Excalidraw should be configured for secure collaboration links, controlled persistence, and predictable backend behavior.
VITE_APP_DISABLE_SENTRY=true
VITE_APP_BACKEND_V2_GET_URL=https://draw.example.com/api/v2/scenes/
VITE_APP_BACKEND_V2_POST_URL=https://draw.example.com/api/v2/scenes/
¶ Collaboration and access policy
- Define whether boards are public-link based or protected behind SSO.
- Set retention policy for shared scenes and attachments.
- Restrict admin/API endpoints by network policy.
¶ Storage and backend policy
- Keep scene storage backend on persistent volumes.
- Enforce file upload size/type limits.
- Enable TLS and secure headers at reverse proxy.
¶ Backup and recovery
Back up:
- scene data backend
- service configuration and env files
Recovery test:
- Restore backend data.
- Open existing board URL.
- Validate live collaboration and asset loading.
- HTTPS enforced.
- Collaboration websocket health monitored.
- Storage growth monitored.
- Restore tests documented.
Feel free to contact us. Find all contact information on our contact page.