and open-source machine translation service that can be self-hosted. Integrating it with Weblate provides offline machine translation capabilities without relying on external services.

You can incorporate the LibreTranslate service into your Weblate deployment by including it in a docker-compose.override.yml file. Since it runs within the Docker network, it’s only accessible to Weblate and not exposed to the public internet.

Basic setup using docker-compose.override.yml:

services:
  libretranslate:
    image: libretranslate/libretranslate:latest
    command: --disable-web-ui
    restart: unless-stopped
    environment:
      LT_UPDATE_MODELS: true
    volumes:
      - libretranslate_models:/home/libretranslate/.local:rw
    healthcheck:
      test: ['CMD-SHELL', './venv/bin/python scripts/healthcheck.py']
      interval: 10s
      timeout: 4s
      retries: 4
      start_period: 5s

volumes:
  libretranslate_models:

For GPU-accelerated translation (if you have NVIDIA GPU available):

services:
  libretranslate:
    image: libretranslate/libretranslate:latest-cuda
    command: --disable-web-ui
    restart: unless-stopped
    environment:
      LT_UPDATE_MODELS: true
      PUID: root
    volumes:
      - libretranslate_models:/home/libretranslate/.local:rw
    healthcheck:
      test: ['CMD-SHELL', './venv/bin/python scripts/healthcheck.py']
      interval: 10s
      timeout: 4s
      retries: 4
      start_period: 5s
    deploy:
      resources:
        reservations:
          devices:
            - driver: nvidia
              count: 1
              capabilities: [gpu]

volumes:
  libretranslate_models:

After starting the services with docker compose down && docker compose up -d, configure LibreTranslate in Weblate:

Access the Weblate admin interface
Navigate to Machine translation → Automatic suggestions
Add a new LibreTranslate service with:

Shërbim:

LibreTranslate

URL API:

http://libretranslate:5000

Kyç API:

Leave empty

LibreTranslate is now configured and available for machine translation in Weblate.

Shënim

The LibreTranslate service runs without the web UI (--disable-web-ui) and is only accessible via the API within the Docker network.
Models are automatically updated when the container starts. (LT_UPDATE_MODELS: true)
Data is persisted using Docker volumes for optimal performance and data safety.
Health checks ensure that the Docker engine properly observes the state of the service.
For GPU acceleration, use the CUDA image variant and ensure your system has NVIDIA Docker support. This container runs as a privileged user to be able to use the GPU.
No external ports are exposed, making the setup secure by default.

Shihni edhe

Anubis Docker container integration¶

Anubis is a web AI firewall utility to block AI scrapers and other disruptive traffic on the server. It is typically needed for publicly open Weblate installations to avoid excessive load caused by scraping.

Anubis can be deployed using Docker Compose:

anubis:
   image: ghcr.io/techarohq/anubis:latest
   environment:
      BIND: ":8923"
      DIFFICULTY: "4"
      METRICS_BIND: ":9090"
      SERVE_ROBOTS_TXT: "false"
      OG_PASSTHROUGH: "false"
      # The single space in TARGET enables subrequest authentication
      TARGET: " "
      # The redirect domain has to match WEBLATE_SITE_DOMAIN
      REDIRECT_DOMAINS: weblate.example.com
      # Generate a random private key using: openssl rand -hex 32
      ED25519_PRIVATE_KEY_HEX: "..."
      # Customize your Anubis policy
      POLICY_FNAME: /data/botPolicies.yaml
   healthcheck:
      test: ["CMD", "anubis", "--healthcheck"]
      interval: 5s
      timeout: 30s
      retries: 5
      start_period: 500ms
   volumes:
      - anubis-data:/data

volumes:
   anubis-data:

Shënim

The anubis-data volume in the above configuration is expected to contain botPolicies.yaml with a bot policy configured to your needs.

At minimum, you need to adjust status codes as described in https://anubis.techaro.lol/docs/admin/configuration/subrequest-auth.

It is also recommended to configure persistent storage backend as described in https://anubis.techaro.lol/docs/admin/policies/#storage-backends.

You can then turn on the Anubis usage in Weblate using:

environment:
   WEBLATE_ANUBIS_URL: http://anubis:8923

Shihni edhe

WEBLATE_ANUBIS_URL

Configuring PostgreSQL server¶

The PostgreSQL container uses default PostgreSQL configuration and it won’t effectively utilize your CPU cores or memory. It is recommended to customize the configuration to improve the performance.

The configuration can be adjusted as described in Database Configuration at https://hub.docker.com/_/postgres. The configuration matching your environment can be generated using https://pgtune.leopard.in.ua/.

Container internals¶

The container is using supervisor to start individual services. In case of Scaling horizontally, it only starts single service in a container.

To check the services status use:

docker compose exec --user weblate weblate supervisorctl status

There are individual services for each Celery queue (see Background tasks using Celery for details). You can stop processing some tasks by stopping the appropriate worker:

docker compose exec --user weblate weblate supervisorctl stop celery-translate