Skip to main content

Environment Variables

LibreChat uses environment variables for configuration. Set these in your .env file or system environment.
Copy .env.example to .env to get started:
cp .env.example .env

Server Configuration

Basic Server Settings

HOST
string
default:"localhost"
Server host address
HOST=localhost
PORT
number
default:"3080"
Server port number
PORT=3080
DOMAIN_CLIENT
string
required
Client-facing domain URL
DOMAIN_CLIENT=http://localhost:3080
# Production:
DOMAIN_CLIENT=https://yourdomain.com
DOMAIN_SERVER
string
required
Server domain URL for backend services
DOMAIN_SERVER=http://localhost:3080
# Production:
DOMAIN_SERVER=https://yourdomain.com
NO_INDEX
boolean
default:"true"
Add noindex meta tag to prevent search engine indexing
NO_INDEX=true
TRUST_PROXY
number
default:"1"
Number of hops from the Express application. Set to 0 if no reverse proxy.
# Behind 1 reverse proxy (default)
TRUST_PROXY=1

# Behind 2 reverse proxies
TRUST_PROXY=2

# No reverse proxy
TRUST_PROXY=0
MIN_PASSWORD_LENGTH
number
default:"8"
Minimum password length for user authentication
When using LDAP authentication, set this to 1 to bypass local password validation
MIN_PASSWORD_LENGTH=8
# For LDAP:
MIN_PASSWORD_LENGTH=1
CONTINUE_ON_UNCAUGHT_EXCEPTION
boolean
default:"false"
Continue running after encountering uncaught exceptions
Not recommended for production unless necessary
CONTINUE_ON_UNCAUGHT_EXCEPTION=false

Node.js Options

NODE_MAX_OLD_SPACE_SIZE
number
default:"6144"
Build argument for Docker/CI workflows (NOT used by Node.js directly)To configure Node.js memory at runtime, use NODE_OPTIONS:
NODE_MAX_OLD_SPACE_SIZE=6144

# For runtime memory configuration:
NODE_OPTIONS="--max-old-space-size=6144"

Database Configuration

MongoDB

MONGO_URI
string
required
MongoDB connection string
MONGO_URI=mongodb://127.0.0.1:27017/LibreChat

# With authentication:
MONGO_URI=mongodb://username:[email protected]:27017/LibreChat

# MongoDB Atlas:
MONGO_URI=mongodb+srv://username:[email protected]/LibreChat
MONGO_MAX_POOL_SIZE
number
Maximum number of connections in the connection pool
MONGO_MAX_POOL_SIZE=10
MONGO_MIN_POOL_SIZE
number
Minimum number of connections in the connection pool
MONGO_MIN_POOL_SIZE=2
MONGO_MAX_CONNECTING
number
Maximum number of connections being established concurrently
MONGO_MAX_CONNECTING=5
MONGO_MAX_IDLE_TIME_MS
number
Maximum milliseconds a connection can remain idle before being closed
MONGO_MAX_IDLE_TIME_MS=60000
MONGO_WAIT_QUEUE_TIMEOUT_MS
number
Maximum time in milliseconds to wait for a connection
MONGO_WAIT_QUEUE_TIMEOUT_MS=5000
MONGO_AUTO_INDEX
boolean
default:"true"
Enable automatic index creation for all models
MONGO_AUTO_INDEX=true
MONGO_AUTO_CREATE
boolean
default:"true"
Enable automatic collection creation
MONGO_AUTO_CREATE=true

Logging

JSON Logging

CONSOLE_JSON
boolean
default:"false"
Use JSON format for console logs (useful for cloud deployments like GCP/AWS)
CONSOLE_JSON=false
# Production cloud deployment:
CONSOLE_JSON=true

Debug Logging

DEBUG_LOGGING
boolean
default:"true"
Enable debug logging
DEBUG_LOGGING=true
DEBUG_CONSOLE
boolean
default:"false"
Output debug logs to console
DEBUG_CONSOLE=false
MEM_DIAG
boolean
default:"false"
Enable memory diagnostics (logs heap/RSS snapshots every 60s)Automatically enabled when using --inspect flag
MEM_DIAG=true

Permissions

UID
number
default:"1000"
User ID for file permissions (Docker)
UID=1000
GID
number
default:"1000"
Group ID for file permissions (Docker)
GID=1000

Configuration Path

CONFIG_PATH
string
default:"./librechat.yaml"
Path to librechat.yaml configuration file (absolute, relative, or URL)
CONFIG_PATH="/alternative/path/to/librechat.yaml"

Langfuse Tracing

LANGFUSE_PUBLIC_KEY
string
Langfuse public API key for tracingGet your API keys from: https://cloud.langfuse.com
LANGFUSE_PUBLIC_KEY=pk-lf-xxx
LANGFUSE_SECRET_KEY
string
Langfuse secret API key
LANGFUSE_SECRET_KEY=sk-lf-xxx
LANGFUSE_BASE_URL
string
Langfuse API base URL (optional, for self-hosted)
LANGFUSE_BASE_URL=https://your-langfuse-instance.com

