General

NEXT_PUBLIC_BASE_URL
required

The base url where this instance is accessible, including the scheme (eg. http:// or https://), the domain name, and optionally a port.

SECRET_PASSWORD
required

A random 32-character secret key used to encrypt user sessions

SUPPORT_EMAIL
required

This email will be shown as the contact email for support queries.

NOREPLY_EMAIL

This email is used as the sender for all transactional emails. If not set, SUPPORT_EMAIL will be used instead.

NOREPLY_EMAIL_NAME
default:"Rallly"

This name is used as the sender name for all transactional emails.

INITIAL_ADMIN_EMAIL

Specifies the email address of the first user who will be eligible to become an administrator. After the application starts, the user with this email address must navigate to /control-panel and click a button to claim their admin role.

Database

DATABASE_URL
required

Postgres database connection string

Email (SMTP)

SMTP_HOST
The host address of your SMTP server
SMTP_PORT
default:"25 or 465"

The port of your SMTP server

SMTP_SECURE
default:"false"

Set to “true” if SSL is enabled for your SMTP connection

SMTP_USER
default:""

The username (if auth is enabled on your SMTP server)

SMTP_PWD
default:""

The password (if auth is enabled on your SMTP server)

SMTP_TLS_ENABLED
default:"false"

Enable TLS for your SMTP connection

Auth

ALLOWED_EMAILS

Comma separated list of email addresses that are allowed to register and login. Wildcard characters are supported. Example: Setting it to *@example.com to allow anyone with a @example.com email address.

Google

GOOGLE_CLIENT_ID

The client ID of your Google application

GOOGLE_CLIENT_SECRET

The client secret of your Google application

Microsoft

MICROSOFT_TENANT_ID

The tenant ID of your Microsoft application

MICROSOFT_CLIENT_ID

The client ID of your Microsoft application

MICROSOFT_CLIENT_SECRET

The client secret of your Microsoft application

Custom SSO (OIDC)

The following must be set for OIDC to work:

  • OIDC_DISCOVERY_URL
  • OIDC_CLIENT_ID
  • OIDC_CLIENT_SECRET
  • OIDC_ISSUER_URL
OIDC_NAME
default:"OpenID Connect"

The display name of your provider as it will be shown on the login page

OIDC_DISCOVERY_URL

URL of the .well-known/openid-configuration endpoint for your OIDC provider

OIDC_ISSUER_URL

URL of the issuer for your OIDC provider. You can get this from your OpenId Configuration endpoint.

OIDC_CLIENT_ID

The client ID of your OIDC application

OIDC_CLIENT_SECRET

The client secret of your OIDC application

OIDC_NAME_CLAIM_PATH
default:"name"

The path to the claim that contains the user’s name

OIDC_EMAIL_CLAIM_PATH
default:"email"

The path to the claim that contains the user’s email address

OIDC_PICTURE_CLAIM_PATH
default:"picture"

The path to the claim that contains the user’s profile picture

Use dot notation in _CLAIM_PATH fields to access nested objects.

Storage (S3)

S3_BUCKET_NAME

The name of your S3 bucket

S3_ACCESS_KEY_ID

The access key ID of your S3 server

S3_SECRET_ACCESS_KEY

The secret access key of your S3 server

S3_ENDPOINT

The endpoint of your S3 server. Can be left empty if using AWS S3.

S3_REGION

The region of your S3 server. Can be left empty if using AWS S3.