Docker Self-Hosting
Deploy Tymeslot with Docker Compose on any VPS or home server. Includes reverse proxy setup, file upload volumes, and WebSocket configuration for LiveView.
Back to Overview
Environment Variables Reference
Complete reference for all Tymeslot environment variables — required settings, defaults, and examples.
Luka Breitig
Technical Product Builder & AI Developer
⚙️ Core Application
SECRET_KEY_BASE
Required
64+ character secret used for session encryption and signing. Generate with the command shown in the example.
Default: none ·
Example: openssl rand -base64 64 | tr -d '\\n'
PHX_HOST
Required
Your domain name without the protocol prefix.
Default: none ·
Example: tymeslot.yourdomain.com
PORT
Optional
HTTP port for the application server to listen on.
Default: 4000 ·
Example: 4000
DEPLOYMENT_TYPE
Optional
Deployment variant. Set to docker
or cloudron
to control deployment-specific behaviour.
Default: auto-detected ·
Example: docker
REGISTRATION_ENABLED
Optional
Set to false
to disable new user registration on this instance.
Default: true ·
Example: false
PASSWORD_AUTH_ENABLED
Optional
Set to false
to disable email/password login entirely. The login form, sign-up page, and password reset flow are hidden; only OAuth login is available. Useful for SSO-only deployments where all users must authenticate through an identity provider.
Default: true ·
Example: false
LISTEN_IP
Optional
IP address to bind the HTTP server. Default ::
enables IPv4+IPv6 dual-stack.
Default: :: ·
Example: 0.0.0.0
URL_SCHEME
Optional
Request scheme used in generated URLs. Set to https
for production.
Default: https ·
Example: https
WS_ALLOWED_ORIGINS
Optional
Comma-separated list of origins allowed to open WebSocket connections.
Default: derived from PHX_HOST ·
Example: tymeslot.yourdomain.com,app.example.com
🗄️ Database
DATABASE_HOST
Optional
PostgreSQL server hostname.
Default: localhost ·
Example: db.internal
DATABASE_PORT
Optional
PostgreSQL server port.
Default: 5432 ·
Example: 5432
POSTGRES_DB
Optional
Database name.
Default: tymeslot ·
Example: tymeslot
POSTGRES_USER
Optional
Database user.
Default: tymeslot ·
Example: tymeslot
POSTGRES_PASSWORD
Required
Database password.
Default: none ·
Example: a_secure_password
DATABASE_POOL_SIZE
Optional
PostgreSQL connection pool size. Reduce for resource-constrained environments.
Default: 60 ·
Example: 20
✉️ Email
EMAIL_ADAPTER
Optional
Email delivery method. Use smtp
or postmark. Defaults to
smtp
if not set.
Default: smtp ·
Example: smtp
Cloudron Users
On Cloudron, email is configured automatically via the sendmail addon. You don't need to set
EMAIL_ADAPTER, SMTP_*, or
EMAIL_FROM_*
variables. Set
EMAIL_ADAPTER
explicitly only if you want to use a different provider.
EMAIL_FROM_NAME
Required
Sender display name shown in email clients.
Default: none ·
Example: Your Company
EMAIL_FROM_ADDRESS
Required
Sender email address.
Default: none ·
Example: hello@yourdomain.com
EMAIL_SUPPORT_ADDRESS
Optional
Support contact email. Defaults to
EMAIL_FROM_ADDRESS
if not set.
Default: EMAIL_FROM_ADDRESS ·
Example: support@yourdomain.com
SMTP_HOST
Optional
Required for SMTP adapter. SMTP server hostname.
Default: none ·
Example: smtp.gmail.com
SMTP_PORT
Optional
SMTP server port. Use 587 for STARTTLS (recommended) or 465 for SMTPS.
Default: 587 ·
Example: 587
SMTP_USERNAME
Optional
Required for SMTP adapter. SMTP authentication username.
Default: none ·
Example: hello@yourdomain.com
SMTP_PASSWORD
Optional
Required for SMTP adapter. SMTP authentication password or app password.
Default: none ·
Example: your_smtp_password
POSTMARK_API_KEY
Optional
Required for Postmark adapter. Server API token from your Postmark dashboard.
Default: none ·
Example: your-server-api-token
🔑 Google OAuth
ENABLE_GOOGLE_AUTH
Optional
Set to true
to show a "Sign in with Google" button on the login page.
Default: false ·
Example: true
GOOGLE_CLIENT_ID
Optional
Required to use Google Login, Google Calendar, or Google Meet. OAuth client ID from Google Cloud Console.
Default: none ·
Example: 123456-abc.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET
Optional
Required to use Google features. OAuth client secret from Google Cloud Console.
