Storyden

- section: General description: |- These settings general infrastructure-level configuration settings for managing a Storyden deployment. fields: - env: "LOG_LEVEL" name: LogLevel type: log/slog.Level default: info description: |- Can be set to either: - `debug` - `info` - `warn` - `error` - env: "LOG_FORMAT" name: LogFormat type: string description: |- Can be set to either: - `(not set)` (default) somewhat human readable "logfmt" format logs for simple setups - `dev` for developer-friendly logs, with colours and attributes on separate lines for readability - `json` for machine-readable logs, mainly for log aggregators, etc. - env: "RUN_FRONTEND" name: RunFrontend type: string default: "" description: |- Determines whether or not the backend service will also start the frontend Node.js process. When empty, it will not When a path is provided, Storyden will execute `node <path>` to start the frontend process. This is used by the fullstack Docker image to start the frontend process in the same container as the backend. - env: "PROXY_FRONTEND_ADDRESS" name: FrontendProxy type: net/url.URL default: "" description: |- Used in conjunction with `RUN_FRONTEND`. This is the address that the frontend will be available at. This is used by the fullstack Docker image to proxy requests that don't match any `/api` or other routes to the frontend process. In the default `fullstack` image, this is set to `http://localhost:3000` which is the default port for the Next.js process. - section: Development tools description: |- Configuration settings for aiding in development of Storyden clients. fields: - env: "DEV_CHAOS_SLOW_MODE" name: DevChaosSlowMode type: time.Duration description: |- Simulates slow requests. This will add a random delay between zero and this value to all requests. This is useful for testing how the client handles slow responses. - env: "DEV_CHAOS_FAIL_RATE" name: DevChaosFailRate type: float64 description: |- A value between 0 and 1 which simulates failed requests. This will add a random failure to all requests. This is useful for testing how the client handles "internal server error" responses. - section: Core configuration description: |- Configuration settings for core functionality, pretty much all of these will need to be configured for production installations, excepting perhaps `LISTEN_ADDR`. fields: - env: "DATABASE_URL" name: DatabaseURL type: string default: sqlite://data/data.db?_pragma=foreign_keys(1) description: |- The database URL to connect to. This can be a SQLite, PostgreSQL, or CockroachDB URL. The accepted schemes for this URL are: - `sqlite://` or `sqlite3://` for SQLite or Litestream. - `postgres://` or `postgresql://` for PostgreSQL, CockroachDB and any other PostgreSQL-compatible database - `libsql://` for Turso remote SQLite. **Note:** This is currently experimental, only remote Turso databases are supported. - env: "LISTEN_ADDR" name: ListenAddr type: string default: "0.0.0.0:8000" description: |- The interface on which the API service will for HTTP requests. Typically, in a containerised environment, this should be all interfaces (`0.0.0.0`.) - env: "PUBLIC_WEB_ADDRESS" name: PublicWebAddress type: net/url.URL default: http://localhost:3000 description: |- The address at which the web frontend will be hosted. This must be set to the public URL that users of the instance will access the frontend client. It is used to determine things such as cookie domain attributes, CORS policy, WebAuthn attributes and other necessary settings. The scheme may be used by some internal components to determine whether the instance is running in a secure context or not. This is by default `http://localhost:3000` when running locally, or when deploying to production, `https://<your-domain>`. - env: "PUBLIC_API_ADDRESS" name: PublicAPIAddress type: net/url.URL default: http://localhost:8000 description: |- The address at which the public API will be accessible. This is also used for things such as cookies, CORS, etc. Please note that both the public API address and public web address must share the same root domain name as Storyden cookies are configured to be issued under this assumption. It also makes a lot of cross-origin and cookie configurations easier to make secure. - section: Rate limiting description: |- You can (and should) set