Environment variable values are case-sensitive. Please ensure that the correct capitalization is used when setting or referencing environment variables.
Basic Configuration#
| Environment Variable | Description | Default Value | Optional |
|---|
| BASE_URL | Specifies the protocol (HTTP/HTTPS), IP address, or domain name to access the API service (e.g.,"https://api.example.com" or "http://192.168.0.13:80"). | | No |
| SERVER_BASE_PATH | Defines the base path (e.g., /apidog) for the API. This requires valid LICENSE authorization. Contact Apidog support to obtain the necessary license. | | Yes |
| MYSQL_HOST | The host address for the MySQL server. | | No |
| MYSQL_PORT | The port on which the MySQL server listens | 3306 | No |
| MYSQL_DATABASE | The name of the MySQL database to which Apidog connects. | | No |
| MYSQL_USER_NAME | The MySQL username used for authentication. | | No |
| MYSQL_PASSWORD | The password associated with the MYSQL_USER_NAME for MySQL authentication. | | No |
| REDIS_HOST | The address of the Redis server (IP address, hostname, or domain name). | | No |
| REDIS_PORT | The port on which the Redis server listens. | 6379 | No |
| REDIS_PASSWORD | Optional Redis password. Can be left empty if not required. | | Yes |
| REDIS_DB | Specifies the Redis database to use (typically set to 0 for the default database). | 0 | No |
| REDIS_TLS_ENABLED | Specifies whether TLS encryption is enabled for Redis connections (true/false) | false | No |
| JWT_SECRET | Secret key used to sign JSON Web Tokens (JWT) for authentication. The key must be between 10-50 characters in length. On a Linux or macOS, you can generate one using the command openssl rand -base64 32 | | No |
| LICENSE | The server authorization license provided by Apidog support. | | No |
| ADMIN_USERNAME | The administrator username for accessing the Apidog Admin Panel. | | No |
| ADMIN_PASSWORD | The administrator password for the Apidog Admin Panel. | | No |
| DB_DIALECT | Specifies the database dialect. Supported values: mysql, postgresql. | mysql | Yes |
MySQL SSL/TLS Configuration (Optional)#
Environment variable values are case-sensitive. Please ensure that the correct capitalization is used when setting or referencing environment variables.
| Environment Variable | Description | Default Value | Optional |
|---|
| MYSQL_SSL_CA | Path to the CA certificate used for MySQL SSL connections. | | Yes |
| MYSQL_SSL_KEY | Path to the client private key used for establishing a secure SSL connection with MySQL. | | Yes |
| MYSQL_SSL_CERT | Path to the client certificate used for SSL connections with MySQL. | | Yes |
| MYSQL_SSL_SERVER_NAME | The server name used for SNI (Server Name Indication) in the SSL handshake with MySQL. | | Yes |
| MYSQL_TLS_REJECT_UNAUTHORIZED | Specifies whether to reject unauthorized SSL certificates during the MySQL SSL handshake. Set to true to enforce strict validation. | true | Yes |
Certificate and Key Files: You can specify certificate and key values either as file paths or direct strings. If a file exists at the given path, its contents will be used, otherwise, the value itself will be interpreted as the certificate/key.
Self-Signed Certificates: Setting MYSQL_TLS_REJECT_UNAUTHORIZED to false allows self-signed certificates or untrusted certificates. This setting is not recommended for production environments due to security risks.
These environment variables are optional and should only be configured if you require SSL/TLS for your MySQL connection.
PostgreSQL Configuration (Optional)#
This section outlines the environment variables needed to configure PostgreSQL database connections, with options for SSL/TLS for enhanced secure connections.Version Requirement: This configurations requires Apidog image version 2.7.19 or later for PostgreSQL support.
