config.example.env

#!/usr/bin/env bash

# Please change this to domain of the server where oneuptime is hosted on.
HOST=localhost
PROVISION_SSL=false

# OneUptime Port. This is the port where OneUptime will be hosted on. 
ONEUPTIME_HTTP_PORT=80

# ==============================================
# SETTING UP TLS/SSL CERTIFICATES
# ==============================================
# OneUptime can automatically provision SSL certificates for the HOST when PROVISION_SSL=true.
# This requires port 80/443 to be reachable for Let's Encrypt validation and the HOST domain pointing to this server.
# If you prefer to terminate TLS on an external reverse proxy, leave PROVISION_SSL=false and manage certificates yourself.
HTTP_PROTOCOL=http

# Captcha configuration
CAPTCHA_ENABLED=false
CAPTCHA_SITE_KEY=
CAPTCHA_SECRET_KEY=

# Secrets - PLEASE CHANGE THESE. Please change these to something random. All of these can be different values.
ONEUPTIME_SECRET=please-change-this-to-random-value
REGISTER_PROBE_KEY=please-change-this-to-random-value
DATABASE_PASSWORD=please-change-this-to-random-value
CLICKHOUSE_PASSWORD=please-change-this-to-random-value
REDIS_PASSWORD=please-change-this-to-random-value
ENCRYPTION_SECRET=please-change-this-to-random-value
GLOBAL_PROBE_1_KEY=probe-1-please-change-this-to-random-value
GLOBAL_PROBE_2_KEY=probe-2-please-change-this-to-random-value


# If you are connecting Status Pages to custom domains, then this will be the port where the status page will be hosted on.
# This should be https port because oneuptime automatically generates ssl certs from lets encrypt. 
STATUS_PAGE_HTTPS_PORT=443


# If you would like to attach status pages to custom domains use this setting.
# For example, lets say you would like the status page to be hosted on status.yourcompany.com, then
# 1. Create a A record in your DNS provider with the name "oneuptime.yourcompany.com" and value to Public IP of the server oneuptime is deployed on.
# 2. Set the STATUS_PAGE_CNAME_RECORD to "oneuptime.yourcompany.com"
# 3. Create CNAME record in your DNS provider with the name "status.yourcompany.com" and value "oneuptime.yourcompany.com"
STATUS_PAGE_CNAME_RECORD=oneuptime.yourcompany.com

# If you would like to attach public dashboards to custom domains use this setting.
# Works the same way as STATUS_PAGE_CNAME_RECORD but for dashboards.
# For example, if you want dashboard.yourcompany.com to show a public dashboard:
# 1. Set the DASHBOARD_CNAME_RECORD to "oneuptime.yourcompany.com"
# 2. Create CNAME record in your DNS provider with the name "dashboard.yourcompany.com" and value "oneuptime.yourcompany.com"
DASHBOARD_CNAME_RECORD=oneuptime.yourcompany.com


# --------------------------------------------- #
# You can safely ignore anything below this line. Keep them as default to make things work. 
# --------------------------------------------- #
# This supports test | production | development | ci. 
# Development is used for local development. Test is used for insider / beta / staging builds. Production is used for production ready app. ci is for testing in the CI/CD. 
ENVIRONMENT=production

# What image should we pull from docker hub. This only applies when the ENVIRONMENT is production or test
APP_TAG=release

# Change this to true if you are using enterprise edition. Keep it false if you are using community edition.
IS_ENTERPRISE_EDITION=false

# What is the name of the docker compose project. This is used to prefix the docker containers.
COMPOSE_PROJECT_NAME=oneuptime


# Clickhouse Settings
CLICKHOUSE_USER=default
CLICKHOUSE_DATABASE=oneuptime
CLICKHOUSE_HOST=clickhouse
CLICKHOUSE_PORT=8123


# Postgres DB Settings. 
DATABASE_PORT=5432
DATABASE_USERNAME=postgres
DATABASE_NAME=oneuptimedb
DATABASE_HOST=postgres

# Used to connect to managed postgres providers.
# Fill only what your provider needs.
DATABASE_SSL_REJECT_UNAUTHORIZED=false
DATABASE_SSL_CA=
DATABASE_SSL_KEY=
DATABASE_SSL_CERT=

# Redis DB Settings. 

REDIS_HOST=redis
REDIS_PORT=6379
REDIS_DB=0
REDIS_USERNAME=default
REDIS_IP_FAMILY=
REDIS_TLS_CA=
REDIS_TLS_SENTINEL_MODE=false

