Environment Variables
Appwrite environment variables allow you to edit your server setup configuration and customize it. You can easily change the environment variables by changing them when running Appwrite using Docker CLI or Docker Compose.
Updating your Appwrite environment variables requires you to edit your Appwrite .env file. Your Docker files should be located inside the "appwrite" folder at the location where you first run the Appwrite installation script. It's recommended to use the .env file as a central point for updating your Appwrite configuration rather than changing them directly in your docker-compose.yml file.
After editing your docker-compose.yml or .env files, you will need to recreate your Appwrite stack by running the following compose command in your terminal:
docker compose up -dYou can verify if the changes have been successfully applied by running this command:
docker compose exec appwrite varsAll Options:
General
| Name | Description |
|---|---|
| _APP_ENV | Set your server running environment. By default, the var is set to 'development'. When deploying to production, change it to: 'production'. |
| _APP_LOCALE | Set your Appwrite's locale. By default, the locale is set to 'en'. |
| _APP_OPTIONS_ABUSE | Allows you to disable abuse checks and API rate limiting. By default, set to 'enabled'. To cancel the abuse checking, set to 'disabled'. It is not recommended to disable this check-in a production environment. |
| _APP_OPTIONS_FORCE_HTTPS | Allows you to force HTTPS connection to your API. This feature redirects any HTTP call to HTTPS and adds the 'Strict-Transport-Security' header to all HTTP responses. By default, set to 'enabled'. To disable, set to 'disabled'. This feature will work only when your ports are set to default 80 and 443. |
| _APP_OPENSSL_KEY_V1 | This is your server private secret key that is used to encrypt all sensitive data on your server. Appwrite server encrypts all secret data on your server like webhooks, HTTP passwords, user sessions, and storage files. The var is not set by default, if you wish to take advantage of Appwrite encryption capabilities you should change it and make sure to keep it a secret and have a backup for it. |
| _APP_DOMAIN | Your Appwrite domain address. When setting a public suffix domain, Appwrite will attempt to issue a valid SSL certificate automatically. When used with a dev domain, Appwrite will assign a self-signed SSL certificate. The default value is 'localhost'. |
| _APP_DOMAIN_TARGET | A DNS A record hostname to serve as a CNAME target for your Appwrite custom domains. You can use the same value as used for the Appwrite '_APP_DOMAIN' variable. The default value is 'localhost'. |
| _APP_CONSOLE_WHITELIST_ROOT version >= 0.8.0 | This option allows you to disable the creation of new users on the Appwrite console. When enabled only 1 user will be able to use the registration form. New users can be added by inviting them to your project. By default this option is enabled. |
| _APP_CONSOLE_WHITELIST_EMAILS | This option allows you to limit creation of new users on the Appwrite console. This option is very useful for small teams or sole developers. To enable it, pass a list of allowed email addresses separated by a comma. |
| _APP_CONSOLE_WHITELIST_IPS | This last option allows you to limit creation of users in Appwrite console for users sharing the same set of IP addresses. This option is very useful for team working with a VPN service or a company IP. To enable/activate this option, pass a list of allowed IP addresses separated by a comma. |
| _APP_SYSTEM_EMAIL_NAME version >= 0.7.0 | This is the sender name value that will appear on email messages sent to developers from the Appwrite console. The default value is: 'Appwrite'. You can use url encoded strings for spaces and special chars. |
| _APP_SYSTEM_EMAIL_ADDRESS version >= 0.7.0 | This is the sender email address that will appear on email messages sent to developers from the Appwrite console. The default value is 'team@appwrite.io'. You should choose an email address that is allowed to be used from your SMTP server to avoid the server email ending in the users' SPAM folders. |