Environment variable values are case-sensitive. Please ensure that the correct capitalization is used when setting or referencing environment variables.
| Environment Variable | Description | Default Value | Optional |
|---|
| PG_HOST | The address of the PostgreSQL server | 127.0.0.1 | No |
| PG_PORT | The port on which the PostgreSQL server is running | 5432 | No |
| PG_DATABASE | The name of the PostgreSQL database to connect to. | | No |
| PG_USERNAME | The username used for authenticating with PostgreSQL. | | No |
| PG_PASSWORD | The password associated with the PostgreSQL username. | | No |
| PG_SSL_CA | Path to the CA certificate for SSL connections with PostgreSQL. | | Yes |
| PG_SSL_KEY | Path to the client private key used for PostgreSQL SSL connections. | | Yes |
| PG_SSL_CERT | Path to the client certificate for PostgreSQL SSL connections. | | Yes |
| PG_SSL_SERVER_NAME | The server name used for SNI (Server Name Indication) in PostgreSQL SSL connections. | | Yes |
| PG_TLS_REJECT_UNAUTHORIZED | Specifies whether to reject unauthorized SSL certificates (true/false). | true | Yes |
Certificate/key values can be specified as file paths or direct strings.
Self-signed certificates are allowed by setting PG_TLS_REJECT_UNAUTHORIZED to false, but this is not recommended in production environments.
These variables are optional and should only be configured if SSL/TLS is required for PostgreSQL connections.
System Email Configuration (Optional)#
The system email is used to send password reset emails when a user requests a password reset via the 'Forgot Password' function.Environment variable values are case-sensitive. Please ensure that the correct capitalization is used when setting or referencing environment variables.
| Environment Variable | Description | Default Value |
|---|
| MAILER_HOST | The SMTP server address for email delivery. | |
| MAILER_PORT | The SMTP server port (e.g., 465 for SSL, 587 for TLS). | |
| MAILER_SECURE | Whether to use SSL/TLS encryption for email transmission. Values: true, false. | |
| MAILER_USER | The email address used as the sender's address. | |
| MAILER_PASSWORD | The password for the sender's email address. | |
Testing Email Configuration#
To test the email connection, run the following command from within the container to check connectivity to the MAILER_HOST:If the configuration is correct, you should see output like:Connection to smtp.gmail.com port 465 [tcp/urd] succeeded!
nc: connectx to smtp.gmail.com port 465 (tcp) failed: Operation timed out
Using AWS SES#
To use AWS SES as the email provider, configure the following additional environment variables:| Parameter | Default Value | Description |
|---|
| MAILER_USING_AWS_SES | false | Whether to use AWS SES (true/false) |
| MAILER_SES_ACCESS_KEY | | AWS Access Key for SES authentication. |
| MAILER_SES_ACCESS_SECRET | | AWS Secret Key for SES authentication. |
| Parameter | Default Value | Description |
|---|
| MAILER_SES_SENDING_RATE | 14 | Maximum emails per second. |
| MAILER_SES_MAX_CONNECTIONS | 50 | Maximum concurrent connections to SES. |
| MAILER_SES_API_VERSION | '2012-10-17' | The SES API version. |
| MAILER_SES_REGION | 'us-east-1' | The AWS region. |
Feature Configuration (Optional)#
Environment variable values are case-sensitive. Please ensure that the correct capitalization is used when setting or referencing environment variables.
| Environment Variable | Description | Default Value | Other |
|---|
| NOT_FOUND_PAGE_URL | Sets the redirection URL for backend service 404 errors. The URL must be a relative path that starts with a / | /help/index.html | Optional |
| REPLACE_PORT_NUMBER_80 | Replaces the default HTTP port 80 with a non-privileged port number (greater than 1023) for HTTP access. | | Optional |
| REPLACE_PORT_NUMBER_443 | Replaces the default HTTPS port 443 with a non-privileged port number (greater than 1023) for HTTPS access. | | Optional |
Collaboration and Runner Service (Optional)#
Version Requirement: Requires version 2.6.1 or later. If using the Runner container, following environment must be configured with the Apidog container for the Runner to function correctly.
