Get Started
Configuration Options
Using environment variable to configure a self-hosted instance of Rallly.
General
The base url where this instance is accessible, including the scheme (eg.
http:// or https://), the domain name, and optionally a port.A random 32-character secret key used to encrypt user sessions
This email will be shown as the contact email for support queries.
NOREPLY_EMAIL
This email is used as the sender for all transactional emails. If not set,
SUPPORT_EMAIL will be used instead.This name is used as the sender name for all transactional emails.
INITIAL_ADMIN_EMAIL
Specifies the email address of the first user who will be eligible to become an administrator. After the application starts, the user with this email address must navigate to
/control-panel and click a button to claim their admin role.Database
Postgres database connection string
Email (SMTP)
SMTP_HOST
The host address of your SMTP server
The port of your SMTP server
Set to “true” if SSL is enabled for your SMTP connection
The username (if auth is enabled on your SMTP server)
The password (if auth is enabled on your SMTP server)
Enable TLS for your SMTP connection
Auth
ALLOWED_EMAILS
Comma separated list of email addresses that are allowed to register and
login. Wildcard characters are supported. Example: Setting it to
*@example.com to allow anyone with a @example.com email address.Setup
Setup
- Head over to the Credentials tab: https://console.developers.google.com/apis/credentials
-
Create a OAuth client ID. This will be your
GOOGLE_CLIENT_IDandGOOGLE_CLIENT_SECRET - Set “Authorized redirect URIs” to include your full domain and end in the callback path:
GOOGLE_CLIENT_ID
The client ID of your Google application
GOOGLE_CLIENT_SECRET
The client secret of your Google application
Microsoft
Setup
Setup
Follow the instructions here to create a Microsoft Entra ID application: https://docs.microsoft.com/en-us/entra/identity-platform/quickstart-register-appAfter creating the application, set the redirect URI to include your full domain and end in the callback path:
MICROSOFT_TENANT_ID
The tenant ID of your Microsoft application
MICROSOFT_CLIENT_ID
The client ID of your Microsoft application
MICROSOFT_CLIENT_SECRET
The client secret of your Microsoft application
Custom SSO (OIDC)
The following must be set for OIDC to work:OIDC_DISCOVERY_URLOIDC_CLIENT_IDOIDC_CLIENT_SECRETOIDC_ISSUER_URL
Setup
Setup
Your OAuth 2.0 application needs to be configured with the following scopes:
openid: Essential for OIDC to function, used to perform authentication.profile: Access to the user’s personal information such as name and picture.email: Access to the user’s email address.
The display name of your provider as it will be shown on the login page
OIDC_DISCOVERY_URL
URL of the
.well-known/openid-configuration endpoint for your OIDC providerOIDC_ISSUER_URL
URL of the issuer for your OIDC provider. You can get this from your OpenId
Configuration endpoint.
OIDC_CLIENT_ID
The client ID of your OIDC application
OIDC_CLIENT_SECRET
The client secret of your OIDC application
The path to the claim that contains the user’s name
The path to the claim that contains the user’s email address
The path to the claim that contains the user’s profile picture
Use dot notation in
_CLAIM_PATH fields to access nested objects.Storage (S3)
S3_BUCKET_NAME
The name of your S3 bucket
S3_ACCESS_KEY_ID
The access key ID of your S3 server
S3_SECRET_ACCESS_KEY
The secret access key of your S3 server
S3_ENDPOINT
The endpoint of your S3 server. Can be left empty if using AWS S3.
S3_REGION
The region of your S3 server. Can be left empty if using AWS S3.