Proxy

PROXY
string
HTTP/HTTPS proxy for outbound requests
PROXY=http://proxy.example.com:8080

Security

JWT Secrets

JWT_SECRET
string
required
Secret key for JWT token signing
Generate a secure random string and keep it secret!
# Generate with:
openssl rand -hex 32

JWT_SECRET=16f8c0ef4a5d391b26034086c628469d3f9f497f08163ab9b40137092f2909ef
JWT_REFRESH_SECRET
string
required
Secret key for refresh token signing (must be different from JWT_SECRET)
# Generate with:
openssl rand -hex 32

JWT_REFRESH_SECRET=eaa5191f2914e30b9387fd84e254e4ba6fc51b4654968a9b0803b456a54b8418

Credential Encryption

CREDS_KEY
string
required
Encryption key for stored credentials (32 bytes hex)
# Generate with:
openssl rand -hex 32

CREDS_KEY=f34be427ebb29de8d88c107a71546019685ed8b241d8f2ed00c3df97ad2566f0
CREDS_IV
string
required
Initialization vector for credential encryption (16 bytes hex)
# Generate with:
openssl rand -hex 16

CREDS_IV=e2341419ec3dd3d19b13a1a87fafcbfb

Session Configuration

SESSION_EXPIRY
number
default:"900000"
Session expiry time in milliseconds
# Default: 15 minutes
SESSION_EXPIRY=1000 * 60 * 15

# 1 hour:
SESSION_EXPIRY=3600000
REFRESH_TOKEN_EXPIRY
number
default:"604800000"
Refresh token expiry time in milliseconds
# Default: 7 days
REFRESH_TOKEN_EXPIRY=(1000 * 60 * 60 * 24) * 7

# 30 days:
REFRESH_TOKEN_EXPIRY=2592000000

Moderation

OPENAI_MODERATION
boolean
default:"false"
Enable OpenAI content moderation
OPENAI_MODERATION=false
OPENAI_MODERATION_API_KEY
string
OpenAI API key for moderation (if different from main key)
OPENAI_MODERATION_API_KEY=sk-xxx
OPENAI_MODERATION_REVERSE_PROXY
string
Reverse proxy URL for OpenAI moderation API
OPENAI_MODERATION_REVERSE_PROXY=https://your-proxy.com/v1

Ban Configuration

BAN_VIOLATIONS
boolean
default:"true"
Enable automatic banning for violations
BAN_VIOLATIONS=true
BAN_DURATION
number
default:"7200000"
Ban duration in milliseconds (default: 2 hours)
BAN_DURATION=1000 * 60 * 60 * 2
BAN_INTERVAL
number
default:"20"
Number of violations before ban
BAN_INTERVAL=20

Violation Scores

LOGIN_VIOLATION_SCORE
number
default:"1"
Violation score for failed login attempts
LOGIN_VIOLATION_SCORE=1
REGISTRATION_VIOLATION_SCORE
number
default:"1"
Violation score for registration attempts
REGISTRATION_VIOLATION_SCORE=1
CONCURRENT_VIOLATION_SCORE
number
default:"1"
Violation score for concurrent message violations
CONCURRENT_VIOLATION_SCORE=1
MESSAGE_VIOLATION_SCORE
number
default:"1"
Violation score for message rate limit violations
MESSAGE_VIOLATION_SCORE=1
NON_BROWSER_VIOLATION_SCORE
number
default:"20"
Violation score for non-browser requests
NON_BROWSER_VIOLATION_SCORE=20
TTS_VIOLATION_SCORE
number
default:"0"
Violation score for text-to-speech violations
TTS_VIOLATION_SCORE=0
STT_VIOLATION_SCORE
number
default:"0"
Violation score for speech-to-text violations
STT_VIOLATION_SCORE=0
FORK_VIOLATION_SCORE
number
default:"0"
Violation score for conversation fork violations
FORK_VIOLATION_SCORE=0
IMPORT_VIOLATION_SCORE
number
default:"0"
Violation score for import violations
IMPORT_VIOLATION_SCORE=0
FILE_UPLOAD_VIOLATION_SCORE
number
default:"0"
Violation score for file upload violations
FILE_UPLOAD_VIOLATION_SCORE=0
ILLEGAL_MODEL_REQ_SCORE
number
default:"5"
Violation score for illegal model requests
ILLEGAL_MODEL_REQ_SCORE=5