| Variable Name | Description | Default Value | Required for Real-time Sync |
|---|
| RTM_QUEUE_ENABLE | Enable collaboration/runner requests | false | Yes |
| RTM_REDIS_HOST | Redis server address | | Yes |
| RTM_REDIS_PORT | Redis server port | | Yes |
| RTM_REDIS_PASSWORD | Redis password (optional) | | Yes |
| RTM_REDIS_DB | Redis database | | Yes |
| RTM_REDIS_TLS_ENABLED | Redis TLS connection | false | |
By default, the RTM_REDIS_(HOST|PORT|PASSWORD|DB|TLS_ENABLED) variables inherit their values from the corresponding REDIS_(HOST|PORT|PASSWORD|DB|TLS_ENABLED) variables.Here is an example using environment variables with a Docker run command:However, you can specify a different set of values for the RTM Redis configuration by explicitly setting these variables.Here is a different example that explicitly setting these variables:If you have a gateway or reverse proxy (e.g., Nginx or ALB) in front of the service, add the following configuration (remember to replace http://apidog-service.example.com with your Apidog service actual URL): location /ws {
proxy_pass http://apidog-service.example.com/ws;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_connect_timeout 7d;
proxy_send_timeout 7d;
proxy_read_timeout 7d;
}
HTTPS Configuration (Optional)#
To enable HTTPS access to the server, configure the following environment variables.If your server access protocol need to be updated from HTTP to HTTPS, please contact customer support to obtain a new license and update your BASE_URL environment variable.
| Environment Variable | Description | Default Value | Required |
|---|
SERVER_SSL_CERTIFICATE | HTTPS certificate content (use this method if not mounting the certificate file). | | Optional |
SERVER_SSL_CERTIFICATE_KEY | HTTPS certificate key content (use this method if not mounting the key file). | | Optional |
SERVER_SSL_CERTIFICATE_FILE | Path to the HTTPS certificate file within the container (required when mounting the certificate file). | | Optional |
SERVER_SSL_CERTIFICATE_KEY_FILE | Path to the HTTPS certificate key file within the container (required when mounting the key file). | | Optional |
Using LDAP for authentication#
Environment variable values are case-sensitive. Please ensure that the correct capitalization is used when setting or referencing environment variables.
| Environment Variable | Description | Default Value | Other |
|---|
| LDAP_ENABLE | Whether to enable LDAP login service | | Set to true to enable |
| LDAP_URL | The address of the LDAP service in the format ldap://ip:port. For example, ldap://127.0.0.1:389 | | Required when LDAP is enabled |
| LDAP_BIND_USER | The account used to connect to LDAP. For example, cn=admin,dc=example,dc=org | | Required when LDAP is enabled |
| LDAP_BIND_PASSWORD | The password used to connect to LDAP. When anonymous access is disabled in LDAP, the administrator account and password must be configured | | Required when LDAP is enabled |
| LDAP_BASE_DN | LDAP Base DN, the Base Dn used for LDAP username retrieval. For example, dc=example,dc=org | | Required when LDAP is enabled |
| LDAP_USER_ID_ATTR | Default is dn, based on the standard openldap LDAP service, which has a unique dn field used as the unique id for ldap user attributes; if there is a username or email, you can also configure the username (name) or email (mail) | dn | Required when LDAP is enabled, if there is an email field, it is recommended to use mail first |
| LDAP_LOGIN_TITLE | Default is LDAP Login, the form name on the login page | LDAP Login | Optional |
| LDAP_USERNAME_ATTR | Used for username login, search, and display. It is recommended to keep it unique. If it appears duplicated, a random number will be added after the username. By default, it will take the uid field of openldap's standard LDAP service | uid | Optional |
| LDAP_USER_EMAIL_ATTR | Email field used for login and search. By default, it will take the mail attribute of openldap's standard LDAP service. Private users can choose not to configure mail, and using username login will not be affected | mail | Optional |
| LDAP_EMPLOYEE_NUMBER_ATTR | Mapping field for employee number, can be used for search | | Optional |
| LDAP_SEARCH_FILTER | Search filter for ldap service | | Optional |
Using OKTA for authentication#
Environment variable values are case-sensitive. Please ensure that the correct capitalization is used when setting or referencing environment variables.
| Environment Variable | Description | Default Value | Other |
|---|
| OKTA_ENABLE | Whether to enable Okta login service | | Supported from version v2.1.24. Set to "true" to enable, or leave blank or unset to disable |
| OKTA_CLIENT_ID | Okta application ID | | Must be filled in when Okta service is enabled |
| OKTA_CLIENT_SECRET | Okta application access secret | | Must be filled in when Okta service is enabled |
| OKTA_DOMAIN | Okta API access domain | | Must be filled in when Okta service is enabled |
| OKTA_LOGIN_USER_ID_ATTR | Default value is "id", used as the unique ID for Okta user attributes | id | Optional |
Using Amazon S3 or other S3-compatible storage services#
Environment variable values are case-sensitive. Please ensure that the correct capitalization is used when setting or referencing environment variables.
