Configuration
Environment variables, SMTP, rate limiting, and per-realm settings.
Environment Variables
Set these in your .env file or pass them as Docker environment variables.
| Variable | Default | Description |
|---|---|---|
DATABASE_URL | required | PostgreSQL connection string |
PORT | 3000 | Server port |
NODE_ENV | development | Environment mode (development or production) |
ADMIN_API_KEY | required | API key for admin endpoints |
ADMIN_USER | admin | Initial admin username |
ADMIN_PASSWORD | admin | Initial admin password |
THROTTLE_TTL | 60000 | Rate limit window in milliseconds |
THROTTLE_LIMIT | 100 | Max requests per window |
BASE_URL | http://localhost:3000 | Public-facing URL for redirects and emails |
Example .env
# Database
DATABASE_URL=postgresql://authme:authme@localhost:5432/authme
# Server
PORT=3000
NODE_ENV=production
BASE_URL=https://auth.example.com
# Admin
ADMIN_API_KEY=your-secure-api-key-here
ADMIN_USER=admin
ADMIN_PASSWORD=change-me-to-a-strong-password
# Rate Limiting
THROTTLE_TTL=60000
THROTTLE_LIMIT=100Base URL
The BASE_URL must be set to your server's public-facing URL. It is used in:
- OAuth 2.0 redirect URI validation
- Links in outbound emails (verification, password reset)
- OIDC Discovery document issuer field
- SAML metadata endpoints
When using a reverse proxy or load balancer, set BASE_URL to the external URL (e.g., https://auth.example.com), not the internal container address.
Rate Limiting
AuthMe includes built-in rate limiting to protect against brute-force attacks. Controlled by two variables:
THROTTLE_TTL
Default: 60000 (1 minute)
The rolling time window in milliseconds.
THROTTLE_LIMIT
Default: 100
Maximum requests allowed per window.
For production with a reverse proxy, you may also want to configure rate limiting at the proxy level (Nginx, Cloudflare, etc.).
Email / SMTP
SMTP settings are configured per-realm through the Admin Console, not via environment variables. This means each realm (tenant) can use its own email provider.
How to configure:
- Open the Admin Console at
/console - Navigate to your realm
- Go to the Email tab
- Enter your SMTP host, port, credentials, and sender address
- Use the Test Email button to verify
Email is used for email verification, password reset, and other user-facing flows.