rate limiting parameters for any production deployment. Storyden uses a sliding-window-incrementing-counters algorithm to track usage by members and bots which is friendly to bursts of activity while still preventing persistent abuse patterns. The default values should be sufficient for a small to medium-sized deployment, but you may want to increase them for larger deployments while maintaining adequate hardware and database resources. Currently, rate limits are applied based on the client's IP address (taking into account various proxy-forwarded headers.) The rate limiter will store its state in-memory unless a `CACHE_PROVIDER` is configured. In that case, the rate limiter will store its state in the cache provider. fields: - env: "RATE_LIMIT" name: RateLimit type: int default: "1000" description: |- The amount of requests that a user can make within the `RATE_LIMIT_PERIOD`. - env: "RATE_LIMIT_PERIOD" name: RateLimitPeriod type: time.Duration default: "1h" description: |- The period of time in which the `RATE_LIMIT` is applied. This is a sliding window, so the `RATE_LIMIT` is applied to the last `RATE_LIMIT_PERIOD` of requests. - env: "RATE_LIMIT_EXPIRE" name: RateLimitExpire type: time.Duration default: "1m" description: |- The expiry time of the rate limit counters. - section: Telemetry and monitoring description: |- Configuration for monitoring via OpenTelemetry-compatible software. fields: - env: "OTEL_PROVIDER" name: OTELProvider type: string default: "" description: |- Either: - `otlp` for any standard OpenTelemetry collector. - `sentry` for Sentry (which is OpenTelemetry-compatible, however requires its own specific configuration.) - `logger` for local logging to the console. This is only really useful for Storyden developers and is very noisy. - env: "OTEL_EXPORTER_OTLP_ENDPOINT" name: OTELEndpoint type: net/url.URL default: "" description: |- The collector endpoint for sending OTEL data. - env: "SENTRY_DSN" name: SentryDSN type: string default: "" description: |- When `OTEL_PROVIDER` is set to `sentry`, this is the DSN for the Sentry project. - section: Email description: |- Email sending configuration. This must be enabled in order to enable email-based authentication and password reset functionality. When enabling email features, you must also set `JWT_SECRET` as this is used to sign the email tokens for password resets and other features. fields: - env: "EMAIL_PROVIDER" name: EmailProvider type: string description: |- Either: - unset (default) for no email sending. Email sending is not a requirement for a production deployment. - `sendgrid` for SendGrid based email sending. - `mock` for logging emails to the console. Only useful for Storyden developers and testing. - env: "SENDGRID_FROM_NAME" name: SendGridFromName type: string description: |- The name that will be used as the sender name for emails sent via SendGrid. This is typically the name of your community or organisation. - env: "SENDGRID_FROM_ADDRESS" name: SendGridFromAddress type: string description: |- The email address that will be used as the sender address for emails sent via SendGrid. This is typically a no-reply address, such as `no-reply@<your-domain>`. - env: "SENDGRID_API_KEY" name: SendGridAPIKey type: string description: |- The API key for the SendGrid account. This is required for sending emails via SendGrid. This is typically a long string of characters that you can generate in the SendGrid dashboard. - section: Authentication description: |- Authentication providers configuration. These are all optional, you can choose to enable any combination of them to allow members of your community to sign up and sign in using a third party provider. In order to enable any of these providers, you must set a JWT secret. This is used to sign the state objects for validating the OAuth2 flow. fields: - env: "JWT_SECRET" name: JWTSecret type: "[]byte" description: |- The secret key used to sign JWT tokens. This is used for authentication and should be kept secret. This is typically a long string of characters that you can generate using a secure random generator such as `openssl rand -hex 12`. The JWT secret is required if you enable any of the OAuth providers or enable email features. This is because JWTs are used to verify callbacks as well as verify password-reset and other