https://producthunt.programnotes.cn/en/tags/travel-planner/ Recent content in Travel Planner on Producthunt daily Hugo -- gohugo.io en Fri, 26 Jun 2026 18:35:07 +0800 https://producthunt.programnotes.cn/en/p/trek/ Fri, 26 Jun 2026 18:35:07 +0800 https://producthunt.programnotes.cn/en/p/trek/ <img src="https://images.unsplash.com/photo-1599498768887-b2472d987494?ixid=M3w0NjAwMjJ8MHwxfHJhbmRvbXx8fHx8fHx8fDE3ODI0Njk5Nzh8&ixlib=rb-4.1.0" alt="Featured image of post TREK" /><h1 id="mauriceboetrek"><a class="link" href="https://github.com/mauriceboe/TREK" target="_blank" rel="noopener" >mauriceboe/TREK</a> </h1><div align="center"> <picture> <source media="(prefers-color-scheme: dark)" srcset="docs/logo-trek-light.gif" /> <source media="(prefers-color-scheme: light)" srcset="docs/logo-trek-dark.gif" /> <img src="docs/logo-trek-dark.gif" alt="TREK" height="96" /> </picture> <br /> <picture> <source media="(prefers-color-scheme: dark)" srcset="docs/subtitle-light.png" /> <source media="(prefers-color-scheme: light)" srcset="docs/subtitle-dark.png" /> <img src="docs/subtitle-dark.png" alt="Your trips. Your plan. Your server." height="28" /> </picture> <p>A self-hosted, real-time collaborative travel planner — with maps, budgets, packing lists, a journal, and AI built in.</p> <br /> <p><a href="https://demo.liketrek.com"><img alt="Demo" src="https://img.shields.io/badge/Demo-try-111827?style=for-the-badge" /></a>   <a href="https://hub.docker.com/r/mauriceboe/trek"><img alt="Docker" src="https://img.shields.io/badge/Docker-ready-2496ED?style=for-the-badge" /></a>   <a href="https://discord.gg/NhZBDSd4qW"><img alt="Discord" src="https://img.shields.io/badge/Discord-join-5865F2?style=for-the-badge" /></a>   <a href="https://kanban.pakulat.org/shared/I4wxF6inOOMB0C6hH6kQm3efyNxFjwyI"><img alt="Roadmap" src="https://img.shields.io/badge/Roadmap-view-0EA5E9?style=for-the-badge" /></a> <br /> <a href="https://ko-fi.com/mauriceboe"><img alt="Ko-fi" src="https://img.shields.io/badge/Ko--fi-support-FF5E5B?style=for-the-badge" /></a>   <a href="https://www.buymeacoffee.com/mauriceboe"><img alt="BMAC" src="https://img.shields.io/badge/BMAC-support-FFDD00?style=for-the-badge" /></a> <br /> <a href="LICENSE"><img alt="License" src="https://img.shields.io/badge/license-AGPL_v3-6B7280?style=flat-square" /></a> <a href="https://github.com/mauriceboe/TREK/releases"><img alt="Latest Release" src="https://img.shields.io/github/v/release/mauriceboe/TREK?include_prereleases&style=flat-square&color=6B7280" /></a> <a href="https://hub.docker.com/r/mauriceboe/trek"><img alt="Docker Pulls" src="https://img.shields.io/docker/pulls/mauriceboe/trek?style=flat-square&color=6B7280" /></a> <a href="https://github.com/mauriceboe/TREK"><img alt="Stars" src="https://img.shields.io/github/stars/mauriceboe/TREK?style=flat-square&color=6B7280" /></a></p> </div> <hr> <div align="center"> <img src="https://github.com/mauriceboe/trek-media/releases/download/readme-assets/TREK1.gif" alt="TREK — 60-second tour" width="100%" /> </div> <br /> <div align="center"> <a href="docs/screenshots/dashboard.png"><img src="docs/screenshots/dashboard.png" alt="Dashboard" width="49%" /></a> <a href="docs/screenshots/trip-planner.png"><img src="docs/screenshots/trip-planner.png" alt="Trip planner with 3D map" width="49%" /></a> <a href="docs/screenshots/journey.png"><img src="docs/screenshots/journey.png" alt="Journey journal" width="49%" /></a> <a href="docs/screenshots/budget.png"><img src="docs/screenshots/budget.png" alt="Costs · expense splitting" width="49%" /></a> <a href="docs/screenshots/atlas.png"><img src="docs/screenshots/atlas.png" alt="Atlas · visited countries" width="49%" /></a> <a href="docs/screenshots/vacay.png"><img src="docs/screenshots/vacay.png" alt="Vacay planner" width="49%" /></a> <a href="docs/screenshots/trip-iceland.png"><img src="docs/screenshots/trip-iceland.png" alt="Trip planner · day plan and route" width="49%" /></a> <a href="docs/screenshots/admin.png"><img src="docs/screenshots/admin.png" alt="Admin panel" width="49%" /></a> </div> <hr> <h2 id="what-you-get">What you get </h2><picture> <source media="(max-width: 