--- icon: gear title: Configuration Options description: Using environment variable to configure a self-hosted instance of Rallly. --- ## General The base url where this instance is accessible, including the scheme (eg. `http://` or `https://`), the domain name, and optionally a port. A random 32-character secret key used to encrypt user sessions This email will be shown as the contact email for support queries. This email is used as the sender for all transactional emails. If not set, `SUPPORT_EMAIL` will be used instead. This name is used as the sender name for all transactional emails. Specifies the email address of the first user who will be eligible to become an administrator. After the application starts, the user with this email address must navigate to `/control-panel` and click a button to claim their admin role. ## Database Postgres database connection string ## Email (SMTP) The host address of your SMTP server The port of your SMTP server Set to "true" if SSL is enabled for your SMTP connection The username (if auth is enabled on your SMTP server) The password (if auth is enabled on your SMTP server) Enable TLS for your SMTP connection ## Auth Comma separated list of email addresses that are allowed to register and login. Wildcard characters are supported. Example: Setting it to `*@example.com` to allow anyone with a `@example.com` email address. ### Google 1. Head over to the Credentials tab: https://console.developers.google.com/apis/credentials 2. Create a OAuth client ID. This will be your `GOOGLE_CLIENT_ID` and `GOOGLE_CLIENT_SECRET` 3. Set "Authorized redirect URIs" to include your full domain and end in the callback path: ``` https:///api/auth/callback/google ``` The client ID of your Google application The client secret of your Google application ### Microsoft Follow the instructions here to create a Microsoft Entra ID application: https://docs.microsoft.com/en-us/entra/identity-platform/quickstart-register-app After creating the application, set the redirect URI to include your full domain and end in the callback path: ``` https:///api/auth/callback/microsoft-entra-id ``` The tenant ID of your Microsoft application The client ID of your Microsoft application The client secret of your Microsoft application ### Custom SSO (OIDC) Your OAuth 2.0 application needs to be configured with the following scopes: - `openid`: Essential for OIDC to function, used to perform authentication. - `profile`: Access to the user's personal information such as name and picture. - `email`: Access to the user's email address. Your identity provider should redirect the user back to the following URL: ``` https:///api/auth/callback/oidc ``` The display name of your provider as it will be shown on the login page URL of the `.well-known/openid-configuration` endpoint for your OIDC provider The client ID of your OIDC application The client secret of your OIDC application The path to the claim that contains the user's name The path to the claim that contains the user's email address The path to the claim that contains the user's profile picture Use dot notation in `_CLAIM_PATH` fields to access nested objects. ## Storage (S3) The name of your S3 bucket The access key ID of your S3 server The secret access key of your S3 server The endpoint of your S3 server. Can be left empty if using AWS S3. The region of your S3 server. Can be left empty if using AWS S3.