tokens. - env: OAUTH_GOOGLE_ENABLED name: GoogleEnabled type: bool description: |- Enable Google SSO authentication. - env: OAUTH_GOOGLE_CLIENT_ID name: GoogleClientID type: string description: |- The client ID for the Google OAuth2 application. - env: OAUTH_GOOGLE_CLIENT_SECRET name: GoogleClientSecret type: string description: |- The client secret for the Google OAuth2 application. - env: OAUTH_GITHUB_ENABLED name: GitHubEnabled type: bool description: |- Enable GitHub SSO authentication. - env: OAUTH_GITHUB_CLIENT_ID name: GitHubClientID type: string description: |- The client ID for the GitHub OAuth2 application. - env: OAUTH_GITHUB_CLIENT_SECRET name: GitHubClientSecret type: string description: |- The client secret for the GitHub OAuth2 application. - env: OAUTH_DISCORD_ENABLED name: DiscordEnabled type: bool description: |- Enable Discord SSO authentication. - env: OAUTH_DISCORD_CLIENT_ID name: DiscordClientID type: string description: |- The client ID for the Discord OAuth2 application. - env: OAUTH_DISCORD_CLIENT_SECRET name: DiscordClientSecret type: string description: |- The client secret for the Discord OAuth2 application. # Keycloak OIDC provider (uses discovery) - env: OAUTH_KEYCLOAK_ENABLED name: KeycloakEnabled type: bool description: |- Enable Keycloak OIDC authentication. - env: OAUTH_KEYCLOAK_CLIENT_ID name: KeycloakClientID type: string description: |- The client ID for the Keycloak OAuth2 application. - env: OAUTH_KEYCLOAK_CLIENT_SECRET name: KeycloakClientSecret type: string description: |- The client secret for the Keycloak OAuth2 application. - env: OAUTH_KEYCLOAK_ISSUER_URL name: KeycloakIssuerURL type: net/url.URL description: |- The issuer/discovery URL for the Keycloak realm (e.g. https://auth.example.com/realms/YourRealm). - section: SMS description: |- SMS sending configuration. This must be enabled in order to support SMS-based authentication. fields: - env: "SMS_PROVIDER" name: SMSProvider type: string description: |- Either: - unset (default) for no SMS sending. SMS sending is not a requirement for a production deployment. - `twilio` for Twilio based SMS sending. - `mock` for logging SMS to the console. Only useful for Storyden developers and testing. - env: "TWILIO_ACCOUNT_SID" name: TwilioAccountSID type: string description: |- The account SID for the Twilio account. This is typically a long string of characters that you can view in the Twilio dashboard. - env: "TWILIO_PHONE_NUMBER" name: TwilioPhoneNumber type: string description: |- The phone number that will be used as the sender number for SMS sent via Twilio. - env: "TWILIO_AUTH_TOKEN" name: TwilioAuthToken type: string description: |- The auth token for the Twilio account. This is required for sending SMS via Twilio. This is typically a long string of characters that you can generate in the Twilio dashboard. - section: Assets/file storage description: |- Configuration for storing files such as avatars, uploaded images, etc. fields: - env: "ASSET_STORAGE_TYPE" name: AssetStorageType type: string description: |- Either: - `local` for local file storage. - `s3` for any Amazon S3-compatible storage, such as S3 itself (obviously...), Google Cloud Storage, Cloudflare R2, Minio, etc. - env: "ASSET_STORAGE_LOCAL_PATH" name: AssetStorageLocalPath type: string description: |- When `ASSET_STORAGE_TYPE` is set to `local`, this is the path to the directory where files will be stored. - env: "S3_SECURE" name: S3Secure type: bool default: "true" description: |- When `ASSET_STORAGE_TYPE` is set to `s3`, this determines whether or not to use HTTPS for the S3 connection. You should always set this to `true` unless your S3-compatible storage provider is internally but not publicly accessible, such as in a Kubernetes cluster or running on the same host. - env: "S3_ENDPOINT" name: S3Endpoint type: string description: |- The endpoint for the S3-compatible storage provider. This is typically the base URL of the provider, such as `https://s3.amazonaws.com` for AWS S3, or `https://storage.googleapis.com` for Google Cloud Storage, etc. - env: "S3_BUCKET" name: S3Bucket type: string description: |- The bucket name for Storyden assets to be stored in. - env: "S3_REGION" name: S3Region type: string description: |- Most S3-compatible storage providers require a region to be specified. This is