700px)" srcset="docs/tiles/grid-mobile.svg" /> <img src="docs/tiles/grid-desktop.svg" alt="TREK feature tiles" width="100%" /> </picture> <details> <summary><b>See all features</b></summary> <table> <tr> <td width="50%" valign="top"> <h4 id="-trip-planning">🧭 Trip planning </h4><ul> <li><strong>Drag &amp; drop planner</strong> — organise places into day plans with reordering and cross-day moves</li> <li><strong>Interactive map</strong> — Leaflet or Mapbox GL with 3D buildings, terrain, photo markers, clustering, route visualization</li> <li><strong>Place search</strong> — Google Places (photos, ratings, hours) or OpenStreetMap (free, no API key)</li> <li><strong>Place import</strong> — shared Google Maps / Naver Maps lists, plus GPX and KML/KMZ/GeoJSON map files</li> <li><strong>Day notes</strong> — timestamped, icon-tagged notes with drag-and-drop reordering</li> <li><strong>Route optimisation</strong> — auto-sort places and export to Google Maps</li> <li><strong>Weather forecasts</strong> — 16-day via Open-Meteo (no key) + historical climate fallback</li> <li><strong>Category filter</strong> — show only matching pins on the map</li> </ul> </td> <td width="50%" valign="top"> <h4 id="-travel-management">🧳 Travel management </h4><ul> <li><strong>Reservations</strong> — flights, accommodations, restaurants with status, confirmation numbers, files; import from booking confirmation emails and PDFs (<a class="link" href="https://invent.kde.org/pim/kitinerary" target="_blank" rel="noopener" >KDE Itinerary</a>)</li> <li><strong>Costs</strong> — track and split trip expenses (Splitwise-style): per-person / per-day breakdowns, settle-up, multi-currency</li> <li><strong>Packing lists</strong> — categories, templates, user assignment, progress tracking</li> <li><strong>Bag tracking</strong> — optional weight tracking with iOS-style distribution</li> <li><strong>Document manager</strong> — attach docs, tickets, PDFs to trips / places / reservations (≤ 50 MB each)</li> <li><strong>PDF export</strong> — full trip plan as PDF with cover page, images, notes</li> </ul> </td> </tr> <tr> <td width="50%" valign="top"> <h4 id="-collaboration">👥 Collaboration </h4><ul> <li><strong>Real-time sync</strong> — WebSocket. Changes appear instantly across all connected users</li> <li><strong>Multi-user trips</strong> — invite members with role-based access</li> <li><strong>Invite links</strong> — one-time or reusable links with expiry</li> <li><strong>SSO (OIDC)</strong> — Google, Apple, Authentik, Keycloak, or any OIDC provider</li> <li><strong>2FA</strong> — TOTP + backup codes</li> <li><strong>Passkeys</strong> — passwordless WebAuthn login (fingerprint / face / PIN / security key), admin-toggleable</li> <li><strong>Collab suite</strong> — group chat, shared notes, polls, day check-ins</li> </ul> </td> <td width="50%" valign="top"> <h4 id="-mobile--pwa">📱 Mobile &amp; PWA </h4><ul> <li><strong>Installable</strong> — iOS and Android, straight from the browser, no App Store needed</li> <li><strong>Offline support</strong> — Service Worker caches tiles, API, uploads via Workbox</li> <li><strong>Native feel</strong> — fullscreen standalone, themed status bar, splash screen</li> <li><strong>Touch optimised</strong> — mobile-specific layouts with safe-area handling</li> </ul> </td> </tr> <tr> <td width="50%" valign="top"> <h4 id="-addons-admin-toggleable">🧩 Addons (admin-toggleable) </h4><ul> <li><strong>Lists</strong> — packing lists + to-dos with templates, member assignments, optional bag tracking</li> <li><strong>Costs</strong> — expense tracker with splits and settle-up (who owes whom), multi-currency</li> <li><strong>Documents</strong> — file attachments on trips, places, and reservations</li> <li><strong>Collab</strong> — chat, notes, polls, day-by-day attendance</li> <li><strong>Vacay</strong> — personal vacation planner with calendar, 100+ country holidays, carry-over tracking</li> <li><strong>Atlas</strong> — world map of visited countries, bucket list, travel stats, streak tracking, liquid-glass UI</li> <li><strong>Journey</strong> — magazine-style travel journal with entries, photos (Immich/Synology), maps, moods</li> <li><strong>AirTrail</strong> — connect a self-hosted AirTrail instance to import and sync flights into reservations</li> <li><strong>MCP</strong> — expose TREK to AI assistants via OAuth 2.1</li> </ul> </td> <td width="50%" valign="top"> <h4 id="-ai--mcp">🤖 AI / MCP </h4><ul> <li><strong>Built-in MCP server</strong> — OAuth 2.1 authenticated. 150+ tools, 30 resources</li> <li><strong>Granular scopes</strong> — 27 OAuth scopes across 13 permission groups</li> <li><strong>Full automation</strong> — AI can create trips, plan days, build packing lists, manage budgets, mark countries visited</li> <li><strong>Pre-built prompts</strong> — <code>trip-summary</code>, <code>packing-list</code>, <code>budget-overview</code></li> <li><strong>Addon-aware</strong> — exposes Atlas, Collab, Vacay when those addons are on</li> </ul> </td> </tr> <tr> <td colspan="2" valign="top"> <h4 id="-admin--customisation">⚙️ Admin &amp; customisation </h4><ul> <li><strong>Dashboard views</strong> — card grid or compact list · <strong>Dark mode</strong> — full theme with matching status bar</li> <li><strong>20 languages</strong> — EN, DE, ES, FR, IT, NL, HU, RU, ZH, ZH-TW, PL, CS, AR (RTL), BR, ID, TR, JA, KO, UK, GR</li> <li><strong>Admin panel</strong> — users, invites, packing templates, categories, addons, API keys, backups, GitHub history</li> <li><strong>Notifications</strong> — per-user preferences across email (SMTP), webhook, ntfy, and an in-app notification center</li> <li><strong>Auto-backups</strong> — scheduled with configurable retention · <strong>Units</strong> — °C/°F, 12h/24h, map tile sources, default coordinates</li> </ul> </td> </tr> </table> </details> <br /> <h2 id="get-started-in-30-seconds">Get started in 30 seconds </h2><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="nv">ENCRYPTION_KEY</span><span class="o">=</span><span class="k">$(</span>openssl rand -hex 32<span class="k">)</span> docker run -d -p 3000:3000 <span class="se">\ </span></span></span><span class="line"><span class="cl"> -e <span class="nv">ENCRYPTION_KEY</span><span class="o">=</span><span class="nv">$ENCRYPTION_KEY</span> <span class="se">\ </span></span></span><span class="line"><span class="cl"> -v ./data:/app/data -v ./uploads:/app/uploads mauriceboe/trek </span></span></code></pre></td></tr></table> </div> </div><p>Open <code>http://localhost:3000</code>. On first boot TREK seeds an admin account — if you set <code>ADMIN_EMAIL</code>/<code>ADMIN_PASSWORD</code> those are used, otherwise the credentials are printed to the container log (<code>docker logs trek</code>).</p> <div align="center"> <p>  ·  <a href="#docker-compose-production">Docker Compose</a>  ·  <a href="#helm-kubernetes">Helm / Kubernetes</a>  ·  <a href="#install-as-app-pwa">Install as PWA</a>  ·  <a href="#reverse-proxy">Reverse Proxy</a>  ·  </p> </div> <br /> <h2 id="tech-stack">Tech stack </h2><div align="center"> <p><img src="https://img.shields.io/badge/Node.js_22-339933?style=flat-square&amp;logo=node.js&amp;logoColor=white" loading="lazy" alt="Node.js" > <img src="https://img.shields.io/badge/NestJS_11-E0234E?style=flat-square&amp;logo=nestjs&amp;logoColor=white" loading="lazy" alt="NestJS" > <img src="https://img.shields.io/badge/SQLite-003B57?style=flat-square&amp;logo=sqlite&amp;logoColor=white" loading="lazy" alt="SQLite" > <img src="https://img.shields.io/badge/React_19-61DAFB?style=flat-square&amp;logo=react&amp;logoColor=black" loading="lazy" alt="React" > <img src="https://img.shields.io/badge/Vite-646CFF?style=flat-square&amp;logo=vite&amp;logoColor=white" loading="lazy" alt="Vite" > <img src="https://img.shields.io/badge/TypeScript-3178C6?style=flat-square&amp;logo=typescript&amp;logoColor=white" loading="lazy" alt="TypeScript" > <img src="https://img.shields.io/badge/Tailwind-06B6D4?style=flat-square&amp;logo=tailwindcss&amp;logoColor=white" loading="lazy" alt="Tailwind" > <img src="https://img.shields.io/badge/Leaflet-199900?style=flat-square&amp;logo=leaflet&amp;logoColor=white" loading="lazy" alt="Leaflet" > <img src="https://img.shields.io/badge/Docker-2496ED?style=flat-square&amp;logo=docker&amp;logoColor=white" loading="lazy" alt="Docker" ></p> </div> <p>Real-time sync via WebSocket (<code>ws</code>). Backend on NestJS 11. State with Zustand. Auth via JWT + OAuth 2.1 + OIDC + Passkeys (WebAuthn) + TOTP MFA. Weather via Open-Meteo (no key required). Maps with Leaflet and Mapbox GL.