Skip to content
Q
QuoteNode

Installation

Deployment Environment Variables

Minimal environment variables used by installation guides, with links to the full reference.

Deployment Environment Variables

This page lists the variables most operators need during installation. For the full catalog, see Environment Variables Reference.

Required core variables

VariablePurpose
DB_URLJDBC URL for PostgreSQL, usually jdbc:postgresql://postgres:5432/quotenode inside Docker Compose.
DB_NAMEPostgreSQL database name.
DB_USERNAMEPostgreSQL application user.
DB_PASSWORDPostgreSQL password. Use a long random value.
DB_ENCRYPTION_KEY64-character hex key for application-level encryption. Back it up securely.
TIMING_TOKEN_SECRETHMAC secret for timing-token security checks.
PUBLIC_LINK_PASSWORD_SESSION_SECRETSecret for password/PIN-protected public-link sessions.
CORS_ALLOWED_ORIGINSExact browser origins allowed to call the backend.

The install guides fill these secrets with random values in your browser (the ↻ New secrets button regenerates them). To generate them yourself on Linux/macOS instead:

openssl rand -hex 32    # → DB_ENCRYPTION_KEY
openssl rand -base64 32 # → TIMING_TOKEN_SECRET
openssl rand -base64 32 # → PUBLIC_LINK_PASSWORD_SESSION_SECRET
openssl rand -base64 24 # → DB_PASSWORD

Public URL variables

VariablePurpose
CORS_ALLOWED_ORIGINSMust match the browser URL exactly, for example https://crm.example.com.
NOTIFICATIONS_PUBLIC_PREFERENCES_URLPublic URL for notification preference links, for example https://crm.example.com/notifications/preferences.
DOMAINUsed by internal-proxy Docker Compose deployments. Coolify normally manages domains outside the app.
SERVICE_URL_FRONTENDOptional compatibility variable for operator templates and future deployment automation; the current Coolify compose file does not consume it directly. Keep it aligned with the frontend origin if your deployment uses it.

Email variables

VariablePurpose
SMTP_HOSTSMTP server hostname.
SMTP_PORTSMTP port, usually 587.
SMTP_USERNAMESMTP account username.
SMTP_PASSWORDSMTP password or app password.
SMTP_AUTHUsually true for production SMTP.
SMTP_STARTTLSUsually true for port 587.
NOTIFICATIONS_ENABLEDEnables notifications.
NOTIFICATIONS_EMAIL_ENABLEDEnables email delivery for notifications.

PDF, backup, and security variables

VariableRecommended beta valueNotes
PDF_ENABLEDtrueRequires Gotenberg in the stack.
FEATURE_2FA_ENABLEDtrueEnables two-factor authentication flows.
SECURITY_BOT_DETECTION_ENABLEDtrueKeeps public-link bot protections active.
SECURITY_TRUSTED_PROXIESempty (auto-detected)Extra trusted reverse-proxy peers (literal IP/CIDR and/or service hostnames). Usually leave empty: the client IP is auto-detected behind internal proxies (private/loopback ranges) and CDNs such as Cloudflare (via CF-Connecting-IP). Set this only for an unusual proxy whose transport peer is a public address. Forwarded headers from a direct (non-internal) peer are always ignored. Verify the resolver mode at Admin → Security → effective state.
SECURITY_IP_WHITELISTemptyOptional operator IP allow-list (comma-separated IP/CIDR). When enabled it gates the full admin surface, including the login and 2FA screens. Authoritative over the in-app setting and enforced at startup (no auto-rollback — confirm your own address is covered).
SECURITY_IP_WHITELIST_FORCE_DISABLEfalseBreak-glass: set true + restart to recover from an IP-whitelist lockout (including being unable to log in). ENV-only.
SECURITY_IP_WHITELIST_CONFIRMATION_WINDOW_SECONDS120How long an in-app whitelist enable/narrow stays pending before it auto-rolls back to the previous list if your session does not re-confirm (lockout safety). Does not apply to the env var above.
BACKUP_ENABLEDtrue for production, optional for first local trialUse with a tested restore process.
BACKUP_CRON0 0 2 * * *Daily 02:00 by default.
GEOIP_ENABLEDfalseCountry-enforcement switch only — also the break-glass switch. The database loads and auto-updates independently (see GEOIP_AUTO_UPDATE), so it can be ready while enforcement is off. Set false + restart to recover from a GeoIP country lockout — this disables enforcement reliably, regardless of whether a database is present.
SECURITY_GEOIP_ALLOWED_COUNTRIESemptyISO 3166-1 alpha-2 allow-list (e.g. PL,DE); uppercased and validated. Empty = no restriction.
LOG_LEVELINFO for first deploy, lower later if neededUse admin diagnostics for temporary escalation.

Release check variables

VariablePurpose
VITE_RELEASE_CHECK_ENABLEDEnables admin-only upstream release checks.
VITE_RELEASE_MANIFEST_URLDefaults to https://quotenode.dev/releases/latest.json.
APP_VERSIONRelease version or image tag. May be empty for source deployments.
APP_CHANNELalpha, beta, rc, dev, or stable.
APP_COMMIT_SHACommit SHA embedded in build metadata when available.
APP_BUILD_TIMEBuild timestamp.
APP_BUILD_NUMBERCI build number.
APP_SOURCE_REFSource branch or tag.
APP_IMAGE_TAGImage tag selected by the deployment.

License safety

Never enable signature bypass in a real deployment:

LICENSE_SKIP_SIGNATURE_CHECK=false

Set this explicitly to false in production and beta environments. The compose file defaults to false when omitted, but real deployments should not rely on an implicit default for a license-safety control. Use true only in disposable local development environments.

Last reviewed: Recently