The Community Edition server is configured via environment variables in deploy/.env.community. Copy deploy/.env.community.example as a starting point.
Environment variables
Database
| Variable | Type | Default | Description |
|---|
DB_NAME | string | sielum | PostgreSQL database name |
DB_USER | string | sielum_app | PostgreSQL username |
DB_PASSWORD | string | required | PostgreSQL password. Min 32 chars. Generate: openssl rand -base64 32 |
DB_HOST | string | postgres | PostgreSQL host (container name in Docker Compose) |
DB_PORT | string | 5432 | PostgreSQL port |
| Variable | Type | Default | Description |
|---|
ADMIN_PASSWORD | string | required | Password for the built-in admin user. Min 12 chars. |
JWT_SECRET | string | required | HMAC secret for signing local JWTs. Generate: openssl rand -base64 48 |
Server
| Variable | Type | Default | Description |
|---|
LOG_LEVEL | debug|info|warn|error | info | Log verbosity |
GRPC_PORT | integer | 9090 | gRPC port for agent communication (mTLS) |
API_PORT | integer | 8080 | Internal REST API port (proxied via nginx) |
mTLS Certificates
| Variable | Type | Default | Description |
|---|
SERVER_CERT_FILE | path | /etc/certs/server.crt | Server TLS certificate |
SERVER_KEY_FILE | path | /etc/certs/server.key | Server TLS private key |
CA_CERT_FILE | path | /etc/certs/ca.crt | CA certificate to verify agent client certs |
Paths are relative to the container (volume-mounted from deploy/certs/).
Agent Enrollment
| Variable | Type | Default | Description |
|---|
ENROLLMENT_TOKEN | string | — | Shared secret for device certificate enrollment. Required to enable /api/enroll. Generate: openssl rand -base64 32 |
Additionally, start the backend with --ca-key /etc/certs/ca.key to enable the signing endpoint.
Alert Notifications
| Variable | Type | Default | Description |
|---|
SMTP_HOST | string | — | SMTP server hostname |
SMTP_PORT | integer | 587 | SMTP port (587=STARTTLS, 25=plain) |
SMTP_TLS | bool | true | Enable STARTTLS |
SMTP_USER | string | — | SMTP username |
SMTP_PASSWORD | string | — | SMTP password |
ALERT_FROM_EMAIL | string | — | Sender address for alert emails |
ALERT_TO_EMAIL | string | — | Recipient(s), comma-separated |
WEBHOOK_URL | string | — | Webhook URL (Slack/Teams/custom) |
ALERT_DEDUP_MINUTES | integer | 30 | Minutes before resending an identical alert |
All three of SMTP_HOST, ALERT_FROM_EMAIL, ALERT_TO_EMAIL must be set to enable email notifications.
GDPR Data Retention
| Variable | Type | Default | Description |
|---|
DATA_RETENTION_DAYS | integer | 90 | Days to retain telemetry data. Range: 7–3650 |
CLI flags
The backend binary also accepts CLI flags (passed via Docker Compose command):
| Flag | Description |
|---|
--ca | Path to CA certificate |
--cert | Path to server TLS certificate |
--key | Path to server TLS private key |
--ca-key | Path to CA private key (enables enrollment endpoint) |