Back to Overview

Environment Variables Reference

Complete reference for all Tymeslot environment variables — required settings, defaults, and examples.

Luka Breitig — Technical Product Builder & AI Developer
Luka Breitig

Technical Product Builder & AI Developer

⚙️ Core Application

SECRET_KEY_BASE Required

64+ character secret used for session encryption and signing. Generate with the command shown in the example.

Default: none  ·  Example: openssl rand -base64 64 | tr -d '\\n'

PHX_HOST Required

Your domain name without the protocol prefix.

Default: none  ·  Example: tymeslot.yourdomain.com

PORT Optional

HTTP port for the application server to listen on.

Default: 4000  ·  Example: 4000

DEPLOYMENT_TYPE Optional

Deployment variant. Set to docker or cloudron to control deployment-specific behaviour.

Default: auto-detected  ·  Example: docker

REGISTRATION_ENABLED Optional

Set to false to disable new user registration on this instance.

Default: true  ·  Example: false

PASSWORD_AUTH_ENABLED Optional

Set to false to disable email/password login entirely. The login form, sign-up page, and password reset flow are hidden; only OAuth login is available. Useful for SSO-only deployments where all users must authenticate through an identity provider.

Default: true  ·  Example: false

LISTEN_IP Optional

IP address to bind the HTTP server. Default :: enables IPv4+IPv6 dual-stack.

Default: ::  ·  Example: 0.0.0.0

URL_SCHEME Optional

Request scheme used in generated URLs. Set to https for production.

Default: https  ·  Example: https

WS_ALLOWED_ORIGINS Optional

Comma-separated list of origins allowed to open WebSocket connections.

Default: derived from PHX_HOST  ·  Example: tymeslot.yourdomain.com,app.example.com

🗄️ Database

DATABASE_HOST Optional

PostgreSQL server hostname.

Default: localhost  ·  Example: db.internal

DATABASE_PORT Optional

PostgreSQL server port.

Default: 5432  ·  Example: 5432

POSTGRES_DB Optional

Database name.

Default: tymeslot  ·  Example: tymeslot

POSTGRES_USER Optional

Database user.

Default: tymeslot  ·  Example: tymeslot

POSTGRES_PASSWORD Required

Database password.

Default: none  ·  Example: a_secure_password

DATABASE_POOL_SIZE Optional

PostgreSQL connection pool size. Reduce for resource-constrained environments.

Default: 60  ·  Example: 20

✉️ Email

EMAIL_ADAPTER Optional

Email delivery method. Use smtp or postmark. Defaults to smtp if not set.

Default: smtp  ·  Example: smtp

Cloudron Users

On Cloudron, email is configured automatically via the sendmail addon. You don't need to set EMAIL_ADAPTER, SMTP_*, or EMAIL_FROM_* variables. Set EMAIL_ADAPTER explicitly only if you want to use a different provider.
EMAIL_FROM_NAME Required

Sender display name shown in email clients.

Default: none  ·  Example: Your Company

EMAIL_FROM_ADDRESS Required

Sender email address.

Default: none  ·  Example: hello@yourdomain.com

EMAIL_SUPPORT_ADDRESS Optional

Support contact email. Defaults to EMAIL_FROM_ADDRESS if not set.

Default: EMAIL_FROM_ADDRESS  ·  Example: support@yourdomain.com

SMTP_HOST Optional

Required for SMTP adapter. SMTP server hostname.

Default: none  ·  Example: smtp.gmail.com

SMTP_PORT Optional

SMTP server port. Use 587 for STARTTLS (recommended) or 465 for SMTPS.

Default: 587  ·  Example: 587

SMTP_USERNAME Optional

Required for SMTP adapter. SMTP authentication username.

Default: none  ·  Example: hello@yourdomain.com

SMTP_PASSWORD Optional

Required for SMTP adapter. SMTP authentication password or app password.

Default: none  ·  Example: your_smtp_password

POSTMARK_API_KEY Optional

Required for Postmark adapter. Server API token from your Postmark dashboard.

Default: none  ·  Example: your-server-api-token

🔑 Google OAuth

ENABLE_GOOGLE_AUTH Optional

Set to true to show a "Sign in with Google" button on the login page.

Default: false  ·  Example: true

GOOGLE_CLIENT_ID Optional

Required to use Google Login, Google Calendar, or Google Meet. OAuth client ID from Google Cloud Console.

Default: none  ·  Example: 123456-abc.apps.googleusercontent.com

GOOGLE_CLIENT_SECRET Optional

Required to use Google features. OAuth client secret from Google Cloud Console.

Default: none  ·  Example: GOCSPX-your-secret

GOOGLE_STATE_SECRET Optional

Required to use Google features. Random secret for OAuth CSRF state verification.

Default: none  ·  Example: openssl rand -hex 32

🔑 Microsoft OAuth

OUTLOOK_CLIENT_ID Optional

Required to use Outlook Calendar or Microsoft Teams. Azure app Application (client) ID.

Default: none  ·  Example: your-azure-app-client-id

OUTLOOK_CLIENT_SECRET Optional

Required to use Microsoft features. Azure app client secret value.

Default: none  ·  Example: your-client-secret-value

OUTLOOK_STATE_SECRET Optional

Required to use Microsoft features. Random secret for OAuth CSRF state verification.

Default: none  ·  Example: openssl rand -hex 32

🔑 GitHub OAuth

ENABLE_GITHUB_AUTH Optional

Set to true to show a "Sign in with GitHub" button on the login page.

Default: false  ·  Example: true

GITHUB_CLIENT_ID Optional

Required for GitHub Login. OAuth app client ID from GitHub Developer settings.

Default: none  ·  Example: your_client_id

GITHUB_CLIENT_SECRET Optional

Required for GitHub Login. OAuth app client secret.

Default: none  ·  Example: your_client_secret

🔑 Generic OAuth / OIDC SSO

ENABLE_OAUTH_AUTH Optional

Set to true to show an "SSO" button on the login page.

Default: false  ·  Example: true

Cloudron Users

On Cloudron, SSO is enabled automatically via the OIDC addon — users can log in with their Cloudron account. You don't need to set any OAUTH_* variables. Set ENABLE_OAUTH_AUTH=false to disable SSO entirely.
OAUTH_CLIENT_ID Optional

OAuth 2.0 client ID registered with your identity provider.

Default: none  ·  Example: tymeslot

OAUTH_CLIENT_SECRET Optional

OAuth 2.0 client secret from your identity provider.

Default: none  ·  Example: your-client-secret

OAUTH_PROVIDER_URL Optional

Base URL of your identity provider. Used as the OAuth 2.0 site parameter.

Default: none  ·  Example: https://idp.example.com

OAUTH_AUTHORIZE_URL Optional

Full URL of the authorization endpoint.

Default: none  ·  Example: https://idp.example.com/authorize

OAUTH_TOKEN_URL Optional

Full URL of the token endpoint.

Default: none  ·  Example: https://idp.example.com/token

OAUTH_USERINFO_URL Optional

Full URL of the userinfo endpoint. Must return a JSON object with a sub claim (or id/user_id if OAUTH_ALLOW_ID_FALLBACK is enabled).

Default: none  ·  Example: https://idp.example.com/userinfo

OAUTH_SCOPE Optional

Space-separated list of OAuth scopes to request.

Default: openid email profile  ·  Example: openid email profile groups

OAUTH_ALLOW_ID_FALLBACK Optional

Set to true to accept id or user_id claims when the IdP does not return a standard sub claim. Only enable this for non-OIDC providers.

Default: false  ·  Example: true

🛡️ reCAPTCHA

RECAPTCHA_SITE_KEY Optional

Required to enable reCAPTCHA. v3 site key from Google reCAPTCHA admin console.

Default: none  ·  Example: 6Le-your-site-key

RECAPTCHA_SECRET_KEY Optional

Required to enable reCAPTCHA. v3 secret key from Google reCAPTCHA admin console.

Default: none  ·  Example: 6Le-your-secret-key

RECAPTCHA_SIGNUP_ENABLED Optional

Enable reCAPTCHA score verification on the signup form.

Default: false  ·  Example: true

RECAPTCHA_SIGNUP_MIN_SCORE Optional

Minimum reCAPTCHA score (0.0–1.0) required to pass signup. Higher is more strict.

Default: 0.3  ·  Example: 0.5

RECAPTCHA_BOOKING_ENABLED Optional

Enable reCAPTCHA score verification on booking forms.

Default: false  ·  Example: true

RECAPTCHA_BOOKING_MIN_SCORE Optional

Minimum reCAPTCHA score required to submit a booking.

Default: 0.3  ·  Example: 0.3

RECAPTCHA_EXPECTED_HOSTNAMES Optional

Comma-separated list of hostnames from which reCAPTCHA tokens are accepted. Prevents token replay attacks.

Default: none  ·  Example: tymeslot.yourdomain.com

✈️ Telegram Notifications

TELEGRAM_BOT_TOKEN Optional

Bot token from @BotFather. Setting this variable enables shared bot mode — all three Telegram variables must be set together. The application refuses to start if the token is set but the other two are missing.

Default: none  ·  Example: 123456789:ABCdef...

TELEGRAM_BOT_USERNAME Optional

Username of the bot (without the @ prefix). Required when TELEGRAM_BOT_TOKEN is set.

Default: none  ·  Example: MyTymeslotBot

TELEGRAM_WEBHOOK_SECRET Optional

Random secret passed to Telegram's setWebhook API and verified on every incoming webhook call. Required when TELEGRAM_BOT_TOKEN is set.

Default: none  ·  Example: openssl rand -hex 32

TELEGRAM_ENABLED Optional

Set to true to enable Telegram in own-bot mode (each user supplies their own bot token and chat ID). Only effective when TELEGRAM_BOT_TOKEN is not set — setting the token automatically enables shared bot mode regardless of this flag.

Default: false  ·  Example: true

🔀 HTTP Proxy

HTTPS_PROXY Optional

Route HTTPS outbound requests through this proxy. Also accepts lowercase https_proxy.

Default: none  ·  Example: http://proxy.corp.com:3128

HTTP_PROXY Optional

Route HTTP outbound requests through this proxy. Also accepts lowercase http_proxy.

Default: none  ·  Example: http://proxy.corp.com:3128

NO_PROXY Optional

Comma-separated list of hosts, IP addresses, or CIDR ranges that bypass the proxy. Also accepts lowercase no_proxy.

Default: none  ·  Example: localhost,127.0.0.1,10.0.0.0/8

🌐 Clustering

DNS_CLUSTER_QUERY Optional

DNS query used for Erlang cluster node discovery in multi-node deployments.

Default: none  ·  Example: tymeslot.internal

Minimum Configuration

A minimal Docker deployment only requires: SECRET_KEY_BASE, PHX_HOST, POSTGRES_PASSWORD, and email configuration (EMAIL_FROM_NAME, EMAIL_FROM_ADDRESS, and SMTP or Postmark credentials). All other variables have defaults or are feature-specific.

Frequently Asked Questions

What is the minimum set of environment variables I need to run Tymeslot?

For a Docker deployment you need five variables to start the application:

  • SECRET_KEY_BASE — required for session signing
  • PHX_HOST — your public domain name
  • POSTGRES_PASSWORD — the only truly required database variable; hostname, name, and user all have defaults
  • EMAIL_FROM_NAME and EMAIL_FROM_ADDRESS — required for outbound email

Plus credentials for your chosen email adapter — SMTP variables if using the default adapter, or POSTMARK_API_KEY if using Postmark.

How do I generate a value for SECRET_KEY_BASE?

Run either of these commands and paste the output as the variable value:

mix phx.gen.secret — requires an Elixir installation

openssl rand -base64 64 | tr -d '\n' — works on any system with OpenSSL

The value must be at least 64 characters long. Never reuse a value across environments and never commit it to version control.

Can I use a .env file instead of setting environment variables directly?

Yes. Docker Compose automatically loads a .env file placed in the same directory as your docker-compose.yml. Variables defined there are substituted into the Compose file and passed to containers.

In production, prefer your platform's secret management — Cloudron's environment panel, Railway's variables UI, or a secrets manager — rather than committing a .env file to your repository.

What format should DATABASE_URL be in?

Tymeslot's Docker deployment uses individual variables (DATABASE_HOST, POSTGRES_DB, etc.) rather than a single connection URL. If you are on Cloudron, the platform injects its own CLOUDRON_POSTGRESQL_* variables automatically — you do not need to set any database variables manually.

If your hosting platform provides a single URL and you need to break it apart, the standard PostgreSQL format is: postgres://username:password@hostname:5432/database_name

I changed an environment variable but the application behaviour did not change — why?

Environment variables are read at startup only. A running container retains the values it was started with regardless of any later changes to your .env file or platform configuration.

Restart the container after every environment variable change: docker-compose restart tymeslot (or a full docker-compose up -d to pick up changes to the Compose file itself).

🔗 Related Articles

Read Docker Self-Hosting

Docker Self-Hosting

Deploy Tymeslot using Docker and Docker Compose. Perfect for VPS hosting, home servers, or any environment with Docker support.

Read Cloudron Deployment

Cloudron Deployment

One-click installation on Cloudron. Automated backups, SSL certificates, and updates handled automatically.

Read Railway Deployment

Railway Deployment

One-click deploy on Railway. Postgres is provisioned and wired automatically — your instance is live in minutes with no server management.