# Hostnames. Usually does not need to change. 
SERVER_APP_HOSTNAME=app
#Ports. Usually they don't need to change.

APP_PORT=3002
TEST_SERVER_PORT=3800
HOME_PORT=1444
# Plans
# This is in the format of PlanName,PlanIdFromBillingProvider,MonthlySubscriptionPlanAmountInUSD,YearlySubscriptionPlanAmountInUSD,Order,TrialPeriodInDays
# Enterprise plan will have -1 which means custom pricing. 
SUBSCRIPTION_PLAN_BASIC=Basic,priceMonthlyId,priceYearlyId,0,0,1,0
SUBSCRIPTION_PLAN_GROWTH=Growth,priceMonthlyId,priceYearlyId,0,0,2,14
SUBSCRIPTION_PLAN_SCALE=Scale,priceMonthlyId,priceYearlyId,0,0,3,0
SUBSCRIPTION_PLAN_ENTERPRISE=Enterprise,priceMonthlyId,priceYearlyId,-1,-1,4,14


# If you want to run the backup script, then you need to fill these values.
DATABASE_BACKUP_DIRECTORY=/Backups
DATABASE_BACKUP_HOST=localhost
DATABASE_BACKUP_PORT=5400
DATABASE_BACKUP_NAME=oneuptimedb
DATABASE_BACKUP_USERNAME=postgres
DATABASE_BACKUP_PASSWORD=${DATABASE_PASSWORD}


# If you want to run the restore script, then you need to fill these values. Use host.docker.internal if you want to use the host machine's IP.
DATABASE_RESTORE_HOST=host.docker.internal
DATABASE_RESTORE_DIRECTORY=/Backups
DATABASE_RESTORE_PORT=5400
DATABASE_RESTORE_NAME=oneuptimedb
DATABASE_RESTORE_USERNAME=postgres
DATABASE_RESTORE_PASSWORD=${DATABASE_PASSWORD}
DATABASE_RESTORE_FILENAME=db-31.backup

ANALYTICS_KEY=
ANALYTICS_HOST=

DATABASE_MIGRATIONS_HOST=localhost
DATABASE_MIGRATIONS_PORT=5400

# Global Probes
# This is in the format of GLOBAL_PROBE_NAME=ProbeName,ProbeDescription,ProbeKey
GLOBAL_PROBE_1_NAME="Probe-1"
GLOBAL_PROBE_1_DESCRIPTION="Global probe to monitor oneuptime resources"
GLOBAL_PROBE_1_MONITORING_WORKERS=5
GLOBAL_PROBE_1_MONITOR_FETCH_LIMIT=10
GLOBAL_PROBE_1_ONEUPTIME_URL=http://localhost
GLOBAL_PROBE_1_SYNTHETIC_MONITOR_SCRIPT_TIMEOUT_IN_MS=60000
GLOBAL_PROBE_1_CUSTOM_CODE_MONITOR_SCRIPT_TIMEOUT_IN_MS=60000
GLOBAL_PROBE_1_PORT=3874
# (Optional) If you want to use a proxy for the probe, then you can set the proxy URL here. For example, if you're using a proxy server like Caddy or Nginx, then you can set the proxy URL here.
GLOBAL_PROBE_1_PROXY_URL=

GLOBAL_PROBE_2_NAME="Probe-2"
GLOBAL_PROBE_2_DESCRIPTION="Global probe to monitor oneuptime resources"
GLOBAL_PROBE_2_MONITORING_WORKERS=5
GLOBAL_PROBE_2_MONITOR_FETCH_LIMIT=10
GLOBAL_PROBE_2_ONEUPTIME_URL=http://localhost
GLOBAL_PROBE_2_SYNTHETIC_MONITOR_SCRIPT_TIMEOUT_IN_MS=60000
GLOBAL_PROBE_2_CUSTOM_CODE_MONITOR_SCRIPT_TIMEOUT_IN_MS=60000
GLOBAL_PROBE_2_PORT=3875
# (Optional) If you want to use a proxy for the probe, then you can set the proxy URL here. For example, if you're using a proxy server like Caddy or Nginx, then you can set the proxy URL here.
GLOBAL_PROBE_2_PROXY_URL=

