Server
Required
| Variable | Description |
|---|---|
JWT_SECRET | JWT signing secret. Min 32 chars. Generate with openssl rand -hex 32. |
PORT | Server listen port (e.g. 3001) |
CORS_ORIGINS | Comma-separated allowed origins (e.g. http://localhost:4322,http://localhost:3001) |
DB_HOST | MySQL host (e.g. 127.0.0.1) |
DB_PORT | MySQL port (e.g. 3308 for Docker) |
DB_USER | MySQL user |
DB_PASSWORD | MySQL password |
DB_NAME | Database name (e.g. supaproxy) |
REDIS_HOST | Redis host |
REDIS_PORT | Redis port (e.g. 6380 for Docker) |
Optional
| Variable | Default | Description |
|---|---|---|
NODE_ENV | development | Set to production for secure cookies |
DEFAULT_MODEL | (empty) | Default LLM model for new workspaces |
DASHBOARD_URL | (empty) | Frontend URL for login redirects |
SUPAPROXY_LOG_DIR | ./var/logs | Directory for audit JSONL logs |
Azure AD SSO (optional)
| Variable | Description |
|---|---|
AZURE_AD_TENANT_ID | Azure AD tenant ID |
AZURE_AD_CLIENT_ID | Application client ID |
AZURE_AD_CLIENT_SECRET | Application client secret |
AZURE_AD_REDIRECT_URI | OAuth redirect URI |
Runtime settings
These are configured at runtime via the API (PUT /api/org/settings/:key), not via environment variables:
| Key | Description |
|---|---|
ai_api_key | AI provider API key (e.g. Anthropic) |
ai_provider | AI provider name (default: anthropic) |
slack_bot_token | Slack bot token for Socket Mode |
slack_app_token | Slack app-level token for Socket Mode |
Dashboard
| Variable | Description |
|---|---|
PUBLIC_SUPAPROXY_API_URL | API URL exposed to client-side React (prefix required) |
SUPAPROXY_API_URL | API URL for server-side Astro middleware |