Date: 2026-03-12 Hostname: docker-host IP address: 192.168.0.110
DocuSeal E-Signature Setup¶
Self-hosted e-signature platform. Allows sending documents to recipients who sign them in the browser - no account or software required on the recipient's side. Built on the eIDAS simple electronic signature (SES) standard.
Overview¶
| Property | Value |
|---|---|
| Service | DocuSeal |
| Image | docuseal/docuseal:latest |
| Host | LXC 100 (docker-host) |
| Port | 3003 |
| Public URL | https://sign.homelabor.net |
| Data | /srv/docker-data/docuseal |
| SMTP relay | Resend (smtp.resend.com) |
Prerequisites¶
Resend SMTP Account¶
DocuSeal requires an SMTP relay to send signing invitation emails to recipients. Resend is used over Brevo because it has better transactional email deliverability and allows disabling click tracking (Brevo wraps all links in tracking URLs which look suspicious in signing emails).
- Register at resend.com
- Go to Domains and add
homelabor.net, select Ireland region, manual setup - Add the DNS records to Cloudflare:
- TXT
resend._domainkey- DKIM record - MX
send- SPF enable sending - TXT
send- SPF record - TXT
_dmarc-v=DMARC1; p=none;(optional but recommended) - All records must use DNS only (gray cloud) proxy status
- Click Verify in Resend dashboard - wait for "Verified" status
- Go to API Keys and create a new key with Sending access (not full access)
- Note the SMTP credentials:
- Server:
smtp.resend.com - Port:
587 - Username:
resend(literal string, not your email) - Password: the generated API key
Cloudflare DNS¶
Add an A record for the signing subdomain:
Pangolin Resource¶
Create a new resource in Pangolin dashboard:
- Name: DocuSeal
- Subdomain:
sign - Target:
192.168.0.110:3003 - Authentication: Disabled (signing links must be publicly accessible)
Docker Compose¶
File: compose/proxmox-lxc-100/docuseal/docker-compose.yml
services:
docuseal:
image: docuseal/docuseal:latest
container_name: docuseal
environment:
- TZ=Europe/Budapest
- SECRET_KEY_BASE=${DOCUSEAL_SECRET_KEY}
- SMTP_ADDRESS=${SMTP_ADDRESS}
- SMTP_PORT=${SMTP_PORT}
- SMTP_USERNAME=${SMTP_USERNAME}
- SMTP_PASSWORD=${SMTP_PASSWORD}
- SMTP_FROM=${SMTP_FROM}
volumes:
- /srv/docker-data/docuseal:/data
ports:
- 3003:3000
restart: unless-stopped
Komodo Stack Environment¶
Set the following in Komodo Stack Environment (not in the compose file):
DOCUSEAL_SECRET_KEY=<output of: openssl rand -hex 32>
SMTP_ADDRESS=smtp.resend.com
SMTP_PORT=587
SMTP_USERNAME=resend
SMTP_PASSWORD=<Resend API key with Sending access>
SMTP_FROM=noreply@homelabor.net
Note: DocuSeal requires SMTP_FROM specifically - SMTP_FROM_EMAIL is not recognized by its mail interceptor.
Initial Setup¶
- Deploy via Komodo
- Open https://sign.homelabor.net/setup
- Fill in:
- First name, Last name, Email, Company name
- Password (this is the admin login)
- App URL:
https://sign.homelabor.net(auto-filled) - Skip the developer newsletter prompt
Signing Workflow¶
Sending a document for signing¶
- Go to https://sign.homelabor.net
- Upload a New Document - drag and drop a PDF
- In the template editor, drag a Signature field onto the document where the recipient should sign
- Click Send - enter the recipient's name and email
- The recipient gets an email with a signing link
Recipient experience¶
- Recipient clicks the link in the email
- Opens in browser - no account or software needed
- Clicks the signature field, draws or types their signature
- Submits - gets a completion confirmation
After signing¶
- You receive a notification email (if enabled in Settings -> Notifications)
- The signed PDF with audit trail is available in the DocuSeal dashboard
- Audit trail includes: signer name, email, IP address, timestamp, completion certificate
Troubleshooting¶
Email not received¶
If DocuSeal says sent but no email arrives:
- Check spam folder - Outlook/Hotmail is very strict with new domains, Gmail is more reliable
- Check Resend dashboard -> Emails for delivery status
- Verify SMTP env vars in container:
docker exec docuseal printenv | grep SMTP - Test SMTP connectivity:
docker exec docuseal sh -c 'nc -zv smtp.resend.com 587' - Common mistake: using
SMTP_FROM_EMAILinstead ofSMTP_FROM- DocuSeal's interceptor only readsSMTP_FROM
Sign button not visible on signing page¶
The submission was created before a signature field was added to the template. Delete the submission and send a new one.
Port conflict on deploy¶
Port 3003 was chosen because: - 3000 - BentoPDF - 3002 - Homepage
Check for conflicts: ss -tlnp | grep 300
n8n Automation¶
Workflow: DocuSeal - Form to E-Signature (n8n LXC 107)
Flow¶
POST /webhook/docuseal-form
→ DocuSeal API (create submission)
→ Telegram notification
→ Webhook response
Trigger¶
curl -X POST http://192.168.0.112:5678/webhook/docuseal-form \
-H "Content-Type: application/json" \
-d '{"name": "John Doe", "email": "john@example.com", "agree": true}'
DocuSeal API call¶
POST https://sign.homelabor.net/api/submissions- Header:
X-Auth-Token(DocuSeal API key from Settings → API) - Body:
template_id,submittersarray withname,email,role: "First Party" - Template ID 3 by default - change in the HTTP Request node to use a different template
Telegram¶
- Bot:
@n8n_teacher_bot - Chat ID: stored in n8n Telegram node (get via
https://api.telegram.org/bot<TOKEN>/getUpdates) - Credential: "Telegram account 2" in n8n
Notes¶
sent_atin DocuSeal response confirms the email was queued - check spam if not received- To swap the document: upload a new template in DocuSeal, update
template_idin the HTTP Request node - Role name must match exactly what's set in the template submitters (default: "First Party")
Notes¶
- DocuSeal uses SQLite by default - no separate database container needed
- Data is persisted at
/srv/docker-data/docuseal - eIDAS level: Simple Electronic Signature (SES) - legally valid for most business purposes, but not equivalent to QES (qualified) which requires a certified CA
- Authentication on the Pangolin resource must remain disabled so signing links work for external recipients without a Pangolin account