</p> <br /> <h2 id="docker-compose-production">Docker Compose (production)</h2> <details> <summary>Full compose example with secure defaults</summary> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span><span class="lnt">24 </span><span class="lnt">25 </span><span class="lnt">26 </span><span class="lnt">27 </span><span class="lnt">28 </span><span class="lnt">29 </span><span class="lnt">30 </span><span class="lnt">31 </span><span class="lnt">32 </span><span class="lnt">33 </span><span class="lnt">34 </span><span class="lnt">35 </span><span class="lnt">36 </span><span class="lnt">37 </span><span class="lnt">38 </span><span class="lnt">39 </span><span class="lnt">40 </span><span class="lnt">41 </span><span class="lnt">42 </span><span class="lnt">43 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">services</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">app</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">mauriceboe/trek:latest</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">container_name</span><span class="p">:</span><span class="w"> </span><span class="l">trek</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">read_only</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">security_opt</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="kc">no</span>-<span class="l">new-privileges:true</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cap_drop</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">ALL</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cap_add</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">CHOWN</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">SETUID</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">SETGID</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">tmpfs</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">/tmp:noexec,nosuid,size=64m</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="s2">&#34;3000:3000&#34;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">environment</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">NODE_ENV=production</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">PORT=3000</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">ENCRYPTION_KEY=${ENCRYPTION_KEY:-} </span><span class="w"> </span><span class="c"># generate with: openssl rand -hex 32</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">TZ=${TZ:-UTC}</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">LOG_LEVEL=${LOG_LEVEL:-info}</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">ALLOWED_ORIGINS=${ALLOWED_ORIGINS:-}</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">APP_URL=${APP_URL:-} </span><span class="w"> </span><span class="c"># required for OIDC + email links</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># - FORCE_HTTPS=true # behind a TLS-terminating proxy</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># - TRUST_PROXY=1</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># - OIDC_ISSUER=https://auth.example.com</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># - OIDC_CLIENT_ID=trek</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># - OIDC_CLIENT_SECRET=supersecret</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># - OIDC_DISPLAY_NAME=SSO</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># - OIDC_ADMIN_CLAIM=groups</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="c"># - OIDC_ADMIN_VALUE=app-trek-admins</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">./data:/app/data</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">./uploads:/app/uploads</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">restart</span><span class="p">:</span><span class="w"> </span><span class="l">unless-stopped</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">healthcheck</span><span class="p">:</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">test</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">&#34;CMD&#34;</span><span