typically the region in which the bucket is located, such as `us-east-1` for AWS S3. However, some providers do not use regions but S3-compatible clients still require this to be set. In most cases, the provider will give you a value for this, such as `auto` when using Cloudflare R2. - env: "S3_ACCESS_KEY" name: S3AccessKey type: string description: |- The access key for the S3-compatible storage provider. - env: "S3_SECRET_KEY" name: S3SecretKey type: string description: |- The secret key for the S3-compatible storage provider. - section: Cache description: |- Configuration for cachine. Caching is optional in Storyden, but is recommended for larger deployments to reduce process memory usage. fields: - env: "CACHE_PROVIDER" name: CacheProvider type: string default: "" description: |- When empty, caching will use an efficient in-memory store. This is usually fine for small to medium-sized deployments however it's worth keeping an eye on your deployment's machine memory usage. When set to `redis`, Storyden will use Redis as a cache provider. This is recommended for larger deployments that receive a lot of traffic. The cache provider is also used for the rate limiter so that it can be shared across multiple instances of Storyden. This is necessary for deploying replica instances of Storyden that are backed by the same persistence layers (database, asset storage, etc.) - env: "REDIS_URL" name: RedisURL type: net/url.URL default: "" description: |- The Redis URL to connect to. This is a full URL with `redis://` as the scheme. You can set the username and password using the URL format, for example: `redis://<username>:<password>@<host>:<port>`. - section: Message queue description: |- Configuration for message/job queue. This is not required for Storyden to run, but it can improve performance, reliability and reduce memory usage in larger deployments. fields: - env: "QUEUE_TYPE" name: QueueType type: string default: "internal" description: |- Either: - Default (no value): in-memory Go channels. This is fast and efficient, but not persistent across restarts and will add a bit of memory usage to the process. - `amqp`: RabbitMQ. This is a persistent message queue that is fast and reliable. It is recommended for larger deployments and is necessary for deploying replica instances of Storyden. - env: "AMQP_URL" name: AmqpURL type: string default: amqp://guest:guest@localhost:5672/ description: |- The RabbitMQ URL to connect to. This is a full URL with `amqp://` as the scheme. You can set the username and password using the URL format, for example: `amqp://<username>:<password>@<host>:<port>`. The default value is `amqp://guest:guest@localhost:5672/` which is the default RabbitMQ URL. Storyden does not currently support `amqps://` (secure) URLs, but this will be added soon. - env: "QUEUE_MAX_RETRIES" name: QueueMaxRetries type: int default: "5" description: |- The maximum number of times a failed message will be retried before being moved to the dead letter queue. Messages are retried with exponential backoff starting at 1 second and doubling each time up to a maximum of 1 minute between retries. - env: "QUEUE_RETRY_INITIAL_INTERVAL" name: QueueRetryInitialInterval type: time.Duration default: "1s" description: |- The initial interval to wait before the first retry attempt. - env: "QUEUE_RETRY_MAX_INTERVAL" name: QueueRetryMaxInterval type: time.Duration default: "1m" description: |- The maximum interval to wait between retry attempts. The exponential backoff will not exceed this value. - section: Artificial intelligence/language models description: |- Configuration for optional AI features. These can be useful for organising large amounts of library pages and threads, but it can also provide other features such as recommendations and ask-based conversational searching. fields: - env: "MCP_ENABLED" name: MCPEnabled type: bool default: false description: |- Enables the Model Context Provider server, accessible via SSE at `/mcp`. This is used to integrate Storyden into agentic workflow engines and other language model tooling. See [the documentation](https://storyden.org/docs/introduction/mcp) for more information. - env: "LANGUAGE_MODEL_PROVIDER" name: LanguageModelProvider type: string description: |- The provider for language model features. `openai` is currently