Back to Overview

Environment Variables Reference

Complete reference for all Tymeslot environment variables — required settings, defaults, and examples.

Luka Breitig — Technical Product Builder & AI Developer
Luka Breitig

Technical Product Builder & AI Developer

⚙️ Core Application

SECRET_KEY_BASE Required

64+ character secret used for session encryption and signing. Generate with the command shown in the example.

Default: none  ·  Example: openssl rand -base64 64 | tr -d '\\n'

PHX_HOST Required

Your domain name without the protocol prefix.

Default: none  ·  Example: tymeslot.yourdomain.com

PORT Optional

HTTP port for the application server to listen on.

Default: 4000  ·  Example: 4000

DEPLOYMENT_TYPE Optional

Deployment variant. Set to docker or cloudron to control deployment-specific behaviour.

Default: auto-detected  ·  Example: docker

REGISTRATION_ENABLED Optional

Set to false to disable new user registration on this instance.

Default: true  ·  Example: false

LISTEN_IP Optional

IP address to bind the HTTP server. Default :: enables IPv4+IPv6 dual-stack.

Default: ::  ·  Example: 0.0.0.0

URL_SCHEME Optional

Request scheme used in generated URLs. Set to https for production.

Default: https  ·  Example: https

WS_ALLOWED_ORIGINS Optional

Comma-separated list of origins allowed to open WebSocket connections.

Default: derived from PHX_HOST  ·  Example: tymeslot.yourdomain.com,app.example.com

🗄️ Database

DATABASE_HOST Optional

PostgreSQL server hostname.

Default: localhost  ·  Example: db.internal

DATABASE_PORT Optional

PostgreSQL server port.

Default: 5432  ·  Example: 5432

POSTGRES_DB Optional

Database name.

Default: tymeslot  ·  Example: tymeslot

POSTGRES_USER Optional

Database user.

Default: tymeslot  ·  Example: tymeslot

POSTGRES_PASSWORD Required

Database password.

Default: none  ·  Example: a_secure_password

DATABASE_POOL_SIZE Optional

PostgreSQL connection pool size. Reduce for resource-constrained environments.

Default: 60  ·  Example: 20

✉️ Email

EMAIL_ADAPTER Optional

Email delivery method. Use smtp or postmark. Defaults to smtp if not set.

Default: smtp  ·  Example: smtp

EMAIL_FROM_NAME Required

Sender display name shown in email clients.

Default: none  ·  Example: Your Company

EMAIL_FROM_ADDRESS Required

Sender email address.

Default: none  ·  Example: hello@yourdomain.com

EMAIL_SUPPORT_ADDRESS Optional

Support contact email. Defaults to EMAIL_FROM_ADDRESS if not set.

Default: EMAIL_FROM_ADDRESS  ·  Example: support@yourdomain.com

SMTP_HOST Optional

Required for SMTP adapter. SMTP server hostname.

Default: none  ·  Example: smtp.gmail.com

SMTP_PORT Optional

SMTP server port. Use 587 for STARTTLS (recommended) or 465 for SMTPS.

Default: 587  ·  Example: 587

SMTP_USERNAME Optional

Required for SMTP adapter. SMTP authentication username.

Default: none  ·  Example: hello@yourdomain.com

SMTP_PASSWORD Optional

Required for SMTP adapter. SMTP authentication password or app password.

Default: none  ·  Example: your_smtp_password

POSTMARK_API_KEY Optional

Required for Postmark adapter. Server API token from your Postmark dashboard.

Default: none  ·  Example: your-server-api-token

🔑 Google OAuth

ENABLE_GOOGLE_AUTH Optional

Set to true to show a "Sign in with Google" button on the login page.

Default: false  ·  Example: true

GOOGLE_CLIENT_ID Optional

Required to use Google Login, Google Calendar, or Google Meet. OAuth client ID from Google Cloud Console.

Default: none  ·  Example: 123456-abc.apps.googleusercontent.com

GOOGLE_CLIENT_SECRET Optional

Required to use Google features. OAuth client secret from Google Cloud Console.