class="p">,</span><span class="w"> </span><span class="s2">&#34;wget&#34;</span><span class="p">,</span><span class="w"> </span><span class="s2">&#34;-qO-&#34;</span><span class="p">,</span><span class="w"> </span><span class="s2">&#34;http://localhost:3000/api/health&#34;</span><span class="p">]</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">interval</span><span class="p">:</span><span class="w"> </span><span class="l">30s</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">timeout</span><span class="p">:</span><span class="w"> </span><span class="l">10s</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">retries</span><span class="p">:</span><span class="w"> </span><span class="m">3</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">start_period</span><span class="p">:</span><span class="w"> </span><span class="l">15s</span><span class="w"> </span></span></span></code></pre></td></tr></table> </div> </div><p>Then:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">docker compose up -d </span></span></code></pre></td></tr></table> </div> </div><p><strong>HTTPS notes:</strong> <code>FORCE_HTTPS=true</code> is optional — it adds a 301 redirect, HSTS, CSP upgrade-insecure-requests, and forces the <code>secure</code> cookie flag. Only use it behind a TLS-terminating reverse proxy. <code>TRUST_PROXY=1</code> tells the server how many proxies sit in front so real client IPs and <code>X-Forwarded-Proto</code> work.</p> </details> <br /> <h2 id="helm-kubernetes">Helm (Kubernetes)</h2> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">helm repo add trek https://mauriceboe.github.io/TREK </span></span><span class="line"><span class="cl">helm repo update </span></span><span class="line"><span class="cl">helm install trek trek/trek </span></span></code></pre></td></tr></table> </div> </div><p>See <a class="link" href="https://github.com/mauriceboe/TREK/blob/main/charts/README.md" target="_blank" rel="noopener" ><code>charts/README.md</code></a> for values.</p> <h2 id="install-as-app-pwa">Install as App (PWA)</h2> <p>TREK works as a Progressive Web App — no App Store needed.</p> <ol> <li>Open TREK in the browser (HTTPS required)</li> <li><strong>iOS</strong>: Share ▸ <em>Add to Home Screen</em></li> <li><strong>Android</strong>: Menu ▸ <em>Install app</em> (or <em>Add to Home Screen</em>)</li> </ol> <p>TREK then launches fullscreen with its own icon, just like a native app.</p> <br /> <h2 id="updating">Updating </h2><p><strong>Docker Compose:</strong></p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">docker compose pull <span class="o">&amp;&amp;</span> docker compose up -d </span></span></code></pre></td></tr></table> </div> </div><p><strong>Docker run</strong> — reuse the original volume paths:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">docker pull mauriceboe/trek </span></span><span class="line"><span class="cl">docker rm -f trek </span></span><span class="line"><span class="cl">docker run -d --name trek -p 3000:3000 -v ./data:/app/data -v ./uploads:/app/uploads --restart unless-stopped mauriceboe/trek </span></span></code></pre></td></tr></table> </div> </div><blockquote> <p>Not sure which paths you used? <code>docker inspect trek --format '{{json .Mounts}}'</code> before removing the container.</p> </blockquote> <p>Your data stays in the mounted <code>data</code> and <code>uploads</code> volumes — updates never touch it.</p> <blockquote> <p>[!IMPORTANT] Mount <strong>only</strong> the data and uploads directories — <code>-v ./data:/app/data -v ./uploads:/app/uploads</code>. <strong>Never mount a volume at <code>/app</code>.</strong> Doing so hides the application code shipped in the image and the container fails to start with <code>Cannot find module 'tsconfig-paths/register'</code>. If you previously mounted <code>/app</code>, switch to the two mounts above; your data in <code>data/</code> and <code>uploads/</code> is preserved.