Environment Variables Reference

Complete reference of all Easy AppServer environment variables.

Server Configuration

APPSERVER_ENV

• Description: Environment mode
• Values: production, prod, development
• Default: development
• Required: No

APPSERVER_HTTP_PORT

• Description: HTTP server port
• Default: 8080
• Required: No

APPSERVER_GRPC_PORT

• Description: gRPC server port
• Default: 9090
• Required: No

APPSERVER_GRAPHQL_PORT

• Description: GraphQL port (deprecated, runs on HTTP port)
• Status: Deprecated
• Note: GraphQL runs on the HTTP port

APPSERVER_WS_PORT

• Description: WebSocket port (deprecated, runs on HTTP port)
• Status: Deprecated
• Note: WebSocket runs on the HTTP port

TLS Configuration

APPSERVER_GRPC_TLS_ENABLED

• Description: Enable TLS for gRPC
• Default: false (development), true (production)
• Required: No

APPSERVER_GRPC_TLS_CERT_FILE

• Description: Path to TLS certificate file
• Required: Yes (if TLS enabled)

APPSERVER_GRPC_TLS_KEY_FILE

• Description: Path to TLS private key file
• Required: Yes (if TLS enabled)

APPSERVER_GRPC_MTLS_ENABLED

• Description: Enable mutual TLS (client certificate authentication)
• Default: false
• Required: No

APPSERVER_GRPC_MTLS_CA_FILE

• Description: Path to CA certificate for client verification
• Required: Yes (if mTLS enabled)

Server Features

APPSERVER_GRPC_REFLECTION_ENABLED

• Description: Enable gRPC server reflection
• Default: true (development), false (production)
• Required: No

APPSERVER_GRAPHQL_PLAYGROUND_ENABLED

• Description: Enable GraphQL Playground UI
• Default: true (development), false (production)
• Required: No

Database Configuration

APPSERVER_DB_HOST

• Description: PostgreSQL host
• Default: localhost
• Required: No

APPSERVER_DB_PORT

• Description: PostgreSQL port
• Default: 5432
• Required: No

APPSERVER_DB_NAME

• Description: Database name
• Default: appserver
• Required: No

APPSERVER_DB_USER

• Description: Database username
• Default: appserver
• Required: No

APPSERVER_DB_PASSWORD

• Description: Database password
• Required: Yes

APPSERVER_DB_SSLMODE

• Description: PostgreSQL SSL mode
• Values: disable, require, verify-ca, verify-full
• Default: disable
• Required: No

Cache Configuration

APPSERVER_REDIS_URL

• Description: Redis connection URL
• Format: redis://[user:password@]host:port[/db]
• Default: redis://localhost:6379
• Required: No

APPSERVER_CACHE_TTL

• Description: Local cache TTL in seconds
• Default: 300 (5 minutes)
• Required: No

Event Bus Configuration

APPSERVER_EVENTBUS_ENABLED

• Description: Enable RabbitMQ event bus (uses in-memory if false)
• Default: false
• Required: No

APPSERVER_RABBITMQ_URL

• Description: RabbitMQ AMQP connection URL
• Format: amqp://user:password@host:port/vhost
• Default: amqp://guest:guest@localhost:5672/
• Required: No

APPSERVER_RABBITMQ_MAX_RETRIES

• Description: Maximum connection retry attempts
• Default: 5
• Required: No

APPSERVER_RABBITMQ_PREFETCH_COUNT

• Description: Message prefetch limit per consumer
• Default: 10
• Required: No

Telemetry Configuration

APPSERVER_LOG_LEVEL

• Description: Logging level
• Values: debug, info, warn, error
• Default: info
• Required: No

APPSERVER_METRICS_ENABLED

• Description: Enable Prometheus metrics
• Default: true
• Required: No

APPSERVER_TRACING_ENABLED

• Description: Enable distributed tracing
• Default: false
• Required: No

Authentication Configuration

APPSERVER_SESSION_COOKIE_NAME

• Description: Kratos session cookie name
• Default: ory_kratos_session
• Required: No

APPSERVER_KRATOS_TIMEOUT

• Description: Kratos API request timeout
• Default: 5s
• Required: No

APPSERVER_OPENFGA_TIMEOUT

• Description: OpenFGA API request timeout
• Default: 5s
• Required: No

APPSERVER_SIGNATURE_REPLAY_WINDOW

• Description: Request signature replay protection window
• Default: 5m
• Required: No

APPSERVER_CLOCK_SKEW_TOLERANCE

• Description: Clock skew tolerance for signature verification
• Default: 30s
• Required: No

APPSERVER_AUTH_ALLOW_BOOTSTRAP_REGISTRATION

• Description: Allow provisional app registration without pre-issued certificates
• Default: true (development), false (production)
• Required: No
• ⚠️ Warning: Should be disabled in production

Auth Services URLs

APPSERVER_KRATOS_PUBLIC_URL

• Description: Ory Kratos public API URL
• Default: http://localhost:4433
• Required: Yes

APPSERVER_KRATOS_ADMIN_URL

• Description: Ory Kratos admin API URL
• Default: http://localhost:4434
• Required: Yes

APPSERVER_HYDRA_PUBLIC_URL

• Description: Ory Hydra public API URL
• Default: http://localhost:4444
• Required: Yes

APPSERVER_HYDRA_ADMIN_URL

• Description: Ory Hydra admin API URL
• Default: http://localhost:4445
• Required: Yes