Default: none  ·  Example: GOCSPX-your-secret

GOOGLE_STATE_SECRET Optional

Required to use Google features. Random secret for OAuth CSRF state verification.

Default: none  ·  Example: openssl rand -hex 32

🔑 Microsoft OAuth

OUTLOOK_CLIENT_ID Optional

Required to use Outlook Calendar or Microsoft Teams. Azure app Application (client) ID.

Default: none  ·  Example: your-azure-app-client-id

OUTLOOK_CLIENT_SECRET Optional

Required to use Microsoft features. Azure app client secret value.

Default: none  ·  Example: your-client-secret-value

OUTLOOK_STATE_SECRET Optional

Required to use Microsoft features. Random secret for OAuth CSRF state verification.

Default: none  ·  Example: openssl rand -hex 32

🔑 GitHub OAuth

ENABLE_GITHUB_AUTH Optional

Set to true to show a "Sign in with GitHub" button on the login page.

Default: false  ·  Example: true

GITHUB_CLIENT_ID Optional

Required for GitHub Login. OAuth app client ID from GitHub Developer settings.

Default: none  ·  Example: your_client_id

GITHUB_CLIENT_SECRET Optional

Required for GitHub Login. OAuth app client secret.

Default: none  ·  Example: your_client_secret

🔑 Generic OAuth / OIDC SSO

ENABLE_OAUTH_AUTH Optional

Set to true to show an "SSO" button on the login page.

Default: false  ·  Example: true

OAUTH_CLIENT_ID Optional

OAuth 2.0 client ID registered with your identity provider.

Default: none  ·  Example: tymeslot

OAUTH_CLIENT_SECRET Optional

OAuth 2.0 client secret from your identity provider.

Default: none  ·  Example: your-client-secret

OAUTH_PROVIDER_URL Optional

Base URL of your identity provider. Used as the OAuth 2.0 site parameter.

Default: none  ·  Example: https://idp.example.com

OAUTH_AUTHORIZE_URL Optional

Full URL of the authorization endpoint.

Default: none  ·  Example: https://idp.example.com/authorize

OAUTH_TOKEN_URL Optional

Full URL of the token endpoint.

Default: none  ·  Example: https://idp.example.com/token

OAUTH_USERINFO_URL Optional

Full URL of the userinfo endpoint. Must return a JSON object with a sub claim (or id/user_id if OAUTH_ALLOW_ID_FALLBACK is enabled).

Default: none  ·  Example: https://idp.example.com/userinfo

OAUTH_SCOPE Optional

Space-separated list of OAuth scopes to request.

Default: openid email profile  ·  Example: openid email profile groups

OAUTH_ALLOW_ID_FALLBACK Optional

Set to true to accept id or user_id claims when the IdP does not return a standard sub claim. Only enable this for non-OIDC providers.

Default: false  ·  Example: true

🛡️ reCAPTCHA

RECAPTCHA_SITE_KEY Optional

Required to enable reCAPTCHA. v3 site key from Google reCAPTCHA admin console.

Default: none  ·  Example: 6Le-your-site-key

RECAPTCHA_SECRET_KEY Optional

Required to enable reCAPTCHA. v3 secret key from Google reCAPTCHA admin console.

Default: none  ·  Example: 6Le-your-secret-key

RECAPTCHA_SIGNUP_ENABLED Optional

Enable reCAPTCHA score verification on the signup form.

Default: false  ·  Example: true

RECAPTCHA_SIGNUP_MIN_SCORE Optional

Minimum reCAPTCHA score (0.0–1.0) required to pass signup. Higher is more strict.

Default: 0.3  ·  Example: 0.5

RECAPTCHA_BOOKING_ENABLED Optional

Enable reCAPTCHA score verification on booking forms.

Default: false  ·  Example: true

RECAPTCHA_BOOKING_MIN_SCORE Optional

Minimum reCAPTCHA score required to submit a booking.