Rate Limits

LOGIN_MAX
number
default:"7"
Maximum login attempts per window
LOGIN_MAX=7
LOGIN_WINDOW
number
default:"5"
Login rate limit window in minutes
LOGIN_WINDOW=5
REGISTER_MAX
number
default:"5"
Maximum registration attempts per window
REGISTER_MAX=5
REGISTER_WINDOW
number
default:"60"
Registration rate limit window in minutes
REGISTER_WINDOW=60
LIMIT_CONCURRENT_MESSAGES
boolean
default:"true"
Enable concurrent message limiting
LIMIT_CONCURRENT_MESSAGES=true
CONCURRENT_MESSAGE_MAX
number
default:"2"
Maximum concurrent messages per user
CONCURRENT_MESSAGE_MAX=2
LIMIT_MESSAGE_IP
boolean
default:"true"
Enable message rate limiting by IP
LIMIT_MESSAGE_IP=true
MESSAGE_IP_MAX
number
default:"40"
Maximum messages per IP per window
MESSAGE_IP_MAX=40
MESSAGE_IP_WINDOW
number
default:"1"
Message IP rate limit window in minutes
MESSAGE_IP_WINDOW=1
LIMIT_MESSAGE_USER
boolean
default:"false"
Enable message rate limiting by user
LIMIT_MESSAGE_USER=false
MESSAGE_USER_MAX
number
default:"40"
Maximum messages per user per window
MESSAGE_USER_MAX=40
MESSAGE_USER_WINDOW
number
default:"1"
Message user rate limit window in minutes
MESSAGE_USER_WINDOW=1

Balance System

CHECK_BALANCE
boolean
default:"false"
Enable token balance checking
CHECK_BALANCE=false
START_BALANCE
number
default:"20000"
Initial token balance for new users
START_BALANCE=20000

Registration and Login

ALLOW_EMAIL_LOGIN
boolean
default:"true"
Allow email/password login
ALLOW_EMAIL_LOGIN=true
ALLOW_REGISTRATION
boolean
default:"true"
Allow new user registration
ALLOW_REGISTRATION=true
# Production (invite-only):
ALLOW_REGISTRATION=false
ALLOW_SOCIAL_LOGIN
boolean
default:"false"
Allow social login (OAuth) for existing users
ALLOW_SOCIAL_LOGIN=false
ALLOW_SOCIAL_REGISTRATION
boolean
default:"false"
Allow new user registration via social login
ALLOW_SOCIAL_REGISTRATION=false
ALLOW_PASSWORD_RESET
boolean
default:"false"
Enable password reset functionality
Requires email service configuration
ALLOW_PASSWORD_RESET=false
ALLOW_ACCOUNT_DELETION
boolean
default:"true"
Allow users to delete their accounts
ALLOW_ACCOUNT_DELETION=true
ALLOW_UNVERIFIED_EMAIL_LOGIN
boolean
default:"true"
Allow login with unverified email addresses
ALLOW_UNVERIFIED_EMAIL_LOGIN=true
# Production:
ALLOW_UNVERIFIED_EMAIL_LOGIN=false
ALLOW_SHARED_LINKS
boolean
default:"true"
Enable conversation sharing via links
ALLOW_SHARED_LINKS=true
ALLOW_SHARED_LINKS_PUBLIC
boolean
default:"true"
Allow public (non-authenticated) access to shared links
ALLOW_SHARED_LINKS_PUBLIC=true

Static File Cache Control

STATIC_CACHE_MAX_AGE
number
default:"172800"
Cache max-age for static files in seconds (2 days default)
Only applies when NODE_ENV=production
STATIC_CACHE_MAX_AGE=172800
STATIC_CACHE_S_MAX_AGE
number
default:"86400"
Cache s-maxage for static files in seconds (1 day default)
STATIC_CACHE_S_MAX_AGE=86400
DISABLE_COMPRESSION
boolean
default:"false"
Disable Express-based compression (if handled by another service)
DISABLE_COMPRESSION=true
ENABLE_IMAGE_OUTPUT_GZIP_SCAN
boolean
default:"false"
Enable serving pre-gzipped image files
Scans images folder on startup and keeps map in memory
ENABLE_IMAGE_OUTPUT_GZIP_SCAN=true

UI Configuration

APP_TITLE
string
default:"LibreChat"
Application title shown in browser
APP_TITLE=LibreChat
CUSTOM_FOOTER
string
Custom footer text
CUSTOM_FOOTER="My custom footer"
HELP_AND_FAQ_URL
string
default:"https://librechat.ai"
URL for help and FAQ link
HELP_AND_FAQ_URL=https://librechat.ai
SHOW_BIRTHDAY_ICON
boolean
default:"false"
Show birthday icon on special dates
SHOW_BIRTHDAY_ICON=true
ANALYTICS_GTM_ID
string
Google Tag Manager ID for analytics
ANALYTICS_GTM_ID=GTM-XXXXXXX
CONVERSATION_IMPORT_MAX_FILE_SIZE_BYTES
number
Maximum file size for conversation imports in bytes
# 250 MiB:
CONVERSATION_IMPORT_MAX_FILE_SIZE_BYTES=262144000

Cache Headers

INDEX_CACHE_CONTROL
string
default:"no-cache, no-store, must-revalidate"
Cache-Control header for index.html
INDEX_CACHE_CONTROL=no-cache, no-store, must-revalidate
INDEX_PRAGMA
string
default:"no-cache"
Pragma header for index.html
INDEX_PRAGMA=no-cache
INDEX_EXPIRES
string
default:"0"
Expires header for index.html
INDEX_EXPIRES=0

Next Steps

AI Endpoints

Configure AI endpoint variables

Authentication

Set up OAuth, LDAP, and email auth

File Storage

Configure S3, Firebase, or Azure storage

YAML Configuration

Advanced YAML configuration options

Build docs developers (and LLMs) love

Get started for freeTalk to us