Environment Variables
Environment variables provides global configuration
Main server environment variable provides global configuration for main server.
This sets the listen address of the main server. The default is
0.0.0.0:3000.This sets the listen address of the resolver server. The default is
0.0.0.0:3001.This sets the listen address of the Admin API server. The default is
0.0.0.0:3002.This sets the file path of TLS certificate. It is only used when development mode is enabled. The default is
tls-cert.pem.This sets the file path of TLS private key. It is only used when development mode is enabled. The default is
tls-key.pem.This sets the authorization mode of the Admin API. Valid values are
jwt and none. The default is jwt.When the value is
jwt, all requests to the Admin API must bear a valid JWT.When the value is
none, no authorization is needed. You must NOT use none in production unless you know the implied consequences.This sets the type of the configuration. Valid values are
local_fs and kubernetes. The default is local_fs.This indicates the path to the
.kubeconfig config file. It is only used when configuration type is kubernetes.This indicates the namespace where Kubernetes resources of all apps reside. It is only used when configuration type is
kubernetes.This indicates whether the configuration source would watch for changes and reload automatically. The default is
true.This sets the path to app configuration directory file for local FS sources. The default is
..This sets the directory for built-in resource files. The default is
resources/authgear.This sets the directory for customized resource files.
This sets whether the bundled static asset should be served. Default is
true. You should never modify it.This sets the filepath of the directory containing the bundled static asset. The default value of the provided Docker image does the right thing so you should never need to set it.
Portal environment variable provides global configuration for Authegar portal.
This sets the listen address of the portal server. The default is
0.0.0.0:3003.This sets the type of the configuration. Valid values are
local_fs and kubernetes. The default is local_fs.This indicates the path to the
.kubeconfig config file. It is only used when configuration type is kubernetes.This indicates the namespace where Kubernetes resources of all apps reside. It is only used when configuration type is
kubernetes.This indicates whether the configuration source would watch for changes and reload automatically. The default is
true.This sets the path to app configuration directory file for local FS sources. The default is
..This sets the OAuth client ID for Authgear portal.
This sets the OAuth endpoint for Authgear portal.
This sets the OAuth app ID for Authgear portal.
This sets the type of the admin API. The only supported value for now is
static. The default is static, so you should never change it.This sets the endpoint of Admin API server. The default is
http://localhost:3002.This sets the host for tenant resolution. The default is
localhost:3002.This sets the host suffix for Authgear portal.
This sets the regular expression pattern for app ID validation. The defaults is
^[a-z0-9][a-z0-9-]{2,30}[a-z0-9]$.This sets the file of Kubernetes ingress template. It is only used when configuration type is
kubernetes.This sets the TLS cert type for default domain. Valid values are
none, static, and cert-manager. The default is none. It is only used when configuration type is kubernetes.This sets the secret name for default domain. It is only used when configuration type is
kubernetes and TLS cert type is static.This sets the issuer kind for default domain. It is only used when configuration type is
kubernetes and TLS cert type is cert-manager.This sets the issuer name for default domain. It is only used when configuration type is
kubernetes and TLS cert type is cert-manager.This sets the TLS cert type for custom domain. Valid values are
none, static, and cert-manager. The default is none. It is only used when configuration type is kubernetes.This sets the secret name for custom domain. It is only used when configuration type is
kubernetes and TLS cert type is static.This sets the issuer kind for custom domain. It is only used when configuration type is
kubernetes and TLS cert type is cert-manager.This sets the issuer name for custom domain. It is only used when configuration type is
kubernetes and TLS cert type is cert-manager.This sets the directory for built-in resource files. The default is
resources/authgear.This sets the directory for customized resource files.
This sets the maximum number of apps user owned. When the value is
-1, owned apps limit is disabled. The default is -1.This sets whether the bundled static asset should be served. Default is
true. You should never modify it.This sets the filepath of the directory containing the bundled static asset. The default value of the provided Docker image does the right thing so you should never need to set it.
This sets the URL of backend database.
This sets the database schema of backend database. The default is
public.This sets the maximum open connections of backend database. The default is
2.This sets the maximum idle connections of backend database. The default is
2.This sets the maximum lifetime of backend database connection in seconds. The default is
1800.This sets the maximum idle time of backend database connection in seconds. The default is
300.This sets the server host of SMTP server.
This sets the server port of SMTP server.
This sets the username of SMTP server.
This sets the password of SMTP server.
This sets the SMTP mode. Valid values are
normal and ssl. The default is normal.This sets the sender field of admin invitation email.
This sets the reply to field of admin invitation email.
This sets the directory for built-in resource files. The default is
resources/portal.This sets the directory for customized resource files.
Common environment variable provides global configuration for both main server and Authgear portal.
This sets whether incoming HTTP headers such as
x-forwarded-host can be trusted. If you deploy Authgear behind a reverse proxy capable of writing these headers, you should set the value to true. The default is false.This sets whether Authgear should run in development mode. You should never need to set it. The default is
false.When development mode is enabled:
- TLS certificate is required, to enable secure cookies.
- All
Hostheader values are allowed. - External message sending (SMS/Email) is disabled; messages to send are logged instead.
This sets the global log level. Valid values are
debug, info, warn and error. The default is warn.This sets the URL prefix of the bundled static asset. The default value includes commit hash so it is cache-friendly.
The sets the Sentry DSN, where errors/logs are reported to.
Last modified 1yr ago