Default: 0.3  ·  Example: 0.3

RECAPTCHA_EXPECTED_HOSTNAMES Optional

Comma-separated list of hostnames from which reCAPTCHA tokens are accepted. Prevents token replay attacks.

Default: none  ·  Example: tymeslot.yourdomain.com

🔀 HTTP Proxy

HTTPS_PROXY Optional

Route HTTPS outbound requests through this proxy. Also accepts lowercase https_proxy.

Default: none  ·  Example: http://proxy.corp.com:3128

HTTP_PROXY Optional

Route HTTP outbound requests through this proxy. Also accepts lowercase http_proxy.

Default: none  ·  Example: http://proxy.corp.com:3128

NO_PROXY Optional

Comma-separated list of hosts, IP addresses, or CIDR ranges that bypass the proxy. Also accepts lowercase no_proxy.

Default: none  ·  Example: localhost,127.0.0.1,10.0.0.0/8

🌐 Clustering

DNS_CLUSTER_QUERY Optional

DNS query used for Erlang cluster node discovery in multi-node deployments.

Default: none  ·  Example: tymeslot.internal

Minimum Configuration

A minimal Docker deployment only requires: SECRET_KEY_BASE, PHX_HOST, POSTGRES_PASSWORD, and email configuration (EMAIL_FROM_NAME, EMAIL_FROM_ADDRESS, and SMTP or Postmark credentials). All other variables have defaults or are feature-specific.

Frequently Asked Questions

What is the minimum set of environment variables I need to run Tymeslot?

For a Docker deployment you need five variables to start the application:

  • SECRET_KEY_BASE — required for session signing
  • PHX_HOST — your public domain name
  • POSTGRES_PASSWORD — the only truly required database variable; hostname, name, and user all have defaults
  • EMAIL_FROM_NAME and EMAIL_FROM_ADDRESS — required for outbound email

Plus credentials for your chosen email adapter — SMTP variables if using the default adapter, or POSTMARK_API_KEY if using Postmark.

How do I generate a value for SECRET_KEY_BASE?

Run either of these commands and paste the output as the variable value:

mix phx.gen.secret — requires an Elixir installation

openssl rand -base64 64 | tr -d '\n' — works on any system with OpenSSL

The value must be at least 64 characters long. Never reuse a value across environments and never commit it to version control.

Can I use a .env file instead of setting environment variables directly?

Yes. Docker Compose automatically loads a .env file placed in the same directory as your docker-compose.yml. Variables defined there are substituted into the Compose file and passed to containers.

In production, prefer your platform's secret management — Cloudron's environment panel, Railway's variables UI, or a secrets manager — rather than committing a .env file to your repository.

What format should DATABASE_URL be in?

Tymeslot's Docker deployment uses individual variables (DATABASE_HOST, POSTGRES_DB, etc.) rather than a single connection URL. If you are on Cloudron, the platform injects its own CLOUDRON_POSTGRESQL_* variables automatically — you do not need to set any database variables manually.

If your hosting platform provides a single URL and you need to break it apart, the standard PostgreSQL format is: postgres://username:password@hostname:5432/database_name

I changed an environment variable but the application behaviour did not change — why?

Environment variables are read at startup only. A running container retains the values it was started with regardless of any later changes to your .env file or platform configuration.

Restart the container after every environment variable change: docker-compose restart tymeslot (or a full docker-compose up -d to pick up changes to the Compose file itself).

🔗 Related Articles

Read Docker Self-Hosting

Docker Self-Hosting

Deploy Tymeslot using Docker and Docker Compose. Perfect for VPS hosting, home servers, or any environment with Docker support.

Read Cloudron Deployment

Cloudron Deployment

One-click installation on Cloudron. Automated backups, SSL certificates, and updates handled automatically.

Read Reverse Proxy Setup

Reverse Proxy Setup

Run Tymeslot behind Nginx or Caddy with automatic HTTPS. Required for production deployments and OAuth integrations.