| _APP_SYSTEM_RESPONSE_FORMAT version >= 0.7.0 | Use this environment variable to set the default Appwrite HTTP response format to support an older version of Appwrite. This option is useful to overcome breaking changes between versions. You can also use the |
| _APP_SYSTEM_SECURITY_EMAIL_ADDRESS version >= 0.7.0 | This is the email address used to issue SSL certificates for custom domains or the user agent in your webhooks payload. |
| _APP_USAGE_STATS version >= 0.7.0 | This variable allows you to disable the collection and displaying of usage stats. This value is set to 'enabled' by default, to disable the usage stats set the value to 'disabled'. When disabled, it's recommended to turn off the Worker Usage, Influxdb and Telegraf containers for better resource usage. |
| _APP_LOGGING_PROVIDER version >= 0.12.0 | This variable allows you to enable logging errors to 3rd party providers. This value is empty by default, to enable the logger set the value to one of 'sentry', 'raygun', 'appSignal', 'logOwl' |
| _APP_LOGGING_CONFIG version >= 0.12.0 | This variable configures authentication to 3rd party error logging providers. If using Sentry, this should be 'SENTRY_API_KEY;SENTRY_APP_ID'. If using Raygun, this should be Raygun API key. If using AppSignal, this should be AppSignal API key. If using LogOwl, this should be LogOwl Service Ticket. |
| _APP_USAGE_AGGREGATION_INTERVAL version >= 1.1.0 | Interval value containing the number of seconds that the Appwrite usage process should wait before aggregating stats and syncing it to Database from TimeSeries data. The default value is 30 seconds. Reintroduced in 1.1.0. |
| _APP_USAGE_TIMESERIES_INTERVAL version >= 1.0.0 | Deprecated since 1.1.0 use _APP_USAGE_AGGREGATION_INTERVAL instead. |
| _APP_USAGE_DATABASE_INTERVAL version >= 1.0.0 | Deprecated since 1.1.0 use _APP_USAGE_AGGREGATION_INTERVAL instead. |
| _APP_WORKER_PER_CORE version >= 0.13.0 | Internal Worker per core for the API, Realtime and Executor containers. Can be configured to optimize performance. |
Redis
Appwrite uses a Redis server for managing cache, queues and scheduled tasks. The Redis env vars are used to allow Appwrite server to connect to the Redis container.
| Name | Description |
|---|---|
| _APP_REDIS_HOST | Redis server hostname address. Default value is: 'redis'. |
| _APP_REDIS_PORT | Redis server TCP port. Default value is: '6379'. |
| _APP_REDIS_USER version >= 0.7 | Redis server user. This is an optional variable. Default value is an empty string. |
| _APP_REDIS_PASS version >= 0.7 | Redis server password. This is an optional variable. Default value is an empty string. |
MariaDB
Appwrite is using a MariaDB server for managing persistent database data. The MariaDB env vars are used to allow Appwrite server to connect to the MariaDB container.
| Name | Description |
|---|---|
| _APP_DB_HOST | MariaDB server host name address. Default value is: 'mariadb'. |
| _APP_DB_PORT | MariaDB server TCP port. Default value is: '3306'. |
| _APP_DB_SCHEMA | MariaDB server database schema. Default value is: 'appwrite'. |
| _APP_DB_USER | MariaDB server user name. Default value is: 'user'. |
| _APP_DB_PASS | MariaDB server user password. Default value is: 'password'. |
| _APP_DB_ROOT_PASS | MariaDB server root password. Default value is: 'rootsecretpassword'. |
InfluxDB
Appwrite uses an InfluxDB server for managing time-series data and server stats. The InfluxDB env vars are used to allow Appwrite server to connect to the InfluxDB container.
| Name | Description |
|---|---|
| _APP_INFLUXDB_HOST | InfluxDB server host name address. Default value is: 'influxdb'. |
| _APP_INFLUXDB_PORT | InfluxDB server TCP port. Default value is: '8086'. |
StatsD
Appwrite uses a StatsD server for aggregating and sending stats data over a fast UDP connection. The StatsD env vars are used to allow Appwrite server to connect to the StatsD container.
| Name | Description |
|---|---|
| _APP_STATSD_HOST | StatsD server host name address. Default value is: 'telegraf'. |
| _APP_STATSD_PORT | StatsD server TCP port. Default value is: '8125'. |
SMTP
Appwrite is using an SMTP server for emailing your projects users and server admins. The SMTP env vars are used to allow Appwrite server to connect to the SMTP container.