the only supported provider. - env: "OPENAI_API_KEY" name: OpenAIKey type: string description: |- When `LANGUAGE_MODEL_PROVIDER` is set to `openai`, this is the API key for the OpenAI API. - env: "ASKER_PROVIDER" name: AskerProvider type: string default: "" description: |- The Asker feature provides a conversational interface for exploring the community's content across library pages, threads, links, profiles, etc. It is separate from the language model provider as some providers support different features. This can be set to either: - `openai` for OpenAI - `perplexity` for Perplexity AI - note that Perplexity does not currently support all the features necessary to be a `LANGUAGE_MODEL_PROVIDER` so it is only available as an `ASKER_PROVIDER`. - env: "PERPLEXITY_API_KEY" name: PerplexityAPIKey type: string description: |- If `ASKER_PROVIDER` is set to `perplexity`, this is the API key for the Perplexity API. - section: Semdex description: |- The Semdex is a semantic index that provides vector-based storage of content. This is used for things like recommendations, search, etc. The Semdex works with the language model provider to create embeddings of content. Thus, enabling the Semdex requires a `LANGUAGE_MODEL_PROVIDER` to be set. fields: - env: "SEMDEX_PROVIDER" name: SemdexProvider type: string default: "" description: |- Either: - `chromem` for an experimental local vector database. This is not recommended for use in large deployments as it's rather slow and memory-hungry. - `weaviate` for Weaviate, a self-hostable or managed vector database. - `pinecone` for Pinecone, a fully managed vector database. - section: Local Semdex description: |- Configuration for when `SEMDEX_PROVIDER` is set to `chromem`. fields: - env: "SEMDEX_LOCAL_PATH" name: SemdexLocalPath type: string default: data/semdex description: |- The path to the directory where Chromem will store vector indexes. - section: Weaviate Semdex description: |- Configuration for when `SEMDEX_PROVIDER` is set to `weaviate`. fields: - env: "WEAVIATE_URL" name: WeaviateURL type: string description: |- The Weaviate API URL. This can be set to a self-hosted instance of Weaviate or the Weaviate Cloud API. - env: "WEAVIATE_API_TOKEN" name: WeaviateToken type: string description: |- For self-hosted Weaviate where authentication is enabled, or when using Weaviate Cloud. - env: "WEAVIATE_CLASS_NAME" name: WeaviateClassName type: string description: |- The class name for Weaviate. This value actually controls which model is used for embeddings and other configuration. In future, there will be a more flexible configuration for Weaviate. Value values are: - `text2vec-transformers`: requires that the Weaviate instance is using the `text2vec-transformers` module. This is for calculating embeddings locally using a GPU (or very slowly, using a CPU.) This is only available when self-hosting Weaviate. - `text2vec-openai`: requires that the Weaviate instance is using the `text2vec-openai` module. This uses OpenAI's API to calculate embeddings. This works on both self-hosted and Weaviate Cloud instances. - section: Pinecone Semdex description: |- Configuration for when `SEMDEX_PROVIDER` is set to `pinecone`. fields: - env: "PINECONE_API_KEY" name: PineconeAPIKey type: string description: |- Your Pinecone API key. This is required for all Pinecone API requests. - env: "PINECONE_INDEX" name: PineconeIndex type: string description: |- The index name that Storyden will use in your Pinecone workspace. - env: "PINECONE_DIMENSIONS" name: PineconeDimensions type: int32 description: |- This value is dependent on the underlying OpenAI configuration. Currently this is static and set to 3072 dimensions. In future, Storyden will provide more flexible configuration for language model providers. - env: "PINECONE_CLOUD" name: PineconeCloud type: string description: |- Pinecone provides hosting on different cloud providers, see the Pinecone documentation for more information. The cloud provider you choose will be reflected in your Pinecone dashboard. - env: "PINECONE_REGION" name: PineconeRegion type: string description: |- Same as above, but for the region. As with any third party providers, it's recommended to choose the region closest to both your Storyden deployment and your community members for best performance and experience.