SMS_DEFAULT_COST_IN_CENTS=
CALL_DEFAULT_COST_IN_CENTS_PER_MINUTE=

SMS_HIGH_RISK_COST_IN_CENTS=
WHATSAPP_TEXT_DEFAULT_COST_IN_CENTS=
CALL_HIGH_RISK_COST_IN_CENTS_PER_MINUTE=

# IS BILLING ENABLED for this installer.
BILLING_ENABLED=false
# Public and private key for billing provider, usually stripe.
BILLING_PUBLIC_KEY=
BILLING_PRIVATE_KEY=
# Webhook secret for verifying Stripe webhook events (for automatic invoice emails)
# Get this from Stripe Dashboard > Developers > Webhooks > Your endpoint > Signing secret
BILLING_WEBHOOK_SECRET=

# Average telemetry row sizes in bytes used to estimate usage when reporting to the billing provider.
AVERAGE_SPAN_ROW_SIZE_IN_BYTES=1024
AVERAGE_LOG_ROW_SIZE_IN_BYTES=1024
AVERAGE_METRIC_ROW_SIZE_IN_BYTES=1024
AVERAGE_EXCEPTION_ROW_SIZE_IN_BYTES=1024

# Use this when you want to disable incident creation.
DISABLE_AUTOMATIC_INCIDENT_CREATION=false

# Use this when you want to disable incident creation.
DISABLE_AUTOMATIC_ALERT_CREATION=false

# When set to true, OneUptime will reject all incoming telemetry ingestion
# (OpenTelemetry traces / metrics / logs / profiles over HTTP and gRPC,
# Fluentd logs, Syslog logs, and Pyroscope profiles). The ingestion endpoints
# stay reachable and return success quickly so clients don't retry, but no
# data is queued or persisted.
DISABLE_TELEMETRY_INGESTION=false

# If you're using an extrenal open telemetry collector, you can set the endpoint here - both server and client endpoint can be the same in this case. 

# You can set the env var to an OTLP endpoint if you want instrumentation to be exported.
OPENTELEMETRY_EXPORTER_OTLP_ENDPOINT=

# You can set the env var to "x-oneuptime-token=<YOUR_ONEUPTIME_TELEMETRY_INGEST_TOKEN>"
OPENTELEMETRY_EXPORTER_OTLP_HEADERS=

# This can be one of ERROR, WARN, INFO, DEBUG
LOG_LEVEL=ERROR

# Thse env vars are for E2E tests
E2E_TEST_IS_USER_REGISTERED=false
E2E_TEST_REGISTERED_USER_EMAIL=
E2E_TEST_REGISTERED_USER_PASSWORD=
# If you want to run the E2E tests on a status page, then you need to fill in the URL. 
E2E_TEST_STATUS_PAGE_URL=

# This URL will be called when the E2E tests fail. This should be a GET endpoint.
E2E_TESTS_FAILED_WEBHOOK_URL=


# This is the timeout for the workflow script in milliseconds.
# How long do we wait for "Scripts" (like Custom Code Components) running in workflow to complete.
WORKFLOW_SCRIPT_TIMEOUT_IN_MS=5000
# How long do we wait for entire workflow to complete.
WORKFLOW_TIMEOUT_IN_MS=5000


# Concurrency settings
# Max number of telemetry jobs processed concurrently by OpenTelemetry Ingest worker
TELEMETRY_CONCURRENCY=100

# Max number of jobs processed concurrently by Fluent Logs worker
FLUENT_LOGS_CONCURRENCY=100


# Max number of jobs processed concurrently by Worker service
WORKER_CONCURRENCY=100



# Lets encrypt notification email. This email will be used when certs are about to expire
LETS_ENCRYPT_NOTIFICATION_EMAIL=
# Generate a private key via openssl, encode it to base64 and paste it here.
# Example: "LS0tLS....1cbg=="
LETS_ENCRYPT_ACCOUNT_KEY=

# This is the number of active monitors allowed in the free plan.
ALLOWED_ACTIVE_MONITOR_COUNT_IN_FREE_PLAN=10

# Open Source Deployment Webhook
# This webhook is called when a new self-hosted open source deployment registers.
OPEN_SOURCE_DEPLOYMENT_WEBHOOK_URL=

# Notifications Webhook (Slack)

# This webhook notifies slack when the new user signs up or is created.
NOTIFICATION_SLACK_WEBHOOK_ON_CREATED_USER=
# This webhook notifies slack when the new project is created.
NOTIFICATION_SLACK_WEBHOOK_ON_CREATED_PROJECT=
# This webhook notifies slack when the project is deleted.
NOTIFICATION_SLACK_WEBHOOK_ON_DELETED_PROJECT=
# This webhook notifies slack when the subscription is updated.
NOTIFICATION_SLACK_WEBHOOK_ON_SUBSCRIPTION_UPDATE=

