Usertour uses environment variables to configure various application parameters. Here’s a detailed explanation of the environment variables:Documentation Index
Fetch the complete documentation index at: https://docs.usertour.io/llms.txt
Use this file to discover all available pages before exploring further.
| Environment Variable | Required | Description |
|---|---|---|
| Database Configuration | ||
| DATABASE_URL | Yes | PostgreSQL database connection URL. Can be configured to use connection poolers like PgBouncer or Prisma Accelerate. This is the main connection URL used by your application. Both DATABASE_URL and DATABASE_DIRECT_URL must be configured. |
| DATABASE_DIRECT_URL | Yes | Direct PostgreSQL database connection URL. Required when using connection poolers in DATABASE_URL. Used by Prisma CLI commands that need direct database access (like migrations, schema pushes, and introspection). Both DATABASE_URL and DATABASE_DIRECT_URL must be configured. |
| Server Configuration | ||
| NEST_SERVER_PORT | No | NestJS server port, default is 3000 |
| NODE_ENV | Yes | Node.js environment |
| Email Service Configuration | ||
| EMAIL_HOST | Yes | Email server address |
| EMAIL_PORT | Yes | Email server port |
| EMAIL_USER | Yes | Email service account |
| EMAIL_PASS | Yes | Email service password |
| Important: Email service configuration is required for user registration and member invitation features. Without proper email configuration, these features will not be available. | ||
| Redis Configuration | ||
| Redis_HOST | Yes | Redis server address |
| Redis_PORT | Yes | Redis server port |
| Redis_PASS | No | Redis server password |
| Application Configuration | ||
| APP_HOMEPAGE_URL | Yes | Application homepage URL |
| API_URL | No | GraphQL API endpoint, default is /graphql |
| DOC_URL | No | Documentation URL for error responses, default is https://docs.usertour.com |
| USERTOUR_TOKEN | No | Usertour Environment token |
| AWS S3 Configuration | ||
| AWS_S3_REGION | Yes | AWS S3 region |
| AWS_S3_ENDPOINT | Yes | AWS S3 endpoint |
| AWS_S3_ACCESS_KEY_ID | Yes | AWS S3 access key ID |
| AWS_S3_SECRET_ACCESS_KEY | Yes | AWS S3 secret access key |
| AWS_S3_BUCKET | Yes | AWS S3 bucket name |
| AWS_S3_DOMAIN | Yes | AWS S3 domain |
| Analytics Configuration | ||
| POSTHOG_KEY | No | PostHog API key |
| POSTHOG_HOST | No | PostHog host URL |
| OpenTelemetry Configuration | ||
| OTLP_TRACES_ENDPOINT | No | OpenTelemetry traces endpoint URL for distributed tracing |
| OTLP_METRICS_ENDPOINT | No | OpenTelemetry metrics endpoint URL for metrics collection |
| Encryption | ||
| ENCRYPTION_KEY | Yes (prod) | 64-character hex string (32 bytes) used as the AES-256-GCM key for encrypting sensitive data at rest (currently 2FA TOTP secrets). Generate with openssl rand -hex 32. If unset, the server falls back to a known-insecure development key and logs no warning — do not ship that to production. Once users have enrolled in 2FA, do not rotate this key: existing TOTP secrets won’t decrypt with a new value. |
| Authentication Configuration | ||
| JWT_SECRET | Yes | JWT token secret key |
| JWT_EXPIRATION_TIME | Yes | JWT token expiration time (e.g. 1h) |
| JWT_REFRESH_EXPIRATION_TIME | Yes | JWT refresh token expiration time (e.g. 7d) |
| Email Authentication | ||
| EMAIL_AUTH_ENABLED | No | Enable/disable email authentication |
| EMAIL_SENDER | No | Email sender name and address |
| GitHub Authentication | ||
| GITHUB_AUTH_ENABLED | No | Enable/disable GitHub authentication |
| GITHUB_CLIENT_ID | No | GitHub OAuth client ID |
| GITHUB_CLIENT_SECRET | No | GitHub OAuth client secret |
| GITHUB_CALLBACK_URL | No | GitHub OAuth callback URL |
| Google Authentication | ||
| GOOGLE_AUTH_ENABLED | No | Enable/disable Google authentication |
| GOOGLE_CLIENT_ID | No | Google OAuth client ID |
| GOOGLE_CLIENT_SECRET | No | Google OAuth client secret |
| GOOGLE_CALLBACK_URL | No | Google OAuth callback URL |
| Other Configuration | ||
| LOGIN_REDIRECT_URL | No | URL to redirect after login |
| USERTOUR_COOKIE_DOMAIN | No | Domain where cookies are valid and can be accessed |
| USERTOUR_COOKIE_SECURE | No | Controls whether cookies can only be transmitted over HTTPS. |
Important Notes
- For local development,
APP_HOMEPAGE_URLcan be set tohttp://[ip]:[port] - For production environments, make sure to modify the default security-related configurations (such as JWT secrets)
DATABASE_URLincludes the database connection parameters with SSL mode preference- Both
DATABASE_URLandDATABASE_DIRECT_URLmust be configured, regardless of whether you’re using connection poolers or not - When using connection poolers (like PgBouncer) in production, make sure to:
- Configure
DATABASE_URLto use the connection pooler - Set
DATABASE_DIRECT_URLto point directly to your PostgreSQL database - Ensure both URLs have proper SSL configuration for production use
- Configure
- The
DATABASE_DIRECT_URLis essential for Prisma CLI operations and should always be configured when using connection poolers - Email service configuration is required for user registration and member invitation features. Without proper email configuration, these features will not be available
Configuration Example (.env)
Create a.env file in the project root directory. You can refer to the following example: