Environment Variables Reference
This page provides a comprehensive reference for all environment variables used in Postiz. Use this guide to configure your self-hosted instance.
Configuration File
You can configure Postiz using environment variables in:
- Docker Compose
environment: section
.env file (recommended for production)- System environment variables
Download the example configuration:curl -O https://raw.githubusercontent.com/gitroomhq/postiz-app/main/.env.example
cp .env.example .env
Required Settings
These variables are essential for Postiz to function:
Application URLs
The main URL where Postiz is accessibleMAIN_URL="http://localhost:4007"
# Production:
MAIN_URL="https://postiz.yourdomain.com"
The frontend application URL (usually same as MAIN_URL)FRONTEND_URL="http://localhost:4007"
The backend API URL accessible from the browserNEXT_PUBLIC_BACKEND_URL="http://localhost:4007/api"
# Production:
NEXT_PUBLIC_BACKEND_URL="https://postiz.yourdomain.com/api"
Internal backend URL for server-side requestsBACKEND_INTERNAL_URL="http://localhost:3000"
Security
Secret key for signing JWT tokens. MUST be unique and random!JWT_SECRET="your-super-long-random-string-here"
Generate a secure random string:Never use the example value in production! Database
PostgreSQL connection stringDATABASE_URL="postgresql://postiz-user:postiz-password@localhost:5432/postiz-db-local"
postgresql://[user]:[password]@[host]:[port]/[database]For Docker Compose:DATABASE_URL="postgresql://postiz-user:postiz-password@postiz-postgres:5432/postiz-db-local"
Redis connection stringREDIS_URL="redis://localhost:6379"
REDIS_URL="redis://postiz-redis:6379"
Temporal
Temporal server address for workflow orchestrationTEMPORAL_ADDRESS="temporal:7233"
System Flags
Required for current version. Always set to true. Disable new user registrationDISABLE_REGISTRATION="false"
"true" to disable public registration. Storage Settings
Configure where media files are stored:
Storage backend: local or cloudflare Local Storage
Directory path for storing uploaded files (local storage only)UPLOAD_DIRECTORY="/uploads"
NEXT_PUBLIC_UPLOAD_DIRECTORY
Public URL path for accessing uploaded filesNEXT_PUBLIC_UPLOAD_DIRECTORY="/uploads"
Cloudflare R2 Storage
Cloudflare R2 is required for production deployments to save social media avatars and other assets.
Your Cloudflare account IDCLOUDFLARE_ACCOUNT_ID="your-account-id"
Cloudflare R2 access keyCLOUDFLARE_ACCESS_KEY="your-access-key"
CLOUDFLARE_SECRET_ACCESS_KEY
Cloudflare R2 secret access keyCLOUDFLARE_SECRET_ACCESS_KEY="your-secret-access-key"
R2 bucket nameCLOUDFLARE_BUCKETNAME="postiz-uploads"
Public URL for your R2 bucketCLOUDFLARE_BUCKET_URL="https://your-bucket-url.r2.cloudflarestorage.com/"
Twitter/X API keyX_API_KEY="your-x-api-key"
Twitter/X API secretX_API_SECRET="your-x-api-secret"
LinkedIn
LinkedIn OAuth client IDLINKEDIN_CLIENT_ID="your-linkedin-client-id"
LinkedIn OAuth client secretLINKEDIN_CLIENT_SECRET="your-linkedin-client-secret"
Reddit
Reddit OAuth client IDREDDIT_CLIENT_ID="your-reddit-client-id"
Reddit OAuth client secretREDDIT_CLIENT_SECRET="your-reddit-client-secret"
GitHub
GitHub OAuth app client IDGITHUB_CLIENT_ID="your-github-client-id"
GitHub OAuth app client secretGITHUB_CLIENT_SECRET="your-github-client-secret"
Facebook
Facebook App IDFACEBOOK_APP_ID="your-facebook-app-id"
