From ba179c4b57405948ef476152270f263e524b6323 Mon Sep 17 00:00:00 2001 From: alam00000 Date: Sat, 28 Mar 2026 23:55:30 +0530 Subject: [PATCH] feat: add documentation for disabling specific tools in self-hosting --- README.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/README.md b/README.md index cf25b4b..2059cd3 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,7 @@ - [Podman Quadlet](#-podman-quadlet-systemd-integration) - [Simple Mode](#-simple-mode-for-internal-use) - [Custom Branding](#-custom-branding) + - [Disabling Specific Tools](#-disabling-specific-tools) - [WASM Configuration](#wasm-configuration) - [Air-Gapped / Offline Deployment](#air-gapped--offline-deployment) - [Security Features](#-security-features) @@ -842,6 +843,34 @@ Or set the values in `.env.production` before building. > [!TIP] > Branding works in both full mode and Simple Mode. You can combine it with other build-time options like `SIMPLE_MODE`, `BASE_URL`, and `VITE_DEFAULT_LANGUAGE`. +### 🚫 Disabling Specific Tools + +Hide tools from the UI for compliance or security requirements. Disabled tools are removed from the homepage, search, keyboard shortcuts, workflow builder, and direct URL access. + +Tool IDs are the page URL without `.html` — open any tool and look at the URL (e.g., `edit-pdf`, `sign-pdf`, `encrypt-pdf`). + +**Build-time** (baked into the bundle): + +```bash +docker build --build-arg DISABLE_TOOLS="edit-pdf,sign-pdf,encrypt-pdf" -t bentopdf . +``` + +**Runtime** (no rebuild — mount a `config.json`): + +```json +{ + "disabledTools": ["edit-pdf", "sign-pdf", "encrypt-pdf"] +} +``` + +```bash +docker run -d -p 3000:8080 \ + -v ./config.json:/usr/share/nginx/html/config.json:ro \ + ghcr.io/alam00000/bentopdf:latest +``` + +Both methods can be combined — the lists are merged. For the full list of tool IDs, see the [self-hosting docs](https://bentopdf.com/docs/self-hosting/docker#disabling-specific-tools). + ### 🔒 Security Features BentoPDF runs as a non-root user using nginx-unprivileged for enhanced security: