Configuration
Environment variables
All configuration is done via environment variables. Copy .env.example and customize:
Required
| Variable |
Description |
SSC_DB_PASSWORD |
PostgreSQL password |
SSC_JWT_SECRET |
32+ character random string for JWT signing |
SSC_CSRF_SECRET |
32+ character random string for CSRF protection |
Domain and TLS
| Variable |
Default |
Description |
SSC_DOMAIN |
servasec.local |
Domain for the deployment |
SSC_CADDYPATH |
./caddy/data |
Caddy data directory (certificates) |
Database
| Variable |
Default |
Description |
SSC_DB_HOST |
postgres |
Database hostname |
SSC_DB_PORT |
5432 |
Database port |
SSC_DB_USER |
servasec |
Database user |
SSC_DB_NAME |
servasec |
Database name |
SSC_DB_SSLMODE |
disable |
PostgreSQL SSL mode |
Security
| Variable |
Default |
Description |
SSC_JWT_ACCESS_TTL |
15m |
Access token lifetime |
SSC_JWT_REFRESH_TTL |
7d |
Refresh token lifetime |
SSC_RATE_LIMIT |
100 |
Requests per minute per IP |
Pro features
| Variable |
Description |
SSC_LICENSE_KEY |
JWT license key for Pro features |
SSO_GITHUB_CLIENT_ID |
GitHub OAuth App client ID |
SSO_GITHUB_CLIENT_SECRET |
GitHub OAuth App secret |
SSO_GITLAB_CLIENT_ID |
GitLab OAuth App client ID |
SSO_GITLAB_CLIENT_SECRET |
GitLab OAuth App secret |
SSO_OIDC_CLIENT_ID |
Generic OIDC client ID |
SSO_OIDC_CLIENT_SECRET |
Generic OIDC client secret |
SSO_OIDC_ISSUER_URL |
OIDC issuer URL |