| Environment Variable | Description | Default Value | Other |
|---|
| STORAGE_DRIVER | File storage option. AWS S3 storage service can be configured as 's3'. | file | If not set, it will default to local file storage. |
| STORAGE_ACCESS_KEY | Access Key for cloud storage service. | | Required if STORAGE_DRIVER is set to a cloud service. |
| STORAGE_ACCESS_SECRET | Access Secret for cloud storage service. | | Required if STORAGE_DRIVER is set to a cloud service. |
| STORAGE_BASE_PATH | Root path of cloud storage. | /apidog | Should start with '/'. Optional. |
| STORAGE_REGION | Storage region set for cloud storage service. | | Optional if STORAGE_DRIVER is set to a cloud service. |
| STORAGE_BUCKET | Bucket (container) name set for cloud storage service. Image access will require permissions by default. | | Required if STORAGE_DRIVER is set to a cloud service. |
| STORAGE_URL_EXPIRES | Expiration time (in seconds) for authorized image access. | 1800 | Optional. |
| STORAGE_BASE_URL | Access domain name of the Bucket (container) set for cloud storage service, or the access path for local storage. | | Required. |
| STORAGE_CUSTOM_ENDPOINT | Custom storage endpoint for cloud storage (e.g., S3 custom CNAME). | | Optional. |
| STORAGE_BUCKET_PATH_STYLE | Cloud storage address concatenation mode (e.g., S3 path style). | | Optional. |
| PUBLIC_STORAGE_ENABLE | Indicates whether the cloud storage service has a public Bucket (container) name for storing public images, where image access does not require permissions. | | Only effective when set to "true". |
| PUBLIC_STORAGE_BUCKET | Public Bucket (container) name set for the cloud storage service for storing public images. | | If not set, STORAGE_BUCKET will be used. |
| PUBLIC_STORAGE_BASE_URL | Access domain name of the public Bucket (container) set for the cloud storage service, or the access path for local storage. | | If not set, STORAGE_BASE_URL will be used. |
Here's the optimized English version of the text, suitable for a SaaS product's technical support documentation:Login security options#
| Environment Variable Name | Description | Default Value | Notes |
|---|
| DISABLE_USER_REGISTRATION | Disable user registration. | true when SSO is configured, otherwise false. | Optional: true or false. true disables registration. If unset, the default value is used. |
| FORCE_SSO_LOGIN | Enforce SSO login only (when SSO is configured). | true | Optional: true or false. |
| DISABLE_SSO_ACCOUNT_CREATION | Prevent automatic account creation via SSO login; only allow manual account creation in the Apidog admin panel. | false | Optional: true or false. |
| DISABLE_REGISTER | Disable the registration feature. | | Deprecated. Not recommended. Optional: true or false. true disables registration. If unset, registration is allowed. When enabled, only manual account creation in the admin panel is permitted (SSO login will also be prevented from creating new accounts). |
| PASSWORD_ERROR_RATE_LIMIT_DURATION | Login error rate limit (time interval), in seconds. | 1800 | |
| PASSWORD_ERROR_RATE_LIMIT_MAX | Maximum allowed login errors within the time interval. | 15 | 0 means no limit. |
| PASSWORD_TRANSFER_EXTRA_ENCRYPTION | Enable password encryption during transmission. | | Optional. Set to true to enable. |
| SECRET_KEY_FOR_COMMON_CASE | RSA encryption key pair. | | Example: [{"public":"Base64 encoded public key","private":"Base64 encoded private key"}] |
| APP_DOMAIN_WHITE_LIST | CORS (Cross-Origin Resource Sharing) related. Set domains allowed for cross-origin access to the backend service. | | Supported from server version 2.3.12 onwards. Example: http://apidog.com,https://apidog.com,http://app.apidog.com |
Admin Panel#
Environment variable values are case-sensitive. Please ensure that the correct capitalization is used when setting or referencing environment variables.
The environment variable for the administrative username is: ADMIN_USERNAME
The environment variable for the administrative password is: ADMIN_PASSWORD
In this context, {BASE_URL} represents the address configured in the BASE_URL variable.
