• English

      • Configuration Reference

      For containerized deployment, inject settings through environment variables.

      Read Basic first. Use Advanced only when you need it.

      API Settings

      TypeKeyDefaultPurpose and when to change
      BasicAPP_ENVdevelopmentRuntime mode; set production when going live.
      BasicSECRET_ENCRYPTION_KEYEmptySecret encryption key; required and stable in production.
      BasicDATABASE_URLpostgres://devops:devops@postgres:5432/devops?sslmode=disablePostgreSQL URL; change when using another database or credential.
      BasicREDIS_ADDRredis:6379Redis address; change when using external Redis.
      BasicPUBLIC_BASE_URLhttp://localhost:8088Public platform URL; change for public domain, HTTPS, or reverse proxy. OIDC Redirect URI is generated as {PUBLIC_BASE_URL}/api/v1/auth/oidc/callback.
      AdvancedAPI_ADDR:8080API listen address; change for custom container ports.
      AdvancedAPP_CORS_ORIGINShttp://localhost:8088Allowed frontend origins; change when frontend and API use different origins.
      AdvancedLOG_LEVELdebugLog level; production usually uses info.

      OIDC identity provider Redirect URI is generated from PUBLIC_BASE_URL, and the admin identity provider form shows a copyable value. Admission policy requires OIDC to return a non-empty email and email_verified=true by default. For trusted internal identity providers that cannot return the standard email_verified claim, disable “Require verified OIDC email” in the admission policy; the platform still requires a non-empty email.

      Before login, the frontend picks the first supported language from the browser language preference list. The supported languages are currently zh-CN and en-US. After login, the account language preference wins and is cached locally so the next page load uses the same language immediately.

      The public route link scheme is managed in Admin Settings / Gateway as gateway.publicScheme, defaulting to http. Set it to https when an outer CDN or reverse proxy already terminates HTTPS. It only changes console display and link targets; it does not request certificates.

      Worker Settings

      TypeKeyDefaultPurpose and when to change
      BasicAPP_ENVdevelopmentRuntime mode; keep it aligned with API.
      BasicSECRET_ENCRYPTION_KEYEmptyDecrypts saved secrets; must match API.
      BasicDATABASE_URLpostgres://devops:devops@postgres:5432/devops?sslmode=disablePostgreSQL URL; point to the same database as API.
      BasicREDIS_ADDRredis:6379Redis address; point to the same Redis as API.
      BasicBUILD_EXECUTOR_IMAGEmoby/buildkit:v0.24.0-rootlessBuildKit image; change when the build cluster cannot pull the default image.
      AdvancedLOG_LEVELdebugLog level; production usually uses info.
      AdvancedDEPLOY_ROLLOUT_TIMEOUT_SECONDS600Release wait timeout; increase for slow-starting apps.
      AdvancedCERT_MANAGER_CLUSTER_ISSUERletsencrypt-http01Certificate Issuer name; change when your cluster uses another name.
      AdvancedBUILD_EGRESS_MODEpermissiveBuild egress mode; set to restricted when strong isolation is required.
      AdvancedBUILD_JOB_TIMEOUT_SECONDS5400Build timeout; increase for large projects.
      AdvancedBUILD_JOB_TTL_SECONDS3600Completed build Pod retention; increase for a longer log window.
      AdvancedBUILD_CACHE_ENABLEDfalseBuild cache switch; enable for faster repeated builds.
      AdvancedBUILD_CACHE_TAGbuildcacheBuild cache tag; change to isolate cache.
      AdvancedBUILD_NPM_REGISTRYEmptynpm registry; set when using an internal mirror.
      AdvancedBUILD_PRIVATE_EGRESS_CIDRSEmptyExtra private CIDRs in restricted mode.
      AdvancedBUILD_PRIVATE_EGRESS_PORTS443Private allowlist ports in restricted mode; use ports like 5000 or 8081 for non-standard registries.
      AdvancedBUILD_BLOCKED_EGRESS_CIDRSEmptyExtra blocked CIDRs in restricted mode.