Skip to content

Commit 5083d16

Browse files
isshaddadisshaddad
authored
docs: adds relevant env vars to self hosting docs (#3148)
1 parent 8399aa2 commit 5083d16

1 file changed

Lines changed: 21 additions & 4 deletions

File tree

docs/self-hosting/env/webapp.mdx

Lines changed: 21 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@ mode: "wide"
3636
| `REDIS_TLS_DISABLED` | No || Disable Redis TLS. |
3737
| **Auth** | | | |
3838
| `WHITELISTED_EMAILS` | No || Whitelisted emails regex. |
39+
| `LOGIN_RATE_LIMITS_ENABLED` | No | true | Enable rate limiting on magic-link login. |
3940
| `AUTH_GITHUB_CLIENT_ID` | No || GitHub client ID. |
4041
| `AUTH_GITHUB_CLIENT_SECRET` | No || GitHub client secret. |
4142
| **Email** | | | |
@@ -59,6 +60,8 @@ mode: "wide"
5960
| **Concurrency limits** | | | |
6061
| `DEFAULT_ENV_EXECUTION_CONCURRENCY_LIMIT` | No | 100 | Default env execution concurrency. |
6162
| `DEFAULT_ORG_EXECUTION_CONCURRENCY_LIMIT` | No | 300 | Default org execution concurrency, needs to be 3x env concurrency. |
63+
| `DEFAULT_ENV_EXECUTION_CONCURRENCY_BURST_FACTOR` | No | 1.0 | Burst factor for env concurrency. |
64+
| `DEFAULT_DEV_ENV_EXECUTION_ATTEMPTS` | No | 1 | Default max attempts for dev environment runs. |
6265
| **Dev** | | | |
6366
| `DEV_MAX_CONCURRENT_RUNS` | No | 25 | Sets the max concurrency for dev runs via the CLI. |
6467
| `DEV_OTEL_EXPORTER_OTLP_ENDPOINT` | No | `APP_ORIGIN/otel` | OTel endpoint for dev runs. |
@@ -79,18 +82,25 @@ mode: "wide"
7982
| `DEPLOY_REGISTRY_ECR_DEFAULT_REPOSITORY_POLICY` | No || Raw IAM policy JSON applied via SetRepositoryPolicy to every ECR repo created by the webapp. Use to grant cross-account pull access to EKS workers when the ECR account is separate from the cluster account. |
8083
| `DEPLOY_IMAGE_PLATFORM` | No | linux/amd64 | Deploy image platform, same values as docker `--platform` flag. |
8184
| `DEPLOY_TIMEOUT_MS` | No | 480000 (8m) | Deploy timeout (ms). |
85+
| `DEPLOY_QUEUE_TIMEOUT_MS` | No | 900000 (15m) | Deploy queue timeout (ms). |
8286
| **Object store (S3)** | | | |
8387
| `OBJECT_STORE_BASE_URL` | No || Object store base URL (default provider). |
88+
| `OBJECT_STORE_BUCKET` | No || Object store bucket name (default provider). |
8489
| `OBJECT_STORE_ACCESS_KEY_ID` | No || Object store access key (default provider). |
8590
| `OBJECT_STORE_SECRET_ACCESS_KEY` | No || Object store secret key (default provider). |
8691
| `OBJECT_STORE_REGION` | No || Object store region (default provider). |
8792
| `OBJECT_STORE_SERVICE` | No | s3 | Object store service (default provider). |
88-
| `OBJECT_STORE_DEFAULT_PROTOCOL` | No || Protocol to use for new uploads (e.g., `s3`, `r2`). Enables protocol-prefixed storage. See migration guide below. |
89-
| `OBJECT_STORE_{PROTOCOL}_BASE_URL` | No || Named provider base URL (replace `{PROTOCOL}` with protocol name, e.g., `OBJECT_STORE_S3_BASE_URL`). |
93+
| `OBJECT_STORE_DEFAULT_PROTOCOL` | No || Protocol for new uploads (e.g. `s3`, `r2`). Enables protocol-prefixed storage. See migration guide below. |
94+
| `OBJECT_STORE_{PROTOCOL}_BASE_URL` | No || Named provider base URL (replace `{PROTOCOL}`, e.g. `OBJECT_STORE_S3_BASE_URL`). |
9095
| `OBJECT_STORE_{PROTOCOL}_ACCESS_KEY_ID` | No || Named provider access key. |
9196
| `OBJECT_STORE_{PROTOCOL}_SECRET_ACCESS_KEY` | No || Named provider secret key. |
9297
| `OBJECT_STORE_{PROTOCOL}_REGION` | No || Named provider region. |
9398
| `OBJECT_STORE_{PROTOCOL}_SERVICE` | No || Named provider service. |
99+
| `ARTIFACTS_OBJECT_STORE_BUCKET` | No || Optional separate bucket for artifacts. If not set, uses main object store. |
100+
| `ARTIFACTS_OBJECT_STORE_BASE_URL` | No || Optional artifacts store base URL. |
101+
| `ARTIFACTS_OBJECT_STORE_ACCESS_KEY_ID` | No || Optional artifacts store access key. |
