Env variables
Main Panel (aka Backend)
App Port
Port for the main panel inside Docker container.
APP_PORT=3000
Metrics port
Port for the metrics inside Docker container.
METRICS_PORT=3001
API Instances
Number of API instances to run.
Possible values:
max(start instances on all cores)<number>(start instances on number of cores)-1(start instances on all cores - 1)
Leave default value to start 1 instance.
Most users will not need to change this value, it can help to achieve better performance with 40k+ users.
Do not set this value more that physical cores count in your machine.
API_INSTANCES=1
DATABASE_URL
Database URL. Supported only Postgres.
Format: postgresql://{user}:{password}@{host}:{port}/{database}
DATABASE_URL="postgresql://postgres:postgres@remnawave-db:5432/postgres"
JWT
Be sure to change the secrets.
It is recommended to use a random string generator to create the secrets with a minimum length of 64 characters.
This values are used to sign/verify the JWT tokens.
Do not use default credentials in production. Be sure to generate strong secrets!
You can generate secrets with the following command:
openssl rand -hex 64
JWT_AUTH_SECRET=change_me
JWT_API_TOKENS_SECRET=change_me
Telegram
This values are used to send notifications to the Telegram bot.
You can set up the same chat id for TELEGRAM_ADMIN_ID and NODES_NOTIFY_CHAT_ID.
NODES_NOTIFY_CHAT_ID is used to send notifications of nodes status changes, so it is recommended to set it up to a channel with turned on notifications.
IS_TELEGRAM_ENABLED is used to enable/disable Telegram notifications. Possible values: true, false.
IS_TELEGRAM_ENABLED=false
TELEGRAM_BOT_TOKEN=change_me
TELEGRAM_ADMIN_ID=change_me
NODES_NOTIFY_CHAT_ID=change_me
FRONT_END_DOMAIN
Frontend domain, used by Helmet middleware.
Example: FRONT_END_DOMAIN=panel.example.com
FRONT_END_DOMAIN=*
SUBSCRIPTION INFO
This values will be passed to response headers in subscription response.
A lot of clients relay on these headers.
For example, SUB_UPDATE_INTERVAL is used to update subscription in Streisand, Clash Verge and other clients.
SUB_SUPPORT_URL=https://support.example.com
SUB_PROFILE_TITLE=Subscription Profile
SUB_UPDATE_INTERVAL=12
SUB_WEBPAGE_URL=https://example.com
SUBSCRIPTION PUBLIC DOMAIN
Default path for subscription URL is /api/sub/<sub uuid>.
This value is used for a easy access to subscription URL in Frontend and API.
Must be a valid domain, without http/https. Do not place / to end of domain/path.
SUB_PUBLIC_DOMAIN=example.com/api/sub
User statuses
It can be used to customize user statuses remarks, which will see user if their status in not ACTIVE.
Must be an array of strings, each string is a remark.
EXPIRED_USER_REMARKS=["⚠️ Subscription expired","Contact support"]
DISABLED_USER_REMARKS=["❌ Subscription disabled","Contact support"]
LIMITED_USER_REMARKS=["🔴 Subscription limited","Contact support"]
Admin credentials
Be sure to change the credentials.
Do not use default credentials in production.
SUPERADMIN_USERNAME=change_me
SUPERADMIN_PASSWORD=change_me
Docs
Enable docs.
IS_DOCS_ENABLED=true
If IS_DOCS_ENABLED is true, you can set up the paths to SwaggerUI and Scalar.
You can freely explore all the API routes and endpoints.
Check out API Keys page in admin dashboard with enabled IS_DOCS_ENABLED for quick route to documentation.
SWAGGER_PATH=/docs
SCALAR_PATH=/scalar
PROMETHEUS
Metrics are enabled by default, currently you can't disable them.
You can set up the credentials to access the metrics.
Do not use default credentials in production.
You can generate secrets with the following command:
openssl rand -hex 64
METRICS_USER=admin
METRICS_PASS=change_me
Metrics are available at /metrics path on METRICS_PORT.
Sample Prometheus config:
global:
# scrape_interval: 15s
scrape_timeout: 10s
evaluation_interval: 15s
scrape_configs:
- job_name: 'remnawave'
scheme: http
metrics_path: /api/metrics
static_configs:
- targets: ['remnawave:3001']
scrape_interval: 30s
basic_auth:
username: admin
password: change_me
Webhook
Enable webhook.
Possible values: true, false.
WEBHOOK_ENABLED=false
If webhook is enabled, you must set up the URL and secret.
Do not use default credentials in production.
WEBHOOK_SECRET_HEADER is used to sign the webhook payload, must be at least 32 characters. Only a-z, 0-9, A-Z are allowed.
You can generate secrets with the following command:
openssl rand -base64 64
WEBHOOK_URL=https://webhook.site/1234567890
WEBHOOK_SECRET_HEADER=vsmu67Kmg6R8FjIOF1WUY8LWBHie4scdEqrfsKmyf4IAf8dY3nFS0wwYHkhh6ZvQ
Shared environment variables
These variables are not used by Remnawave iteself, but can be used by Postgres database or Cloudflare Tunnel, if you will run them from the same docker-compose.yml file.
CLOUDFLARE_TOKEN=ey...
POSTGRES_USER=username
POSTGRES_PASSWORD=password
POSTGRES_DB=database_name
Node
APP_PORT
Port for the node inside Docker container.
APP_PORT=3000
SSL_CERT
It can be retrieved from the main panel.
Do not share your certificate with anyone.
SSL_CERT=PUT CERTIFICATE HERE