APPSERVER_OPENFGA_API_URL

• Description: OpenFGA API URL
• Default: http://localhost:8090
• Required: Yes

APPSERVER_OPENFGA_STORE_ID

• Description: OpenFGA store identifier
• Required: Yes

APPSERVER_OPENFGA_MODEL_ID

• Description: OpenFGA authorization model ID (uses latest if not specified)
• Required: No

APPSERVER_OATHKEEPER_PROXY_URL

• Description: Ory Oathkeeper proxy URL
• Default: http://localhost:4455
• Required: No

APPSERVER_OATHKEEPER_API_URL

• Description: Ory Oathkeeper API URL
• Default: http://localhost:4456
• Required: No

Settings Configuration

APPSERVER_SETTINGS_ENCRYPTION_KEY

• Description: 32-byte AES-256 encryption key for sensitive settings (hex-encoded, 64 characters)
• Required: Yes
• ⚠️ Critical: Must be kept secret and backed up securely
• Generation: openssl rand -hex 32

APPSERVER_SETTINGS_CACHE_TTL

• Description: Settings cache TTL in seconds
• Default: 60
• Required: No

UI Configuration

APPSERVER_UI_COMPRESSION_MIN_SIZE

• Description: Minimum size in bytes for response compression
• Default: 1024
• Required: No

APPSERVER_UI_COMPRESSION_LEVEL

• Description: Gzip compression level (1-9)
• Default: 6
• Required: No

Docker Configuration

TODO: Document Docker orchestration environment variables (see pkg/v2/config/docker.go)

Example Configuration

Development (.env)

# Server
APPSERVER_ENV=development
APPSERVER_HTTP_PORT=8080
APPSERVER_GRPC_PORT=9090

# Database
APPSERVER_DB_HOST=localhost
APPSERVER_DB_PORT=5432
APPSERVER_DB_NAME=appserver
APPSERVER_DB_USER=appserver
APPSERVER_DB_PASSWORD=devpassword
APPSERVER_DB_SSLMODE=disable

# Cache
APPSERVER_REDIS_URL=redis://localhost:6379

# Event Bus (in-memory for dev)
APPSERVER_EVENTBUS_ENABLED=false

# Settings Encryption
APPSERVER_SETTINGS_ENCRYPTION_KEY=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef

# Auth Services
APPSERVER_KRATOS_PUBLIC_URL=http://localhost:4433
APPSERVER_KRATOS_ADMIN_URL=http://localhost:4434
APPSERVER_HYDRA_PUBLIC_URL=http://localhost:4444
APPSERVER_HYDRA_ADMIN_URL=http://localhost:4445
APPSERVER_OPENFGA_API_URL=http://localhost:8090
APPSERVER_OPENFGA_STORE_ID=01HQXYZ123456789ABCDEFGHIJ

# Features
APPSERVER_GRAPHQL_PLAYGROUND_ENABLED=true
APPSERVER_GRPC_REFLECTION_ENABLED=true
APPSERVER_AUTH_ALLOW_BOOTSTRAP_REGISTRATION=true

# Telemetry
APPSERVER_LOG_LEVEL=debug
APPSERVER_METRICS_ENABLED=true
APPSERVER_TRACING_ENABLED=false

Production (.env)

# Server
APPSERVER_ENV=production
APPSERVER_HTTP_PORT=8080
APPSERVER_GRPC_PORT=9090

# TLS
APPSERVER_GRPC_TLS_ENABLED=true
APPSERVER_GRPC_TLS_CERT_FILE=/etc/appserver/certs/server.crt
APPSERVER_GRPC_TLS_KEY_FILE=/etc/appserver/certs/server.key
APPSERVER_GRPC_MTLS_ENABLED=true
APPSERVER_GRPC_MTLS_CA_FILE=/etc/appserver/certs/ca.crt

# Database
APPSERVER_DB_HOST=postgres.example.com
APPSERVER_DB_PORT=5432
APPSERVER_DB_NAME=appserver_prod
APPSERVER_DB_USER=appserver_prod
APPSERVER_DB_PASSWORD=${SECRET_DB_PASSWORD}
APPSERVER_DB_SSLMODE=verify-full

# Cache
APPSERVER_REDIS_URL=rediss://redis.example.com:6380

# Event Bus
APPSERVER_EVENTBUS_ENABLED=true
APPSERVER_RABBITMQ_URL=amqps://user:${SECRET_RABBITMQ_PASSWORD}@rabbitmq.example.com:5671/prod
APPSERVER_RABBITMQ_MAX_RETRIES=10
APPSERVER_RABBITMQ_PREFETCH_COUNT=20

# Settings Encryption
APPSERVER_SETTINGS_ENCRYPTION_KEY=${SECRET_ENCRYPTION_KEY}

# Auth Services
APPSERVER_KRATOS_PUBLIC_URL=https://kratos.example.com
APPSERVER_KRATOS_ADMIN_URL=https://kratos-admin.example.com
APPSERVER_HYDRA_PUBLIC_URL=https://hydra.example.com
APPSERVER_HYDRA_ADMIN_URL=https://hydra-admin.example.com
APPSERVER_OPENFGA_API_URL=https://openfga.example.com
APPSERVER_OPENFGA_STORE_ID=${OPENFGA_STORE_ID}

# Features (production defaults)
APPSERVER_GRAPHQL_PLAYGROUND_ENABLED=false
APPSERVER_GRPC_REFLECTION_ENABLED=false
APPSERVER_AUTH_ALLOW_BOOTSTRAP_REGISTRATION=false

# Telemetry
APPSERVER_LOG_LEVEL=info
APPSERVER_METRICS_ENABLED=true
APPSERVER_TRACING_ENABLED=true

Related Topics

• Server Configuration
• Database Configuration
• Auth Services Configuration
• Telemetry Configuration