Configuration
Kuayle reads deployment settings from `selfhosting/.env`. Start from `.env.example`; the groups below cover the values that must be reviewed before a public deployment.
Production values
JWT_SECRET is required by the backend. DOMAIN and POSTGRES_PASSWORD have development-oriented defaults in the Compose file and must be replaced for a public deployment.
- DOMAIN — your public domain (e.g. kuayle.yourcompany.com)
- POSTGRES_PASSWORD — strong random password for the database
- JWT_SECRET — random string, at least 32 characters, for signing auth tokens
Database and cache
The Compose service names are used by the default connection settings. Change these values only when you also change the corresponding database or Redis deployment.
- POSTGRES_USER — database user (default: kuayle)
- POSTGRES_DB — database name (default: kuayle)
- REDIS_URL — Redis connection string (default: redis://redis:6379)
Backend settings
FRONTEND_URL controls public callbacks and allowed origins. SYSADMINS accepts user UUIDs that may access the system update controls.
- ENVIRONMENT — production or development (default: production)
- FRONTEND_URL — the public URL of your instance
- SYSADMINS — comma-separated user IDs allowed to trigger updates
Optional: system updater
The optional updater sidecar exposes the repository’s update script to authorized sysadmins through Settings → Version. It mounts the Docker socket and repository, so review that trust boundary before enabling it.
- SYSTEM_UPDATER_URL — internal updater endpoint (default: http://updater:8081)
- SYSTEM_UPDATER_TOKEN — strong random token for updater auth
- The updater runs the same selfhosting/update.sh script
Review Kuayle before you deploy it
Inspect the Apache 2.0 source, then follow the Docker Compose guide to run an instance on your infrastructure.