If running in production, it might be easier to use a 3rd party SMTP server as it might be a little more difficult to set up a production SMTP server that will not send all your emails into your user\'s SPAM folder.
| Name | Description |
|---|---|
| _APP_SMTP_HOST | SMTP server host name address. Use an empty string to disable all mail sending from the server. The default value for this variable is an empty string |
| _APP_SMTP_PORT | SMTP server TCP port. Empty by default. |
| _APP_SMTP_SECURE | SMTP secure connection protocol. Empty by default, change to 'tls' if running on a secure connection. |
| _APP_SMTP_USERNAME | SMTP server user name. Empty by default. |
| _APP_SMTP_PASSWORD | SMTP server user password. Empty by default. |
Phone
| Name | Description |
|---|---|
| _APP_SMS_PROVIDER version >= 0.15.0 | Provider used for delivering SMS for Phone authentication. Use the following format: 'sms://[USER]:[SECRET]@[PROVIDER]'. Available providers are twilio, text-magic, telesign, msg91, and vonage. |
| _APP_SMS_FROM version >= 0.15.0 | Phone number used for sending out messages. Must start with a leading '+' and maximum of 15 digits without spaces (+123456789). |
Storage
| Name | Description |
|---|---|
| _APP_STORAGE_LIMIT version >= 0.7.0 | Maximum file size allowed for file upload. The default value is 30MB. You should pass your size limit value in bytes. |
| _APP_STORAGE_PREVIEW_LIMIT version >= 0.13.4 | Maximum file size allowed for file image preview. The default value is 20MB. You should pass your size limit value in bytes. |
| _APP_STORAGE_ANTIVIRUS | This variable allows you to disable the internal anti-virus scans. This value is set to 'disabled' by default, to enable the scans set the value to 'enabled'. Before enabling, you must add the ClamAV service and depend on it on main Appwrite service. |
| _APP_STORAGE_ANTIVIRUS_HOST version >= 0.7.0 | ClamAV server host name address. Default value is: 'clamav'. |
| _APP_STORAGE_ANTIVIRUS_PORT version >= 0.7.0 | ClamAV server TCP port. Default value is: '3310'. |
| _APP_STORAGE_DEVICE version >= 0.13.0 | Select default storage device. The default value is 'local'. List of supported adapters are 'local', 's3', 'dospaces', 'backblaze', 'linode' and 'wasabi'. |
| _APP_STORAGE_S3_ACCESS_KEY version >= 0.13.0 | AWS S3 storage access key. Required when the storage adapter is set to S3. You can get your access key from your AWS console |
| _APP_STORAGE_S3_SECRET version >= 0.13.0 | AWS S3 storage secret key. Required when the storage adapter is set to S3. You can get your secret key from your AWS console. |
| _APP_STORAGE_S3_REGION version >= 0.13.0 | AWS S3 storage region. Required when storage adapter is set to S3. You can find your region info for your bucket from AWS console. |
| _APP_STORAGE_S3_BUCKET version >= 0.13.0 | AWS S3 storage bucket. Required when storage adapter is set to S3. You can create buckets in your AWS console. |
| _APP_STORAGE_DO_SPACES_ACCESS_KEY version >= 0.13.0 | DigitalOcean spaces access key. Required when the storage adapter is set to DOSpaces. You can get your access key from your DigitalOcean console. |
| _APP_STORAGE_DO_SPACES_SECRET version >= 0.13.0 | DigitalOcean spaces secret key. Required when the storage adapter is set to DOSpaces. You can get your secret key from your DigitalOcean console. |
| _APP_STORAGE_DO_SPACES_REGION version >= 0.13.0 | DigitalOcean spaces region. Required when storage adapter is set to DOSpaces. You can find your region info for your space from DigitalOcean console. |
| _APP_STORAGE_DO_SPACES_BUCKET version >= 0.13.0 | DigitalOcean spaces bucket. Required when storage adapter is set to DOSpaces. You can create spaces in your DigitalOcean console. |