</p> </blockquote> <h3>Rotating the Encryption Key</h3> <p>If you need to rotate <code>ENCRYPTION_KEY</code> (e.g. upgrading from a version that derived encryption from <code>JWT_SECRET</code>):</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">docker <span class="nb">exec</span> -it trek node --import tsx scripts/migrate-encryption.ts </span></span></code></pre></td></tr></table> </div> </div><p>The script creates a timestamped DB backup before making changes and prompts for old + new keys (input is not echoed).</p> <h2 id="reverse-proxy">Reverse Proxy</h2> <p>For production, put TREK behind a TLS-terminating reverse proxy. TREK uses WebSockets for real-time sync, so the proxy <strong>must</strong> support WebSocket upgrades on <code>/ws</code>.</p> <details> <summary>Nginx</summary> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span><span class="lnt">24 </span><span class="lnt">25 </span><span class="lnt">26 </span><span class="lnt">27 </span><span class="lnt">28 </span><span class="lnt">29 </span><span class="lnt">30 </span><span class="lnt">31 </span><span class="lnt">32 </span><span class="lnt">33 </span><span class="lnt">34 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span class="line"><span class="cl"><span class="k">server</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="kn">listen</span> <span class="mi">80</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="kn">server_name</span> <span class="s">trek.yourdomain.com</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="kn">return</span> <span class="mi">301</span> <span class="s">https://</span><span class="nv">$host$request_uri</span><span class="p">;</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="k">server</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="kn">listen</span> <span class="mi">443</span> <span class="s">ssl</span> <span class="s">http2</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="kn">server_name</span> <span class="s">trek.yourdomain.com</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="kn">ssl_certificate</span> <span class="s">/etc/ssl/fullchain.pem</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="kn">ssl_certificate_key</span> <span class="s">/etc/ssl/privkey.pem</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="c1"># 500 MB covers backup-restore uploads (capped at 500 MB server-side). </span></span></span><span class="line"><span class="cl"> <span class="kn">client_max_body_size</span> <span class="mi">500m</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="kn">location</span> <span class="s">/</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="kn">proxy_pass</span> <span class="s">http://localhost:3000</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="kn">proxy_http_version</span> <span class="mi">1</span><span class="s">.1</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="nv">$host</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="kn">proxy_set_header</span> <span class="s">X-Real-IP</span> <span class="nv">$remote_addr</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-For</span> <span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-Proto</span> <span class="nv">$scheme</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="kn">location</span> <span class="s">/ws</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="kn">proxy_pass</span> <span class="s">http://localhost:3000</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="kn">proxy_http_version</span> <span class="mi">1</span><span class="s">.1</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="kn">proxy_set_header</span> <span class="s">Upgrade</span> <span class="nv">$http_upgrade</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="kn">proxy_set_header</span> <span class="s">Connection</span> <span class="s">&#34;upgrade&#34;</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="nv">$host</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="kn">proxy_read_timeout</span> <span class="mi">86400</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></td></tr></table> </div> </div></details> <details> <summary>Caddy</summary> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-caddy" data-lang="caddy"><span class="line"><span class="cl"><span class="gh">trek.yourdomain.com</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="k">reverse_proxy</span> <span class="n">localhost</span><span class="p">:</span><span class="mi">3000</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></td></tr></table> </div> </div><p>Caddy handles TLS and WebSockets automatically.