Facebook App SecretFACEBOOK_APP_SECRET="your-facebook-app-secret"
Threads
Meta Threads App IDTHREADS_APP_ID="your-threads-app-id"
Meta Threads App SecretTHREADS_APP_SECRET="your-threads-app-secret"
YouTube
Google OAuth client ID for YouTubeYOUTUBE_CLIENT_ID="your-youtube-client-id"
Google OAuth client secret for YouTubeYOUTUBE_CLIENT_SECRET="your-youtube-client-secret"
TikTok
TikTok OAuth client IDTIKTOK_CLIENT_ID="your-tiktok-client-id"
TikTok OAuth client secretTIKTOK_CLIENT_SECRET="your-tiktok-client-secret"
Pinterest
Pinterest OAuth client IDPINTEREST_CLIENT_ID="your-pinterest-client-id"
Pinterest OAuth client secretPINTEREST_CLIENT_SECRET="your-pinterest-client-secret"
Dribbble
Dribbble OAuth client IDDRIBBBLE_CLIENT_ID="your-dribbble-client-id"
Dribbble OAuth client secretDRIBBBLE_CLIENT_SECRET="your-dribbble-client-secret"
Discord
Discord OAuth client IDDISCORD_CLIENT_ID="your-discord-client-id"
Discord OAuth client secretDISCORD_CLIENT_SECRET="your-discord-client-secret"
Discord bot token for postingDISCORD_BOT_TOKEN_ID="your-discord-bot-token"
Slack
Slack app client IDSLACK_ID="your-slack-client-id"
Slack app client secretSLACK_SECRET="your-slack-client-secret"
Slack signing secret for request verificationSLACK_SIGNING_SECRET="your-slack-signing-secret"
Mastodon
MASTODON_URL
string
default:"https://mastodon.social"
Mastodon instance URLMASTODON_URL="https://mastodon.social"
Mastodon OAuth client IDMASTODON_CLIENT_ID="your-mastodon-client-id"
Mastodon OAuth client secretMASTODON_CLIENT_SECRET="your-mastodon-client-secret"
Beehiiv
Beehiiv API keyBEEHIIVE_API_KEY="your-beehiiv-api-key"
Beehiiv publication IDBEEHIIVE_PUBLICATION_ID="your-publication-id"
Listmonk
Listmonk instance domainLISTMONK_DOMAIN="https://newsletter.yourdomain.com"
Listmonk usernameLISTMONK_USER="your-listmonk-username"
Listmonk API keyLISTMONK_API_KEY="your-listmonk-api-key"
Listmonk list ID for subscribersLISTMONK_LIST_ID="your-list-id"
Generic OAuth Provider
Postiz supports generic OAuth 2.0 providers like Authentik, Keycloak, etc.
Enable generic OAuth authenticationPOSTIZ_GENERIC_OAUTH="false"
NEXT_PUBLIC_POSTIZ_OAUTH_DISPLAY_NAME
Display name for OAuth provider (shown on login button)NEXT_PUBLIC_POSTIZ_OAUTH_DISPLAY_NAME="Authentik"
NEXT_PUBLIC_POSTIZ_OAUTH_LOGO_URL
Logo URL for OAuth providerNEXT_PUBLIC_POSTIZ_OAUTH_LOGO_URL="https://raw.githubusercontent.com/walkxcode/dashboard-icons/master/png/authentik.png"
Base URL of your OAuth providerPOSTIZ_OAUTH_URL="https://auth.example.com"
OAuth authorization endpointPOSTIZ_OAUTH_AUTH_URL="https://auth.example.com/application/o/authorize"
OAuth token endpointPOSTIZ_OAUTH_TOKEN_URL="https://auth.example.com/application/o/token"
POSTIZ_OAUTH_USERINFO_URL
OAuth userinfo endpointPOSTIZ_OAUTH_USERINFO_URL="https://auth.example.com/application/o/userinfo"
OAuth client IDPOSTIZ_OAUTH_CLIENT_ID="your-oauth-client-id"
POSTIZ_OAUTH_CLIENT_SECRET
OAuth client secretPOSTIZ_OAUTH_CLIENT_SECRET="your-oauth-client-secret"
POSTIZ_OAUTH_SCOPE
string
default:"openid profile email"
OAuth scopes to requestPOSTIZ_OAUTH_SCOPE="openid profile email"
Email Settings
Resend API key for sending emailsRESEND_API_KEY="re_yourApiKey"
If this variable is set, user activation emails are required. If commented out, users are activated automatically.