| _APP_STORAGE_BACKBLAZE_ACCESS_KEY version >= 0.14.2 | Backblaze access key. Required when the storage adapter is set to Backblaze. Your Backblaze keyID will be your access key. You can get your keyID from your Backblaze console. |
| _APP_STORAGE_BACKBLAZE_SECRET version >= 0.14.2 | Backblaze secret key. Required when the storage adapter is set to Backblaze. Your Backblaze applicationKey will be your secret key. You can get your applicationKey from your Backblaze console. |
| _APP_STORAGE_BACKBLAZE_REGION version >= 0.14.2 | Backblaze region. Required when storage adapter is set to Backblaze. You can find your region info from your Backblaze console. |
| _APP_STORAGE_BACKBLAZE_BUCKET version >= 0.14.2 | Backblaze bucket. Required when storage adapter is set to Backblaze. You can create your bucket from your Backblaze console. |
| _APP_STORAGE_LINODE_ACCESS_KEY version >= 0.14.2 | Linode object storage access key. Required when the storage adapter is set to Linode. You can get your access key from your Linode console. |
| _APP_STORAGE_LINODE_SECRET version >= 0.14.2 | Linode object storage secret key. Required when the storage adapter is set to Linode. You can get your secret key from your Linode console. |
| _APP_STORAGE_LINODE_REGION version >= 0.14.2 | Linode object storage region. Required when storage adapter is set to Linode. You can find your region info from your Linode console. |
| _APP_STORAGE_LINODE_BUCKET version >= 0.14.2 | Linode object storage bucket. Required when storage adapter is set to Linode. You can create buckets in your Linode console. |
| _APP_STORAGE_WASABI_ACCESS_KEY version >= 0.14.2 | Wasabi access key. Required when the storage adapter is set to Wasabi. You can get your access key from your Wasabi console. |
| _APP_STORAGE_WASABI_SECRET version >= 0.14.2 | Wasabi secret key. Required when the storage adapter is set to Wasabi. You can get your secret key from your Wasabi console. |
| _APP_STORAGE_WASABI_REGION version >= 0.14.2 | Wasabi region. Required when storage adapter is set to Wasabi. You can find your region info from your Wasabi console. |
| _APP_STORAGE_WASABI_BUCKET version >= 0.14.2 | Wasabi bucket. Required when storage adapter is set to Wasabi. You can create buckets in your Wasabi console. |
Functions
| Name | Description |
|---|---|
| _APP_FUNCTIONS_SIZE_LIMIT version >= 0.13.0 | The maximum size deployment in bytes. The default value is 30MB. |
| _APP_FUNCTIONS_TIMEOUT version >= 0.7.0 | The maximum number of seconds allowed as a timeout value when creating a new function. The default value is 900 seconds. This is the global limit, timeout for individual functions are configured in the function's settings or in appwrite.json. |
| _APP_FUNCTIONS_BUILD_TIMEOUT version >= 0.13.0 | The maximum number of seconds allowed as a timeout value when building a new function. The default value is 900 seconds. |
| _APP_FUNCTIONS_CONTAINERS version >= 0.7.0 | The maximum number of containers Appwrite is allowed to keep alive in the background for function environments. Running containers allow faster execution time as there is no need to recreate each container every time a function gets executed. The default value is 10. |
| _APP_FUNCTIONS_CPUS version >= 0.7.0 | The maximum number of CPU core a single cloud function is allowed to use. Please note that setting a value higher than available cores will result in a function error, which might result in an error. The default value is empty. When it's empty, CPU limit will be disabled. |
| _APP_FUNCTIONS_MEMORY version >= 0.7.0 | The maximum amount of memory a single cloud function is allowed to use in megabytes. The default value is empty. When it's empty, memory limit will be disabled. |
| _APP_FUNCTIONS_MEMORY_SWAP version >= 0.7.0 | The maximum amount of swap memory a single cloud function is allowed to use in megabytes. The default value is empty. When it's empty, swap memory limit will be disabled. |
| _APP_FUNCTIONS_RUNTIMES version >= 0.8.0 | This option allows you to enable or disable runtime environments for cloud functions. Disable unused runtimes to save disk space. To enable cloud function runtimes, pass a list of enabled environments separated by a comma. Currently, supported environments are: node-14.5, node-16.0, node-18.0, php-8.0, php-8.1, ruby-3.0, ruby-3.1, python-3.8, python-3.9, python-3.10, deno-1.21, deno-1.24, dart-2.15, dart-2.16, dart-2.17, dotnet-3.1, dotnet-6.0, java-8.0, java-11.0, java-17.0, java-18.0, swift-5.5, kotlin-1.6, cpp-17.0 |
| _APP_EXECUTOR_SECRET version >= 0.13.0 | The secret key used by Appwrite to communicate with the function executor. Make sure to change this! |
| _APP_EXECUTOR_HOST version >= 0.13.0 | The host used by Appwrite to communicate with the function executor! |
| _APP_EXECUTOR_RUNTIME_NETWORK version >= 0.13.0 | Deprecated with 0.14.0, use 'OPEN_RUNTIMES_NETWORK' instead! |
| _APP_FUNCTIONS_ENVS version >= 0.7.0 | Deprecated with 0.8.0, use '_APP_FUNCTIONS_RUNTIMES' instead! |
| _APP_FUNCTIONS_INACTIVE_THRESHOLD version >= 0.13.0 | The minimum time a function must be inactive before it can be shut down and cleaned up. This feature is intended to clean up unused containers. Containers may remain active for longer than the interval before being shut down, as Appwrite only cleans up unused containers every hour. If no value is provided, the default is 60 seconds. |
| DOCKERHUB_PULL_USERNAME version >= 0.10.0 | The username for hub.docker.com. This variable is used to pull images from hub.docker.com. |
| DOCKERHUB_PULL_PASSWORD version >= 0.10.0 | The password for hub.docker.com. This variable is used to pull images from hub.docker.com. |
| DOCKERHUB_PULL_EMAIL version >= 0.10.0 | The email for hub.docker.com. This variable is used to pull images from hub.docker.com. |
| OPEN_RUNTIMES_NETWORK version >= 0.13.0 | The docker network used for communication between the executor and runtimes. Change this if you have altered the default network names. |
Maintenance
| Name | Description |
|---|---|
| _APP_MAINTENANCE_INTERVAL version >= 0.7.0 | Interval value containing the number of seconds that the Appwrite maintenance process should wait before executing system cleanups and optimizations. The default value is 86400 seconds (1 day). |
| _APP_MAINTENANCE_RETENTION_CACHE version >= 1.0.0 | The maximum duration (in seconds) upto which to retain cached files. The default value is 2592000 seconds (30 days). |
| _APP_MAINTENANCE_RETENTION_EXECUTION version >= 0.7.0 | The maximum duration (in seconds) upto which to retain execution logs. The default value is 1209600 seconds (14 days). |
| _APP_MAINTENANCE_RETENTION_AUDIT version >= 0.7.0 | IThe maximum duration (in seconds) upto which to retain audit logs. The default value is 1209600 seconds (14 days). |
| _APP_MAINTENANCE_RETENTION_ABUSE version >= 0.7.0 | The maximum duration (in seconds) upto which to retain abuse logs. The default value is 86400 seconds (1 day). |
| _APP_MAINTENANCE_RETENTION_USAGE_HOURLY | The maximum duration (in seconds) upto which to retain hourly usage metrics. The default value is 8640000 seconds (100 days). |
GraphQL
| Name | Description |
|---|---|
| _APP_GRAPHQL_MAX_BATCH_SIZE version >= 1.2.0 | Maximum number of batched queries per request. The default value is 10. |
| _APP_GRAPHQL_MAX_COMPLEXITY version >= 1.2.0 | Maximum complexity of a GraphQL query. One field adds one to query complexity. Lists multiply the complexity by the number of items requested. The default value is 250. |
| _APP_GRAPHQL_MAX_DEPTH version >= 1.2.0 | Maximum depth of a GraphQL query. One nested field level adds one to query depth. The default value is 3. |