Configuration
All Tindra configuration is done via environment variables. No config files.
Required#
| Variable |
Description |
DATABASE_URL |
Postgres connection string, e.g. postgres://user:pass@host/db?sslmode=disable |
PUBLIC_URL |
The public-facing URL of your instance, e.g. https://tindra.example.com |
Server#
| Variable |
Default |
Description |
BIND_ADDR |
:8080 |
TCP address (host:port) or Unix socket path (unix:/run/tindra/tindra.sock) |
SOCKET_MODE |
0660 |
Unix socket permissions (octal). 0660 allows owner and group only. Set to 0666 when bind-mounting the socket out of Docker so the host proxy can connect without UID/GID alignment. In a docker-compose.yml environment block you must quote this value (SOCKET_MODE: "0666"), otherwise YAML parses it as the integer 438. |
DATA_DIR |
/data |
Directory for file storage (attachments, etc.) |
LOG_LEVEL |
info |
Log verbosity: debug, info, warn, error |
LOG_FORMAT |
text |
Log format: text or json |
COOKIE_SECURE |
false |
Set to true when serving over HTTPS |
CORS_ORIGIN |
(unset) |
Allowed CORS origin when the API and UI are on different domains |
Limits#
By default Tindra is unlimited. These caps are useful on shared or managed instances.
| Variable |
Default |
Description |
RETENTION_DAYS |
90 |
Days to keep events and issues. 0 keeps forever. |
PROJECT_LIMIT |
0 |
Max projects per instance. 0 is unlimited. |
EVENT_LIMIT |
0 |
Max events ingested per month. 0 is unlimited. |
USER_LIMIT |
0 |
Max user accounts. 0 is unlimited. |
LOG_ROW_LIMIT |
0 |
Max log entries stored across the whole instance. When the cap is reached, the oldest entries are deleted to make room. 0 is unlimited. |
TX_ROW_LIMIT |
0 |
Max transaction rows stored across the whole instance. When the cap is reached, the oldest entries are deleted to make room. 0 is unlimited. |
Rate limiting#
| Variable |
Default |
Description |
RATE_LIMIT_LOGIN |
10 |
Max login attempts per IP per 15 minutes. 0 disables. |
RATE_LIMIT_ENVELOPE |
300 |
Max event envelope POSTs per project per minute. 0 disables. |
Networking#
| Variable |
Default |
Description |
TRUSTED_PROXIES |
(unset) |
Comma-separated CIDRs or IPs whose X-Forwarded-For header is trusted for rate limiting and IP detection, e.g. 10.0.0.0/8,172.16.0.0/12. Leave empty when Tindra is directly internet-facing. |
WEBHOOK_ALLOW_PRIVATE_IPS |
false |
Allow alert webhook and Slack/Discord deliveries to private or internal IP addresses. |
Security#
| Variable |
Default |
Description |
REQUIRE_MFA |
true |
Enforce MFA setup before users can access the app. When enabled, users without 2FA are redirected to /setup-mfa on first login. Set to false to make MFA optional. |
Internal#
| Variable |
Default |
Description |
STATS_API_KEY |
(unset) |
Bearer token required to call GET /api/stats. Leave empty to disable the endpoint. |
DISABLE_VERSION_CHECK |
false |
Set to true to disable the periodic check for new Tindra versions. When enabled, the server contacts https://www.tindra.sh/version-update-check every 6 hours and shows a notice in Settings > Overview. Useful for air-gapped environments. |
BILLING_URL |
(unset) |
URL of your billing portal. When set, a billing link appears in settings and event-limit banners. |
Email#
Set EMAIL_PROVIDER to enable outbound email for alerts and invitations. Leave it unset to disable email entirely.
Common#
| Variable |
Description |
EMAIL_PROVIDER |
One of: smtp, postmark, brevo, ahasend, lettermint, cloudflare |
EMAIL_FROM |
Sender address, e.g. alerts@example.com |
EMAIL_FROM_NAME |
Sender display name, e.g. Tindra Alerts |
SMTP#
| Variable |
Description |
SMTP_HOST |
SMTP server hostname |
SMTP_PORT |
Port, typically 587 (STARTTLS) or 465 (implicit TLS) |
SMTP_USERNAME |
SMTP username |
SMTP_PASSWORD |
SMTP password |
Postmark#
| Variable |
Description |
POSTMARK_API_KEY |
Server API token from the Postmark dashboard |
Brevo#
| Variable |
Description |
BREVO_API_KEY |
API key from the Brevo dashboard |
AhaSend#
| Variable |
Description |
AHASEND_API_KEY |
API key from your AhaSend account |
Lettermint#
| Variable |
Description |
LETTERMINT_API_KEY |
API key from the Lettermint dashboard |
Cloudflare Email Routing#
| Variable |
Description |
CLOUDFLARE_EMAIL_API_TOKEN |
Cloudflare API token with Email Routing write permissions |
CLOUDFLARE_ACCOUNT_ID |
Your Cloudflare account ID |
OAuth / SSO#
See Authentication for OAuth configuration variables.
Docker Compose example#
environment:
DATABASE_URL: postgres://tindra:secret@db/tindra
PUBLIC_URL: https://tindra.example.com
BIND_ADDR: ":8080"
COOKIE_SECURE: "true"
RETENTION_DAYS: "90"
EMAIL_PROVIDER: smtp
EMAIL_FROM: alerts@example.com
SMTP_HOST: mail.example.com
SMTP_PORT: "587"
SMTP_USERNAME: alerts@example.com
SMTP_PASSWORD: your-password