Environment Variables
The Expose server is configured through environment variables. Create a .env file in the deploy/ directory.
Required Variables
| Variable | Description | Example |
|---|---|---|
DATABASE_URL | PostgreSQL connection string | postgres://expose:password@postgres:5432/expose |
POSTGRES_PASSWORD | Password for the Postgres container | your-secure-password |
JWT_SECRET | Secret for signing JWT tokens (32+ chars) | your-32-character-secret-key-here |
BASE_DOMAIN | Your root domain | yourdomain.com |
Optional Variables
| Variable | Description | Default |
|---|---|---|
WEBHOOK_SECRET | Secret for GitHub webhook signatures | Random |
RUST_LOG | Log level | info |
REGISTRY_URL | Docker registry URL | registry:5000 |
MAX_UPLOAD_SIZE | Max archive upload size (bytes) | 524288000 (500MB) |
Example .env File
# DatabaseDATABASE_URL=postgres://expose:super-secure-password@postgres:5432/exposePOSTGRES_PASSWORD=super-secure-password
# SecurityJWT_SECRET=your-very-long-secret-key-at-least-32-characters
# DomainBASE_DOMAIN=yourdomain.com
# Webhooks (optional)WEBHOOK_SECRET=another-secure-secret-for-webhooks
# LoggingRUST_LOG=info
# OVH DNS (for Traefik - if using)OVH_ENDPOINT=ovh-euOVH_APPLICATION_KEY=xxxOVH_APPLICATION_SECRET=xxxOVH_CONSUMER_KEY=xxxGenerating Secrets
Use OpenSSL to generate secure random secrets:
# Generate JWT secretopenssl rand -hex 32
# Generate webhook secretopenssl rand -hex 32
# Generate database passwordopenssl rand -base64 24Security Best Practices
- Never commit
.envfiles to version control - Use strong, unique passwords for each secret
- Rotate secrets periodically
- Consider using Docker secrets or a secret manager for production
Traefik Integration
If Traefik needs DNS API credentials for Let’s Encrypt, add them to your Traefik container, not the Expose server:
# In traefik's docker-compose.ymlservices: traefik: environment: - OVH_APPLICATION_KEY=${OVH_APPLICATION_KEY} - OVH_APPLICATION_SECRET=${OVH_APPLICATION_SECRET} - OVH_CONSUMER_KEY=${OVH_CONSUMER_KEY}Verifying Configuration
After setting environment variables, verify the server starts correctly:
docker compose up -ddocker compose logs expose-server | head -50Look for:
INFO expose_server > Starting Expose server on 0.0.0.0:8080INFO expose_server > Connected to databaseINFO expose_server > Migrations applied successfully