Configuration

Configuration is done via Environment Variables on the Docker Container.

General

Variable	Example	Required	Description
`DATABASE_URL`	`postgresql://username:password@localhost:5432/panthora`	Yes	Credentials and location of the database server.
`NEXTAUTH_SECRET`		Yes	Used to encrypt JWTs. Use `openssl rand -base64 32` to generate one.
`NEXTAUTH_URL`	`https://my-panthora.com (opens in a new tab)`	Yes	Public URL where your Panthora instance is reachable.
`APP_BASE_URL`	`https://my-panthora.com (opens in a new tab)`	Yes	Public URL where your Panthora instance is reachable. Same as `NEXTAUTH_URL`.
`NEXTAUTH_URL_INTERNAL`	`http://panthora:3000 (opens in a new tab)`	Yes, if running behind reverse-proxy	Internal URL where your Panthora instance is reachable when running behind a reverse-proxy. `panthora` refers to the Docker Compose service name
`MEILI_URL`	`http://search:7700 (opens in a new tab)`	Yes	URL where your MeiliSearch instance is reachable. `search` refers to the Docker Compose service name
`MEILI_MASTER_KEY`		Yes	Master key that is also configured for the MeiliSearch instance.

Authentication

A wide variety of authentication providers is available as well as password auth.

Variable	Default	Example	Required	Description
Password Auth
`PASSWORD_AUTH_ENABLED`	`false`	`true`	No	Allow users to register and login with password credentials.
Generic OAuth2
`OAUTH_CLIENT_ID`			Yes, if you want to enable generic OAuth	OAuth2 Client ID
`OAUTH_CLIENT_SECRET`			Yes, if you want to enable generic OAuth	OAuth2 Client Secret
`OAUTH_ISSUER`			Yes, if you want to enable generic OAuth and the provider supports OIDC	OAuth2 OIDC Issuer URL
`OAUTH_ACCESS_TOKEN_URL`			Yes, if you want to enable generic OAuth and `OAUTH_ISSUER` is not specified	OAuth2 Access Token URL
`OAUTH_PROFILE_URL`			Yes, if you want to enable generic OAuth and `OAUTH_ISSUER` is not specified	OAuth2 Profile/User Info URL
`OAUTH_AUTHORIZATION_URL`			Yes, if you want to enable generic OAuth and `OAUTH_ISSUER` is not specified	OAuth2 Authorization URL
AWS Cognito
`COGNITO_CLIENT_ID`			Yes, if you want to enable AWS Cognito auth	AWS Cognito Client ID
`COGNITO_CLIENT_SECRET`			Yes, if you want to enable AWS Cognito auth	AWS Cognito Client Secret
`COGNITO_ISSUER`		`https://cognito-idp.eu-central-1.amazonaws.com/eu-central-1_xxxxxxx (opens in a new tab)`	Yes, if you want to enable AWS Cognito auth	AWS Cognito Issuer URL
Discord
`DISCORD_CLIENT_ID`			Yes, if you want to enable Discord auth	Discord Client ID
`DISCORD_CLIENT_SECRET`			Yes, if you want to enable Discord auth	Discord Client Secret
GitHub
`GITHUB_CLIENT_ID`			Yes, if you want to enable GitHub auth	GitHub Client ID
`GITHUB_CLIENT_SECRET`			Yes, if you want to enable GitHub auth	GitHub Client Secret
Google
`GOOGLE_CLIENT_ID`			Yes, if you want to enable Google auth	Google Client Id
`GOOGLE_CLIENT_SECRET`			Yes, if you want to enable Google auth	Google Client Secret
Authentik
`AUTHENTIK_CLIENT_ID`			Yes, if you want to enable Authentik auth	Authentik Client ID
`AUTHENTIK_CLIENT_SECRET`			Yes, if you want to enable Authentik auth	Authentik Client Secret
`AUTHENTIK_ISSUER`			Yes, if you want to enable Authentik auth	Authentik Issuer URL
Auth0
`AUTH0_CLIENT_ID`			Yes, if you want to enable Auth0 auth	Auth0 Client ID
`AUTH0_CLIENT_SECRET`			Yes, if you want to enable Auth0 auth	Auth0 Client Secret
`AUTH0_ISSUER`			Yes, if you want to enable Auth0 auth	Auth0 Issuer URL
GitLab
`GITLAB_CLIENT_ID`			Yes, if you want to enable GitLab auth	GitLab Client ID
`GITLAB_CLIENT_SECRET`			Yes, if you want to enable GitLab auth	GitLab Client Secret
Azure AD
`AZURE_AD_CLIENT_ID`			Yes, if you want to enable Azure AD auth	Azure AD Client ID
`AZURE_AD_CLIENT_SECRET`			Yes, if you want to enable Azure AD auth	Azure AD Client Secret
`AZURE_AD_TENANT_ID`			Yes, if you want to enable Azure AD auth	Azure AD Tenant ID
Keycloak
`KEYCLOAK_CLIENT_ID`			Yes, if you want to enable Keycloak auth	Keycloak Client ID
`KEYCLOAK_CLIENT_SECRET`			Yes, if you want to enable Keycloak auth	Keycloak Client Secret
`KEYCLOAK_ISSUER`			Yes, if you want to enable Keycloak auth	Keycloak Issuer URL
Okta
`OKTA_CLIENT_ID`			Yes, if you want to enable Okta auth	Okta Client ID
`OKTA_CLIENT_SECRET`			Yes, if you want to enable Okta auth	Okta Client Secret
`OKTA_ISSUER`			Yes, if you want to enable Okta auth	Okta Issuer URL
OneLogin
`ONELOGIN_CLIENT_ID`			Yes, if you want to enable OneLogin auth	OneLogin Client ID
`ONELOGIN_CLIENT_SECRET`			Yes, if you want to enable OneLogin auth	OneLogin Client Secret
`ONELOGIN_ISSUER`			Yes, if you want to enable OneLogin auth	OneLogin Issuer URL
Slack
`SLACK_CLIENT_ID`			Yes, if you want to enable Slack auth	Slack Client ID
`SLACK_CLIENT_SECRET`			Yes, if you want to enable Slack auth	Slack Client Secret
Twitch
`TWITCH_CLIENT_ID`			Yes, if you want to enable Twitch auth	Twitch Client ID
`TWITCH_CLIENT_SECRET`			Yes, if you want to enable Twitch auth	Twitch Client Secret

Misc

Variable	Default	Example	Required	Description
`DISABLE_RATE_LIMIT`	`false`	`true`	No	Disable Rate-Limiting. Use with caution!
`LOG_LEVEL`	`info`	`debug`	No	Enable debug logs, helpful for debugging problems.

Deploy with Docker Authentication