</p> </details> <br /> <h2 id="environment-variables">Environment variables </h2><details> <summary><b>Full reference</b></summary> <br /> <table> <thead> <tr> <th>Variable</th> <th>Description</th> <th>Default</th> </tr> </thead> <tbody> <tr> <td><strong>Core</strong></td> <td></td> <td></td> </tr> <tr> <td><code>PORT</code></td> <td>Server port</td> <td><code>3000</code></td> </tr> <tr> <td><code>NODE_ENV</code></td> <td>Environment (<code>production</code> / <code>development</code>)</td> <td><code>production</code></td> </tr> <tr> <td><code>ENCRYPTION_KEY</code></td> <td>At-rest encryption key for stored secrets (API keys, MFA, SMTP, OIDC). Recommended: generate with <code>openssl rand -hex 32</code>. If unset, falls back to <code>data/.jwt_secret</code> (existing installs) or auto-generates a key (fresh installs).</td> <td>Auto</td> </tr> <tr> <td><code>TZ</code></td> <td>Timezone for logs, reminders and cron jobs (e.g. <code>Europe/Berlin</code>)</td> <td><code>UTC</code></td> </tr> <tr> <td><code>LOG_LEVEL</code></td> <td><code>info</code> = concise user actions, <code>debug</code> = verbose details</td> <td><code>info</code></td> </tr> <tr> <td><code>DEFAULT_LANGUAGE</code></td> <td>Default language on the login page for users with no saved preference. Browser/OS language is auto-detected first; this is the fallback. Supported: <code>de</code>, <code>en</code>, <code>es</code>, <code>fr</code>, <code>hu</code>, <code>nl</code>, <code>br</code>, <code>cs</code>, <code>pl</code>, <code>ru</code>, <code>zh</code>, <code>zh-TW</code>, <code>it</code>, <code>ar</code>, <code>id</code>, <code>tr</code>, <code>ja</code>, <code>ko</code>, <code>uk</code>, <code>gr</code></td> <td><code>en</code></td> </tr> <tr> <td><code>ALLOWED_ORIGINS</code></td> <td>Comma-separated origins for CORS and email links</td> <td>same-origin</td> </tr> <tr> <td><code>FORCE_HTTPS</code></td> <td>Optional. When <code>true</code>: 301-redirects HTTP to HTTPS, sends HSTS, adds CSP <code>upgrade-insecure-requests</code>, forces the session cookie <code>secure</code> flag. Useful behind a TLS-terminating reverse proxy. Requires <code>TRUST_PROXY</code>.</td> <td><code>false</code></td> </tr> <tr> <td><code>HSTS_INCLUDE_SUBDOMAINS</code></td> <td>When <code>true</code>: adds the <code>includeSubDomains</code> directive to the HSTS header, extending HTTPS enforcement to all subdomains. Only effective when HSTS is active (<code>FORCE_HTTPS=true</code> or <code>NODE_ENV=production</code>). Leave <code>false</code> if you run other services on sibling subdomains over plain HTTP.</td> <td><code>false</code></td> </tr> <tr> <td><code>COOKIE_SECURE</code></td> <td>Controls the <code>secure</code> flag on the <code>trek_session</code> cookie. Auto-derived: on when <code>NODE_ENV=production</code> or <code>FORCE_HTTPS=true</code>. Escape hatch: set <code>false</code> to allow session cookies over plain HTTP. Not recommended in production.</td> <td>auto</td> </tr> <tr> <td><code>SESSION_DURATION</code></td> <td>How long a login session stays valid when <strong>&ldquo;Remember me&rdquo; is unchecked</strong> (the default): sets the <code>trek_session</code> JWT <code>exp</code> and issues a browser-session cookie (cleared when the browser closes). Accepts <code>ms</code>-style strings: <code>1h</code>, <code>12h</code>, <code>7d</code>, <code>30d</code>, <code>90d</code>. Invalid values warn at startup and fall back to the default.</td> <td><code>24h</code></td> </tr> <tr> <td><code>SESSION_DURATION_REMEMBER</code></td> <td>Session length when <strong>&ldquo;Remember me&rdquo; is ticked</strong> at login: a longer-lived JWT plus a persistent <code>trek_session</code> cookie that survives browser restarts. Same format and startup-fallback behaviour as <code>SESSION_DURATION</code>.