# VAPID keys for Web Push Notifications
# Generate using: npx web-push generate-vapid-keys
VAPID_PUBLIC_KEY=
VAPID_PRIVATE_KEY=
VAPID_SUBJECT=mailto:support@oneuptime.com

# Expo access token for sending mobile push notifications directly via Expo SDK.
# If not set, push notifications are relayed through the push notification relay URL below.
EXPO_ACCESS_TOKEN=

# Push notification relay URL for self-hosted instances without Expo credentials.
# Self-hosted servers relay push notifications through this gateway.
PUSH_NOTIFICATION_RELAY_URL=https://oneuptime.com/api/notification/push-relay/send

# LLM Environment Variables

# Hugging Face Token for LLM Server to downlod models from Hugging Face
LLM_SERVER_HUGGINGFACE_TOKEN=

# Hugging Face Model Name for LLM Server to download.
LLM_SERVER_HUGGINGFACE_MODEL_NAME=


# AI Agent Configuration
AI_AGENT_KEY=please-change-this-to-random-value
AI_AGENT_ONEUPTIME_URL=http://localhost
AI_AGENT_PORT=3876

# By default telemetry is disabled for all services in docker compose. If you want to enable telemetry for a service, then set the env var to false.
DISABLE_TELEMETRY_FOR_APP=true
DISABLE_TELEMETRY_FOR_TEST_SERVER=true
DISABLE_TELEMETRY_FOR_PROBE=true
DISABLE_TELEMETRY_FOR_INGRESS=true
DISABLE_TELEMETRY_FOR_AI_AGENT=true

# By default profiling is disabled for all services. Set to true to enable CPU profiling for a service.
ENABLE_PROFILING_FOR_APP=false
ENABLE_PROFILING_FOR_TEST_SERVER=false
ENABLE_PROFILING_FOR_PROBE=false
ENABLE_PROFILING_FOR_AI_AGENT=false


# Connect OneUptime with Slack App
SLACK_APP_CLIENT_ID=
SLACK_APP_CLIENT_SECRET=
SLACK_APP_SIGNING_SECRET=

# Example - 
# IPv6 only:
# NGINX_LISTEN_ADDRESS=[::]:
# NGINX_LISTEN_OPTIONS=

# dual stack:
# NGINX_LISTEN_ADDRESS=[::]:
# NGINX_LISTEN_OPTIONS=ipv6only=off
NGINX_LISTEN_ADDRESS=
NGINX_LISTEN_OPTIONS=



# Microsoft Teams / Azure AD App Configuration
# IMPORTANT: Use the SECRET VALUE, not the SECRET ID from Azure App Registration
# The secret value is typically longer and includes more characters
MICROSOFT_TEAMS_APP_CLIENT_ID=
MICROSOFT_TEAMS_APP_CLIENT_SECRET=
MICROSOFT_TEAMS_APP_TENANT_ID=

# GitHub App Configuration
# Create a GitHub App at https://github.com/settings/apps
# Required for connecting GitHub repositories to OneUptime
GITHUB_APP_ID=
GITHUB_APP_NAME=
GITHUB_APP_CLIENT_ID=
GITHUB_APP_CLIENT_SECRET=
GITHUB_APP_PRIVATE_KEY=
GITHUB_APP_WEBHOOK_SECRET=

# Inbound Email Configuration
# Required for Incoming Email Monitor feature
# See documentation: https://oneuptime.com/docs/self-hosted/sendgrid-inbound-email
INBOUND_EMAIL_PROVIDER=SendGrid
# The domain configured for inbound email (e.g., inbound.yourdomain.com)
INBOUND_EMAIL_DOMAIN=
# Optional webhook secret for validating incoming webhooks
INBOUND_EMAIL_WEBHOOK_SECRET=

# BullMQ Queue Dashboard (Bull Board)
# When enabled, exposes the queue inspector UI at /worker/inspect/queue/<QUEUE_DASHBOARD_SECRET>.
# Both must be set for the dashboard to be mounted. The secret acts as the URL path segment that
# operators must know to reach the UI.
ENABLE_QUEUE_DASHBOARD=false
QUEUE_DASHBOARD_SECRET=