Configuration

Configuration

All Tindra configuration is done via environment variables. No config files.

Required

Variable Description
DATABASE_URL Postgres connection string, e.g. postgres://user:pass@host/db?sslmode=disable
PUBLIC_URL The public-facing URL of your instance, e.g. https://tindra.example.com

Server

Variable Default Description
BIND_ADDR :8080 TCP address (host:port) or Unix socket path (unix:/run/tindra/tindra.sock)
SOCKET_MODE 0660 Unix socket permissions (octal). 0660 allows owner and group only. Set to 0666 when bind-mounting the socket out of Docker so the host proxy can connect without UID/GID alignment. In a docker-compose.yml environment block you must quote this value (SOCKET_MODE: "0666"), otherwise YAML parses it as the integer 438.
DATA_DIR /data Directory for file storage (attachments, etc.)
LOG_LEVEL info Log verbosity: debug, info, warn, error
LOG_FORMAT text Log format: text or json
COOKIE_SECURE false Set to true when serving over HTTPS
CORS_ORIGIN (unset) Allowed CORS origin when the API and UI are on different domains

Limits

By default Tindra is unlimited. These caps are useful on shared or managed instances.

Variable Default Description
RETENTION_DAYS 90 Days to keep events and issues. 0 keeps forever.
PROJECT_LIMIT 0 Max projects per instance. 0 is unlimited.
EVENT_LIMIT 0 Max events ingested per month. 0 is unlimited.
USER_LIMIT 0 Max user accounts. 0 is unlimited.
LOG_ROW_LIMIT 0 Max log entries stored across the whole instance. When the cap is reached, the oldest entries are deleted to make room. 0 is unlimited.
TX_ROW_LIMIT 0 Max transaction rows stored across the whole instance. When the cap is reached, the oldest entries are deleted to make room. 0 is unlimited.

Rate limiting

Variable Default Description
RATE_LIMIT_LOGIN 10 Max login attempts per IP per 15 minutes. 0 disables.
RATE_LIMIT_ENVELOPE 300 Max event envelope POSTs per project per minute. 0 disables.

Networking

Variable Default Description
TRUSTED_PROXIES (unset) Comma-separated CIDRs or IPs whose X-Forwarded-For header is trusted for rate limiting and IP detection, e.g. 10.0.0.0/8,172.16.0.0/12. Leave empty when Tindra is directly internet-facing.
WEBHOOK_ALLOW_PRIVATE_IPS false Allow alert webhook and Slack/Discord deliveries to private or internal IP addresses.

Security

Variable Default Description
REQUIRE_MFA true Enforce MFA setup before users can access the app. When enabled, users without 2FA are redirected to /setup-mfa on first login. Set to false to make MFA optional.

Internal

Variable Default Description
STATS_API_KEY (unset) Bearer token required to call GET /api/stats. Leave empty to disable the endpoint.
DISABLE_VERSION_CHECK false Set to true to disable the periodic check for new Tindra versions. When enabled, the server contacts https://www.tindra.sh/version-update-check every 6 hours and shows a notice in Settings > Overview. Useful for air-gapped environments.
BILLING_URL (unset) URL of your billing portal. When set, a billing link appears in settings and event-limit banners.

Email

Set EMAIL_PROVIDER to enable outbound email for alerts and invitations. Leave it unset to disable email entirely.

Common

Variable Description
EMAIL_PROVIDER One of: smtp, postmark, brevo, ahasend, lettermint, cloudflare
EMAIL_FROM Sender address, e.g. alerts@example.com
EMAIL_FROM_NAME Sender display name, e.g. Tindra Alerts

SMTP

Variable Description
SMTP_HOST SMTP server hostname
SMTP_PORT Port, typically 587 (STARTTLS) or 465 (implicit TLS)
SMTP_USERNAME SMTP username
SMTP_PASSWORD SMTP password

Postmark

Variable Description
POSTMARK_API_KEY Server API token from the Postmark dashboard

Brevo

Variable Description
BREVO_API_KEY API key from the Brevo dashboard

AhaSend

Variable Description
AHASEND_API_KEY API key from your AhaSend account

Lettermint

Variable Description
LETTERMINT_API_KEY API key from the Lettermint dashboard

Cloudflare Email Routing

Variable Description
CLOUDFLARE_EMAIL_API_TOKEN Cloudflare API token with Email Routing write permissions
CLOUDFLARE_ACCOUNT_ID Your Cloudflare account ID

OAuth / SSO

See Authentication for OAuth configuration variables.

Docker Compose example

environment:
  DATABASE_URL: postgres://tindra:secret@db/tindra
  PUBLIC_URL: https://tindra.example.com
  BIND_ADDR: ":8080"
  COOKIE_SECURE: "true"
  RETENTION_DAYS: "90"
  EMAIL_PROVIDER: smtp
  EMAIL_FROM: alerts@example.com
  SMTP_HOST: mail.example.com
  SMTP_PORT: "587"
  SMTP_USERNAME: alerts@example.com
  SMTP_PASSWORD: your-password