AI Features
OpenAI API key for AI-powered featuresOPENAI_API_KEY="sk-your-openai-api-key"
Short Link Services
Postiz supports multiple URL shortening services:
Dub
Dub API tokenDUB_TOKEN="your-dub-token"
DUB_API_ENDPOINT
string
default:"https://api.dub.co"
Dub API endpointDUB_API_ENDPOINT="https://api.dub.co"
Dub short link domainDUB_SHORT_LINK_DOMAIN="dub.sh"
Short.io
Short.io API secret keySHORT_IO_SECRET_KEY="your-short-io-key"
Kutt
Kutt.it API keyKUTT_API_KEY="your-kutt-api-key"
KUTT_API_ENDPOINT
string
default:"https://kutt.it/api/v2"
Kutt API endpointKUTT_API_ENDPOINT="https://kutt.it/api/v2"
Kutt short link domainKUTT_SHORT_LINK_DOMAIN="kutt.it"
LinkDrip
LinkDrip API keyLINK_DRIP_API_KEY="your-linkdrip-api-key"
LINK_DRIP_API_ENDPOINT
string
default:"https://api.linkdrip.com/v1/"
LinkDrip API endpointLINK_DRIP_API_ENDPOINT="https://api.linkdrip.com/v1/"
LINK_DRIP_SHORT_LINK_DOMAIN
string
default:"dripl.ink"
LinkDrip short link domainLINK_DRIP_SHORT_LINK_DOMAIN="dripl.ink"
Payment Settings
Fee percentage for transactions (0.05 = 5%) Stripe publishable keySTRIPE_PUBLISHABLE_KEY="pk_live_your_key"
Stripe secret keySTRIPE_SECRET_KEY="sk_live_your_key"
Stripe webhook signing secretSTRIPE_SIGNING_KEY="whsec_your_key"
STRIPE_SIGNING_KEY_CONNECT
Stripe Connect webhook signing secretSTRIPE_SIGNING_KEY_CONNECT="whsec_your_connect_key"
Monitoring and Debugging
Sentry
Sentry DSN for error trackingNEXT_PUBLIC_SENTRY_DSN="http://spotlight:8969/stream"
Enable Sentry Spotlight for local development Miscellaneous
Rate limit for public API (requests per hour) NEXT_PUBLIC_DISCORD_SUPPORT
Discord support server invite linkNEXT_PUBLIC_DISCORD_SUPPORT="https://discord.gg/your-invite"
Polotno API key for image editing featuresNEXT_PUBLIC_POLOTNO="your-polotno-key"
Chrome extension ID for cookie-based platform integrationsEXTENSION_ID="your-extension-id"
Disable security features (development only)Never set to true in production!
Developer Settings
Enable NX plugins (monorepo development) Example Configuration
Here’s a minimal production-ready configuration:
# Required Settings
MAIN_URL="https://postiz.yourdomain.com"
FRONTEND_URL="https://postiz.yourdomain.com"
NEXT_PUBLIC_BACKEND_URL="https://postiz.yourdomain.com/api"
BACKEND_INTERNAL_URL="http://localhost:3000"
# Security
JWT_SECRET="your-super-long-random-secret-here"
# Database
DATABASE_URL="postgresql://postiz:secure_password@postiz-postgres:5432/postiz"
REDIS_URL="redis://postiz-redis:6379"
# Temporal
TEMPORAL_ADDRESS="temporal:7233"
# System
IS_GENERAL="true"
DISABLE_REGISTRATION="false"
# Storage
STORAGE_PROVIDER="cloudflare"
CLOUDFLARE_ACCOUNT_ID="your-account-id"
CLOUDFLARE_ACCESS_KEY="your-access-key"
CLOUDFLARE_SECRET_ACCESS_KEY="your-secret"
CLOUDFLARE_BUCKETNAME="postiz-uploads"
CLOUDFLARE_BUCKET_URL="https://uploads.yourdomain.com/"
CLOUDFLARE_REGION="auto"
# Social Media (add as needed)
X_API_KEY="your-x-api-key"
X_API_SECRET="your-x-api-secret"
LINKEDIN_CLIENT_ID="your-linkedin-id"
LINKEDIN_CLIENT_SECRET="your-linkedin-secret"
# Optional Features
OPENAI_API_KEY="sk-your-openai-key"
RESEND_API_KEY="re_your-resend-key"
EMAIL_FROM_ADDRESS="[email protected]"
Security Best Practices
- Never commit
.env files to version control
- Use strong random values for
JWT_SECRET
- Change default database passwords in production
- Enable HTTPS for all production deployments
- Restrict database access to localhost or private networks
- Regularly rotate secrets and API keys
Next Steps