Default: none ·
Example: GOCSPX-your-secret
GOOGLE_STATE_SECRET
Optional
Required to use Google features. Random secret for OAuth CSRF state verification.
Default: none ·
Example: openssl rand -hex 32
🔑 Microsoft OAuth
OUTLOOK_CLIENT_ID
Optional
Required to use Outlook Calendar or Microsoft Teams. Azure app Application (client) ID.
Default: none ·
Example: your-azure-app-client-id
OUTLOOK_CLIENT_SECRET
Optional
Required to use Microsoft features. Azure app client secret value.
Default: none ·
Example: your-client-secret-value
OUTLOOK_STATE_SECRET
Optional
Required to use Microsoft features. Random secret for OAuth CSRF state verification.
Default: none ·
Example: openssl rand -hex 32
🔑 GitHub OAuth
ENABLE_GITHUB_AUTH
Optional
Set to true
to show a "Sign in with GitHub" button on the login page.
Default: false ·
Example: true
GITHUB_CLIENT_ID
Optional
Required for GitHub Login. OAuth app client ID from GitHub Developer settings.
Default: none ·
Example: your_client_id
GITHUB_CLIENT_SECRET
Optional
Required for GitHub Login. OAuth app client secret.
Default: none ·
Example: your_client_secret
🔑 Generic OAuth / OIDC SSO
ENABLE_OAUTH_AUTH
Optional
Set to true
to show an "SSO" button on the login page.
Default: false ·
Example: true
Cloudron Users
On Cloudron, SSO is enabled automatically via the OIDC addon — users can log in with their Cloudron account. You don't need to set any
OAUTH_*
variables. Set
ENABLE_OAUTH_AUTH=false
to disable SSO entirely.
OAUTH_CLIENT_ID
Optional
OAuth 2.0 client ID registered with your identity provider.
Default: none ·
Example: tymeslot
OAUTH_CLIENT_SECRET
Optional
OAuth 2.0 client secret from your identity provider.
Default: none ·
Example: your-client-secret
OAUTH_PROVIDER_URL
Optional
Base URL of your identity provider. Used as the OAuth 2.0
site
parameter.
Default: none ·
Example: https://idp.example.com
OAUTH_AUTHORIZE_URL
Optional
Full URL of the authorization endpoint.
Default: none ·
Example: https://idp.example.com/authorize
OAUTH_TOKEN_URL
Optional
Full URL of the token endpoint.
Default: none ·
Example: https://idp.example.com/token
OAUTH_USERINFO_URL
Optional
Full URL of the userinfo endpoint. Must return a JSON object with a
sub
claim (or id/user_id if
OAUTH_ALLOW_ID_FALLBACK
is enabled).
Default: none ·
Example: https://idp.example.com/userinfo
OAUTH_SCOPE
Optional
Space-separated list of OAuth scopes to request.
Default: openid email profile ·
Example: openid email profile groups
OAUTH_ALLOW_ID_FALLBACK
Optional
Set to true
to accept id
or user_id
claims when the IdP does not return a standard sub
claim. Only enable this for non-OIDC providers.
Default: false ·
Example: true
🛡️ reCAPTCHA
RECAPTCHA_SITE_KEY
Optional
Required to enable reCAPTCHA. v3 site key from Google reCAPTCHA admin console.
Default: none ·
Example: 6Le-your-site-key
RECAPTCHA_SECRET_KEY
Optional
Required to enable reCAPTCHA. v3 secret key from Google reCAPTCHA admin console.
Default: none ·
Example: 6Le-your-secret-key
RECAPTCHA_SIGNUP_ENABLED
Optional
Enable reCAPTCHA score verification on the signup form.
Default: false ·
Example: true
RECAPTCHA_SIGNUP_MIN_SCORE
Optional
Minimum reCAPTCHA score (0.0–1.0) required to pass signup. Higher is more strict.
Default: 0.3 ·
Example: 0.5
RECAPTCHA_BOOKING_ENABLED
Optional
Enable reCAPTCHA score verification on booking forms.
Default: false ·
Example: true
RECAPTCHA_BOOKING_MIN_SCORE
Optional
Minimum reCAPTCHA score required to submit a booking.
Default: 0.3 ·
Example: 0.3
RECAPTCHA_EXPECTED_HOSTNAMES
Optional
Comma-separated list of hostnames from which reCAPTCHA tokens are accepted. Prevents token replay attacks.
Default: none ·
Example: tymeslot.yourdomain.com
✈️ Telegram Notifications
TELEGRAM_BOT_TOKEN
Optional
Bot token from @BotFather. Setting this variable enables shared bot mode — all three Telegram variables must be set together. The application refuses to start if the token is set but the other two are missing.
Default: none ·
Example: 123456789:ABCdef...
