Hosting
Configuration

Configuration

Configuration is done via Environment Variables on the Docker Container.

General

VariableDefaultExampleRequiredDescription
DATABASE_URLpostgresql://username:password@localhost:5432/panthoraYesCredentials and location of the database server.
NEXTAUTH_SECRETYes

Used to encrypt JWTs. Use openssl rand -base64 32 to generate one.

NEXTAUTH_URLhttps://my-panthora.com (opens in a new tab)YesPublic URL where your Panthora instance is reachable.
APP_BASE_URLhttps://my-panthora.com (opens in a new tab)Yes

Public URL where your Panthora instance is reachable. Same as NEXTAUTH_URL.

NEXTAUTH_URL_INTERNALhttp://panthora:3000 (opens in a new tab)Yes, if running behind reverse-proxy

Internal URL where your Panthora instance is reachable when running behind a reverse-proxy. panthora refers to the Docker Compose service name

MEILI_URLhttp://search:7700 (opens in a new tab)Yes

URL where your MeiliSearch instance is reachable. search refers to the Docker Compose service name

MEILI_MASTER_KEYYesMaster key that is also configured for the MeiliSearch instance.

Authentication

A wide variety of authentication providers is available as well as password auth.

VariableDefaultExampleRequiredDescription
Password Auth
PASSWORD_AUTH_ENABLEDfalsetrueNoAllow users to register and login with password credentials.
Generic OAuth2
OAUTH_CLIENT_IDYes, if you want to enable generic OAuthOAuth2 Client ID
OAUTH_CLIENT_SECRETYes, if you want to enable generic OAuthOAuth2 Client Secret
OAUTH_ISSUER

Yes, if you want to enable generic OAuth and the provider supports OIDC

OAuth2 OIDC Issuer URL
OAUTH_ACCESS_TOKEN_URL

Yes, if you want to enable generic OAuth and OAUTH_ISSUER is not specified

OAuth2 Access Token URL
OAUTH_PROFILE_URL

Yes, if you want to enable generic OAuth and OAUTH_ISSUER is not specified

OAuth2 Profile/User Info URL
OAUTH_AUTHORIZATION_URL

Yes, if you want to enable generic OAuth and OAUTH_ISSUER is not specified

OAuth2 Authorization URL
AWS Cognito
COGNITO_CLIENT_IDYes, if you want to enable AWS Cognito authAWS Cognito Client ID
COGNITO_CLIENT_SECRETYes, if you want to enable AWS Cognito authAWS Cognito Client Secret
COGNITO_ISSUER

https://cognito-idp.eu-central-1.amazonaws.com/eu-central-1_xxxxxxx (opens in a new tab)

Yes, if you want to enable AWS Cognito authAWS Cognito Issuer URL
Discord
DISCORD_CLIENT_IDYes, if you want to enable Discord authDiscord Client ID
DISCORD_CLIENT_SECRETYes, if you want to enable Discord authDiscord Client Secret
GitHub
GITHUB_CLIENT_IDYes, if you want to enable GitHub authGitHub Client ID
GITHUB_CLIENT_SECRETYes, if you want to enable GitHub authGitHub Client Secret
Google
GOOGLE_CLIENT_IDYes, if you want to enable Google authGoogle Client Id
GOOGLE_CLIENT_SECRETYes, if you want to enable Google authGoogle Client Secret
Authentik
AUTHENTIK_CLIENT_IDYes, if you want to enable Authentik authAuthentik Client ID
AUTHENTIK_CLIENT_SECRETYes, if you want to enable Authentik authAuthentik Client Secret
AUTHENTIK_ISSUERYes, if you want to enable Authentik authAuthentik Issuer URL
Auth0
AUTH0_CLIENT_IDYes, if you want to enable Auth0 authAuth0 Client ID
AUTH0_CLIENT_SECRETYes, if you want to enable Auth0 authAuth0 Client Secret
AUTH0_ISSUERYes, if you want to enable Auth0 authAuth0 Issuer URL
GitLab
GITLAB_CLIENT_IDYes, if you want to enable GitLab authGitLab Client ID
GITLAB_CLIENT_SECRETYes, if you want to enable GitLab authGitLab Client Secret
Azure AD
AZURE_AD_CLIENT_IDYes, if you want to enable Azure AD authAzure AD Client ID
AZURE_AD_CLIENT_SECRETYes, if you want to enable Azure AD authAzure AD Client Secret
AZURE_AD_TENANT_IDYes, if you want to enable Azure AD authAzure AD Tenant ID
Keycloak
KEYCLOAK_CLIENT_IDYes, if you want to enable Keycloak authKeycloak Client ID
KEYCLOAK_CLIENT_SECRETYes, if you want to enable Keycloak authKeycloak Client Secret
KEYCLOAK_ISSUERYes, if you want to enable Keycloak authKeycloak Issuer URL
Okta
OKTA_CLIENT_IDYes, if you want to enable Okta authOkta Client ID
OKTA_CLIENT_SECRETYes, if you want to enable Okta authOkta Client Secret
OKTA_ISSUERYes, if you want to enable Okta authOkta Issuer URL
OneLogin
ONELOGIN_CLIENT_IDYes, if you want to enable OneLogin authOneLogin Client ID
ONELOGIN_CLIENT_SECRETYes, if you want to enable OneLogin authOneLogin Client Secret
ONELOGIN_ISSUERYes, if you want to enable OneLogin authOneLogin Issuer URL
Slack
SLACK_CLIENT_IDYes, if you want to enable Slack authSlack Client ID
SLACK_CLIENT_SECRETYes, if you want to enable Slack authSlack Client Secret
Twitch
TWITCH_CLIENT_IDYes, if you want to enable Twitch authTwitch Client ID
TWITCH_CLIENT_SECRETYes, if you want to enable Twitch authTwitch Client Secret

Misc

VariableDefaultExampleRequiredDescription
DISABLE_RATE_LIMITfalsetrueNo

Disable Rate-Limiting. Use with caution!

LOG_LEVELinfodebugNoEnable debug logs, helpful for debugging problems.