Configuration

Kuayle reads deployment settings from `selfhosting/.env`. Start from `.env.example`; the groups below cover the values that must be reviewed before a public deployment.

Production values

JWT_SECRET is required by the backend. DOMAIN and POSTGRES_PASSWORD have development-oriented defaults in the Compose file and must be replaced for a public deployment.

  • DOMAIN — your public domain (e.g. kuayle.yourcompany.com)
  • POSTGRES_PASSWORD — strong random password for the database
  • JWT_SECRET — random string, at least 32 characters, for signing auth tokens

Database and cache

The Compose service names are used by the default connection settings. Change these values only when you also change the corresponding database or Redis deployment.

  • POSTGRES_USER — database user (default: kuayle)
  • POSTGRES_DB — database name (default: kuayle)
  • REDIS_URL — Redis connection string (default: redis://redis:6379)

Backend settings

FRONTEND_URL controls public callbacks and allowed origins. SYSADMINS accepts user UUIDs that may access the system update controls.

  • ENVIRONMENT — production or development (default: production)
  • FRONTEND_URL — the public URL of your instance
  • SYSADMINS — comma-separated user IDs allowed to trigger updates

Optional: system updater

The optional updater sidecar exposes the repository’s update script to authorized sysadmins through Settings → Version. It mounts the Docker socket and repository, so review that trust boundary before enabling it.

  • SYSTEM_UPDATER_URL — internal updater endpoint (default: http://updater:8081)
  • SYSTEM_UPDATER_TOKEN — strong random token for updater auth
  • The updater runs the same selfhosting/update.sh script

Review Kuayle before you deploy it

Inspect the Apache 2.0 source, then follow the Docker Compose guide to run an instance on your infrastructure.