# Trigger.dev self-hosting environment variables # - These are the default values for the self-hosting stack # - You should change them to suit your needs, especially the secrets # - See the docs for more information: https://trigger.dev/docs/self-hosting/overview # Secrets # - Do NOT use these defaults in production # - Generate your own by running `openssl rand -hex 16` for each secret SESSION_SECRET=2818143646516f6fffd707b36f334bbb MAGIC_LINK_SECRET=44da78b7bbb0dfe709cf38931d25dcdd ENCRYPTION_KEY=f686147ab967943ebbe9ed3b496e465a MANAGED_WORKER_SECRET=447c29678f9eaf289e9c4b70d3dd8a7f # Worker token # - This is the token for the worker to connect to the webapp # - When running the combined stack, this is set automatically during bootstrap # - For the split setup, you will have to set this manually. The token is available in the webapp logs but will only be shown once. # - See the docs for more information: https://trigger.dev/docs/self-hosting/docker # TRIGGER_WORKER_TOKEN= # Worker URLs # - In split setups, uncomment and set to the public URL of your webapp # TRIGGER_API_URL=https://trigger.example.com # OTEL_EXPORTER_OTLP_ENDPOINT=https://trigger.example.com/otel # Postgres # - Do NOT use these defaults in production # - Especially if you decide to expose the database to the internet # POSTGRES_USER=postgres POSTGRES_PASSWORD=unsafe-postgres-pw # POSTGRES_DB=postgres DATABASE_URL=postgresql://postgres:unsafe-postgres-pw@postgres:5432/main?schema=public&sslmode=disable DIRECT_URL=postgresql://postgres:unsafe-postgres-pw@postgres:5432/main?schema=public&sslmode=disable # Trigger image tag # - This is the version of the webapp and worker images to use, they should be locked to a specific version in production # - For example: TRIGGER_IMAGE_TAG=v4.5.0 TRIGGER_IMAGE_TAG=latest # Webapp # - These should generally be set to the same value # - In production, these should be set to the public URL of your webapp, e.g. https://trigger.example.com APP_ORIGIN=http://localhost:8030 LOGIN_ORIGIN=http://localhost:8030 API_ORIGIN=http://localhost:8030 DEV_OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:8030/otel # You may need to set this when testing locally or when using the combined setup # API_ORIGIN=http://webapp:3000 # Webapp - memory management # - This sets the maximum memory allocation for Node.js heap in MiB (e.g. "4096" for 4GB) # - It should be set according to your total webapp machine's memory or any container limits you have set # - Setting this too high or low WILL cause crashes, inefficient memory utilization and high CPU usage # - You should allow for some memory overhead, we suggest at least 20%, for example: # - 2GB machine: NODE_MAX_OLD_SPACE_SIZE=1600 # - 4GB machine: NODE_MAX_OLD_SPACE_SIZE=3200 # - 6GB machine: NODE_MAX_OLD_SPACE_SIZE=4800 # - 8GB machine: NODE_MAX_OLD_SPACE_SIZE=6400 # NODE_MAX_OLD_SPACE_SIZE=8192 # ClickHouse # - Do NOT use these defaults in production CLICKHOUSE_USER=default CLICKHOUSE_PASSWORD=password CLICKHOUSE_URL=http://default:password@clickhouse:8123?secure=false RUN_REPLICATION_CLICKHOUSE_URL=http://default:password@clickhouse:8123 # Docker Registry # - When testing locally, the default values should be fine # - When deploying to production, you will have to change these, especially the password and URL # - See the docs for more information: https://trigger.dev/docs/self-hosting/docker#registry-setup DOCKER_REGISTRY_URL=localhost:5000 DOCKER_REGISTRY_USERNAME=registry-user DOCKER_REGISTRY_PASSWORD=very-secure-indeed # When using an external registry you will have to change this # On Docker Hub it should generally be the same as your username DOCKER_REGISTRY_NAMESPACE=trigger # Object