</td> <td><code>30d</code></td> </tr> <tr> <td><code>TRUST_PROXY</code></td> <td>Number of trusted reverse proxies. Tells the server to read client IP from <code>X-Forwarded-For</code> and protocol from <code>X-Forwarded-Proto</code>. Defaults to <code>1</code> in production; off in dev unless set.</td> <td><code>1</code></td> </tr> <tr> <td><code>ALLOW_INTERNAL_NETWORK</code></td> <td>Allow outbound requests to private/RFC-1918 IPs (e.g. Immich on your LAN). Loopback and link-local addresses remain blocked.</td> <td><code>false</code></td> </tr> <tr> <td><code>APP_URL</code></td> <td>Public base URL of this instance (e.g. <code>https://trek.example.com</code>). Required when OIDC is enabled; used as base for email notification links.</td> <td>—</td> </tr> <tr> <td><strong>OIDC / SSO</strong></td> <td></td> <td></td> </tr> <tr> <td><code>OIDC_ISSUER</code></td> <td>OpenID Connect provider URL</td> <td>—</td> </tr> <tr> <td><code>OIDC_CLIENT_ID</code></td> <td>OIDC client ID</td> <td>—</td> </tr> <tr> <td><code>OIDC_CLIENT_SECRET</code></td> <td>OIDC client secret</td> <td>—</td> </tr> <tr> <td><code>OIDC_DISPLAY_NAME</code></td> <td>Label shown on the SSO login button</td> <td><code>SSO</code></td> </tr> <tr> <td><code>OIDC_ONLY</code></td> <td>Force SSO-only mode: disables password login + registration, regardless of Admin &gt; Settings. The first SSO login becomes admin.</td> <td><code>false</code></td> </tr> <tr> <td><code>OIDC_ADMIN_CLAIM</code></td> <td>OIDC claim used to identify admin users</td> <td>—</td> </tr> <tr> <td><code>OIDC_ADMIN_VALUE</code></td> <td>Value of the OIDC claim that grants admin role</td> <td>—</td> </tr> <tr> <td><code>OIDC_SCOPE</code></td> <td>Space-separated OIDC scopes. <strong>Fully replaces</strong> the default — always include <code>openid email profile</code>.</td> <td><code>openid email profile</code></td> </tr> <tr> <td><code>OIDC_DISCOVERY_URL</code></td> <td>Override the auto-constructed OIDC discovery endpoint (e.g. Authentik: <code>.../application/o/trek/.well-known/openid-configuration</code>)</td> <td>—</td> </tr> <tr> <td><strong>Initial setup</strong></td> <td></td> <td></td> </tr> <tr> <td><code>ADMIN_EMAIL</code></td> <td>Email for the first admin on initial boot. Must be set together with <code>ADMIN_PASSWORD</code>. If either is omitted a random password is printed to the server log. No effect once a user exists.</td> <td><code>admin@trek.local</code></td> </tr> <tr> <td><code>ADMIN_PASSWORD</code></td> <td>Password for the first admin on initial boot. Pairs with <code>ADMIN_EMAIL</code>.</td> <td>random</td> </tr> <tr> <td><strong>Other</strong></td> <td></td> <td></td> </tr> <tr> <td><code>DEMO_MODE</code></td> <td>Enable demo mode (hourly data resets)</td> <td><code>false</code></td> </tr> <tr> <td><code>MCP_RATE_LIMIT</code></td> <td>Max MCP API requests per user per minute</td> <td><code>300</code></td> </tr> <tr> <td><code>MCP_MAX_SESSION_PER_USER</code></td> <td>Max concurrent MCP sessions per user</td> <td><code>20</code></td> </tr> </tbody> </table> </details> <br /> <h2 id="data--backups">Data &amp; Backups </h2><ul> <li><strong>Database</strong> — SQLite, stored in <code>./data/travel.db</code></li> <li><strong>Uploads</strong> — stored in <code>./uploads/</code></li> <li><strong>Logs</strong> — <code>./data/logs/trek.log</code> (auto-rotated)</li> <li><strong>Backups</strong> — create and restore via Admin Panel</li> <li><strong>Auto-Backups</strong> — configurable schedule and retention in Admin Panel</li> </ul> <br /> <h2 id="data-sources">Data sources </h2><p>The Atlas map&rsquo;s country and sub-national (province/county) boundaries come from <a class="link" href="https://www.geoboundaries.org/" target="_blank" rel="noopener" ><strong>geoBoundaries</strong></a> (Runfola et al., 2020), licensed <a class="link" href="https://creativecommons.org/licenses/by/4.0/" target="_blank" rel="noopener" >CC BY 4.0</a>. See <a class="link" href="NOTICE.md" >NOTICE.md</a> for full third-party attributions.</p> <h2 id="license">License </h2><p>TREK is <a class="link" href="LICENSE" >AGPL v3</a>. Self-host freely for personal or internal company use. If you modify and offer TREK as a network service to third parties, your modifications must be open-sourced under the same licence.</p>