102+
| `ARTIFACTS_OBJECT_STORE_SECRET_ACCESS_KEY` | No || Optional artifacts store secret key. |
103+
| `ARTIFACTS_OBJECT_STORE_REGION` | No || Optional artifacts store region. |
94104
| **Alerts** | | | |
95105
| `ORG_SLACK_INTEGRATION_CLIENT_ID` | No || Slack client ID. Required for Slack alerts. |
96106
| `ORG_SLACK_INTEGRATION_CLIENT_SECRET` | No || Slack client secret. Required for Slack alerts. |
@@ -107,12 +117,14 @@ mode: "wide"
107117
| `TASK_PAYLOAD_OFFLOAD_THRESHOLD` | No | 524288 (512KB) | Max task payload size before offloading to S3. |
108118
| `TASK_PAYLOAD_MAXIMUM_SIZE` | No | 3145728 (3MB) | Max task payload size. |
109119
| `BATCH_TASK_PAYLOAD_MAXIMUM_SIZE` | No | 1000000 (1MB) | Max batch payload size. |
120+
| `BATCH_CONCURRENCY_LIMIT_DEFAULT` | No | 5 | Default concurrency for batch processing. |
121+
| `BATCH_RATE_LIMIT_REFILL_RATE` | No | 100 | Batch rate limit refill rate. |
122+
| `BATCH_RATE_LIMIT_MAX` | No | 1200 | Batch rate limit max. |
123+
| `BATCH_RATE_LIMIT_REFILL_INTERVAL` | No | 10s | Batch rate limit refill interval. |
110124
| `TASK_RUN_METADATA_MAXIMUM_SIZE` | No | 262144 (256KB) | Max metadata size. |
111125
| `MAX_BATCH_V2_TRIGGER_ITEMS` | No | 500 | Max batch size (legacy v2 API). |
112126
| `STREAMING_BATCH_MAX_ITEMS` | No | 1000 | Max items in streaming batch (v3 API, requires SDK 4.3.1+). |
113127
| `STREAMING_BATCH_ITEM_MAXIMUM_SIZE` | No | 3145728 (3MB) | Max size per item in streaming batch. |
114-
| `MAXIMUM_DEV_QUEUE_SIZE` | No || Max dev queue size. |
115-
| `MAXIMUM_DEPLOYED_QUEUE_SIZE` | No || Max deployed queue size. |
116128
| **OTel limits** | | | |
117129
| `TRIGGER_OTEL_SPAN_ATTRIBUTE_COUNT_LIMIT` | No | 1024 | OTel span attribute count limit. |
118130
| `TRIGGER_OTEL_LOG_ATTRIBUTE_COUNT_LIMIT` | No | 1024 | OTel log attribute count limit. |
@@ -126,6 +138,7 @@ mode: "wide"
126138
| **Task events** | | | |
127139
| `EVENT_REPOSITORY_DEFAULT_STORE` | No | postgres | Where to store task events. Set to `clickhouse_v2` to store in ClickHouse (recommended for production). |
128140
| **Realtime** | | | |
141+
| `REALTIME_STREAM_VERSION` | No | v1 | Realtime stream protocol version. One of `v1`, `v2`. |
129142
| `REALTIME_STREAM_MAX_LENGTH` | No | 1000 | Realtime stream max length. |
130143
| `REALTIME_STREAM_TTL` | No | 86400 (1d) | Realtime stream TTL (s). |
131144
| **Bootstrap** | | | |
@@ -149,6 +162,8 @@ mode: "wide"
149162
| `MAXIMUM_DEV_QUEUE_SIZE` | No || Maximum queued runs per queue in development environments. |
150163
| `MAXIMUM_DEPLOYED_QUEUE_SIZE` | No || Maximum queued runs per queue in deployed (staging/prod) environments. |
151164
| **Misc** | | | |
165+
| `PROVIDER_SECRET` | No | provider-secret | Secret for provider auth. **Must be set to a secure value in self-hosted/production**; the default is insecure. |
166+
| `COORDINATOR_SECRET` | No | coordinator-secret | Secret for coordinator auth. **Must be set to a secure value in self-hosted/production**; the default is insecure. |
152167
| `TRIGGER_TELEMETRY_DISABLED` | No || Disable telemetry. |
153168
| `NODE_MAX_OLD_SPACE_SIZE` | No | 8192 | Maximum memory allocation for Node.js heap in MiB (e.g. "4096" for 4GB). |
154169
| `OPENAI_API_KEY` | No || OpenAI API key. |
@@ -236,6 +251,7 @@ Restart the webapp and verify both providers work:
236251

237252
- Old runs (no prefix) should still access R2
238253
- New runs with `s3://` prefix should use S3
254+
239255
</Step>
240256

241257
<Step title="Switch to S3 for new uploads">
@@ -250,6 +266,7 @@ After this change:
250266
- New data uses `s3://` prefix and goes to S3
251267
- Old data (no prefix) still uses R2
252268
- Data with explicit protocol uses the corresponding provider
269+
253270
</Step>
254271

255272
<Step title="Optionally decommission R2">

0 commit comments

Comments
 (0)