store # - You need to log into the Minio dashboard and create a bucket called "packets" # - See the docs for more information: https://trigger.dev/docs/self-hosting/docker#object-storage # Default provider (backward compatible - no protocol prefix) OBJECT_STORE_ACCESS_KEY_ID=admin OBJECT_STORE_SECRET_ACCESS_KEY=very-safe-password # You will have to uncomment and configure this for production # OBJECT_STORE_BASE_URL=http://localhost:9000 # OBJECT_STORE_REGION=auto # OBJECT_STORE_SERVICE=s3 # OBJECT_STORE_DEFAULT_PROTOCOL=s3 # Optional: protocol to use for new uploads (e.g., "s3", "r2") # # Named providers (protocol-prefixed data) - optional for multi-provider support # OBJECT_STORE_S3_BASE_URL=https://s3.amazonaws.com # OBJECT_STORE_S3_ACCESS_KEY_ID= # OBJECT_STORE_S3_SECRET_ACCESS_KEY= # OBJECT_STORE_S3_REGION=us-east-1 # OBJECT_STORE_S3_SERVICE=s3 # # OBJECT_STORE_R2_BASE_URL=https://{bucket}.{accountId}.r2.cloudflarestorage.com # OBJECT_STORE_R2_ACCESS_KEY_ID= # OBJECT_STORE_R2_SECRET_ACCESS_KEY= # OBJECT_STORE_R2_REGION=auto # OBJECT_STORE_R2_SERVICE=s3 # Credentials to access the Minio dashboard at http://localhost:9001 # - You should change these credentials and not use them for the `OBJECT_STORE_` env vars above # - Instead, setup a non-root user with access the "packets" bucket # MINIO_ROOT_USER=admin # MINIO_ROOT_PASSWORD=very-safe-password # Realtime streams # - Realtime streams power AI-agent token streaming and run streams # - They default to v2, backed by the bundled s2-lite service (open-source S2, https://s2.dev) # - To fall back to the Redis-backed v1 streams, set REALTIME_STREAMS_DEFAULT_VERSION=v1 # REALTIME_STREAMS_DEFAULT_VERSION=v2 # The bundled s2-lite creates whatever basin you set here (min 8 characters) # REALTIME_STREAMS_S2_BASIN=trigger-realtime # REALTIME_STREAMS_S2_ENDPOINT=http://s2/v1 # REALTIME_STREAMS_S2_SKIP_ACCESS_TOKENS=true # To use a hosted S2 (https://s2.dev) instead of the bundled s2-lite: # - point the endpoint at your basin, disable token-skipping, and set an access token # REALTIME_STREAMS_S2_SKIP_ACCESS_TOKENS=false # REALTIME_STREAMS_S2_ACCESS_TOKEN= # Pin the s2-lite image in production (full image reference, digest recommended) # S2_IMAGE=ghcr.io/s2-streamstore/s2:latest@sha256:d6ded5ca7dd619fa7c946f06e39a98f9c95c6883c8bb884e5eaa129f232c920c # Other image tags # - These are the versions of the other images to use # - You should lock these to a specific version in production # POSTGRES_IMAGE_TAG=14 # REDIS_IMAGE_TAG=7 # ELECTRIC_IMAGE_TAG=1.0.13 # CLICKHOUSE_IMAGE_TAG=latest # REGISTRY_IMAGE_TAG=2 # MINIO_IMAGE_TAG=latest # DOCKER_PROXY_IMAGE_TAG=latest # TRAEFIK_IMAGE_TAG=v3.4 # Publish IPs # - These are the IPs to publish the services to # - Setting to 127.0.0.1 makes the service only accessible locally # - When deploying to production, you will have to change these, depending on your setup # WEBAPP_PUBLISH_IP=0.0.0.0 # POSTGRES_PUBLISH_IP=127.0.0.1 # REDIS_PUBLISH_IP=127.0.0.1 # ELECTRIC_PUBLISH_IP=127.0.0.1 # CLICKHOUSE_PUBLISH_IP=127.0.0.1 # REGISTRY_PUBLISH_IP=127.0.0.1 # MINIO_PUBLISH_IP=127.0.0.1 # Restart policy # - Applies to all services, adjust as needed # RESTART_POLICY=unless-stopped # Docker logging # - See the official docs: https://docs.docker.com/engine/logging/configure/ # LOGGING_DRIVER=local # LOGGING_MAX_SIZE=20m # LOGGING_MAX_FILES=5 # LOGGING_COMPRESS=true # Traefik # - Reverse proxy settings only serve as an example and require further configuration # - See the partial overrides in docker-compose.traefik.yml for more details # TRAEFIK_ENTRYPOINT=websecure # TRAEFIK_HTTP_PUBLISH_IP=0.0.0.0 # TRAEFIK_HTTPS_PUBLISH_IP=0.0.0.0 # TRAEFIK_DASHBOARD_PUBLISH_IP=127.0.0.1