TELEGRAM_BOT_USERNAME
Optional
Username of the bot (without the @
prefix). Required when TELEGRAM_BOT_TOKEN
is set.
Default: none ·
Example: MyTymeslotBot
TELEGRAM_WEBHOOK_SECRET
Optional
Random secret passed to Telegram's setWebhook
API and verified on every incoming webhook call. Required when
TELEGRAM_BOT_TOKEN
is set.
Default: none ·
Example: openssl rand -hex 32
TELEGRAM_ENABLED
Optional
Set to true
to enable Telegram in own-bot mode (each user supplies their own bot token and chat ID). Only effective when
TELEGRAM_BOT_TOKEN
is not
set — setting the token automatically enables shared bot mode regardless of this flag.
Default: false ·
Example: true
🚨 Admin Alerts
ADMIN_ALERTS_ENABLED
Optional
Set to true
to receive operational alert emails for webhook processing failures, integration health issues, and background job errors. Requires
ADMIN_ALERT_EMAIL
to be set.
Default: false ·
Example: true
ADMIN_ALERT_EMAIL
Optional
Recipient address that admin alert emails are delivered to. Required when
ADMIN_ALERTS_ENABLED=true
— without it, alerts are logged but no email is sent.
Default: none ·
Example: admin@yourdomain.com
🔀 HTTP Proxy
HTTPS_PROXY
Optional
Route HTTPS outbound requests through this proxy. Also accepts lowercase https_proxy.
Default: none ·
Example: http://proxy.corp.com:3128
HTTP_PROXY
Optional
Route HTTP outbound requests through this proxy. Also accepts lowercase http_proxy.
Default: none ·
Example: http://proxy.corp.com:3128
NO_PROXY
Optional
Comma-separated list of hosts, IP addresses, or CIDR ranges that bypass the proxy. Also accepts lowercase no_proxy.
Default: none ·
Example: localhost,127.0.0.1,10.0.0.0/8
🌐 Clustering
DNS_CLUSTER_QUERY
Optional
DNS query used for Erlang cluster node discovery in multi-node deployments.
Default: none ·
Example: tymeslot.internal
Minimum Configuration
A minimal Docker deployment only requires:
SECRET_KEY_BASE, PHX_HOST, POSTGRES_PASSWORD, and email configuration (EMAIL_FROM_NAME, EMAIL_FROM_ADDRESS, and SMTP or Postmark credentials). All other variables have defaults or are feature-specific.
❓ Frequently Asked Questions
What is the minimum set of environment variables I need to run Tymeslot?
For a Docker deployment you need five variables to start the application:
-
SECRET_KEY_BASE— required for session signing -
PHX_HOST— your public domain name -
POSTGRES_PASSWORD— the only truly required database variable; hostname, name, and user all have defaults -
EMAIL_FROM_NAMEandEMAIL_FROM_ADDRESS— required for outbound email
Plus credentials for your chosen email adapter — SMTP variables if using the default adapter, or
POSTMARK_API_KEY
if using Postmark.
How do I generate a value for SECRET_KEY_BASE?
Run either of these commands and paste the output as the variable value:
mix phx.gen.secret
— requires an Elixir installation
openssl rand -base64 64 | tr -d '\n'
— works on any system with OpenSSL
The value must be at least 64 characters long. Never reuse a value across environments and never commit it to version control.
Can I use a .env file instead of setting environment variables directly?
Yes. Docker Compose automatically loads a
.env
file placed in the same directory as your docker-compose.yml. Variables defined there are substituted into the Compose file and passed to containers.
In production, prefer your platform's secret management — Cloudron's environment panel, Railway's variables UI, or a secrets manager — rather than committing a
.env
file to your repository.
What format should DATABASE_URL be in?
Tymeslot's Docker deployment uses individual variables (DATABASE_HOST, POSTGRES_DB, etc.) rather than a single connection URL. If you are on Cloudron, the platform injects its own
CLOUDRON_POSTGRESQL_*
variables automatically — you do not need to set any database variables manually.
If your hosting platform provides a single URL and you need to break it apart, the standard PostgreSQL format is:
postgres://username:password@hostname:5432/database_name
I changed an environment variable but the application behaviour did not change — why?
Environment variables are read at startup only. A running container retains the values it was started with regardless of any later changes to your
.env
file or platform configuration.
Restart the container after every environment variable change:
docker-compose restart tymeslot
(or a full
docker-compose up -d
to pick up changes to the Compose file itself).
🔗 Related Articles
Cloudron Deployment
Install Tymeslot on Cloudron in minutes. PostgreSQL, SSL certificates, email relay, and automatic updates are all provisioned and managed for you.
Railway Deployment
Deploy Tymeslot to Railway with one click. PostgreSQL is provisioned and connected automatically — set two environment variables and your instance is live.