EmberlyEmberly Docs

Environment Variables

Complete reference for all Emberly environment variables.

Emberly is configured through a combination of environment variables (required at startup) and the Admin Panel UI (applied at runtime, stored in the database). This page covers the environment variables.

Copy .env.template to .env to get started:

cp .env.template .env

Required Variables

These must be set before the app will start.

Database

VariableDescriptionExample
DATABASE_URLPostgreSQL connection stringpostgresql://user:pass@localhost:5432/emberly?schema=public

Cache

VariableDescriptionExample
REDIS_URLRedis connection stringredis://default:password@localhost:6379

Authentication

VariableDescriptionNotes
NEXTAUTH_URLThe canonical URL of your instancehttps://yourdomain.com
NEXT_PUBLIC_BASE_URLSame as NEXTAUTH_URL — used client-sidehttps://yourdomain.com
NEXTAUTH_SECRETRandom secret for JWT signingMinimum 32 characters. Generate with openssl rand -base64 32
NEXTAUTH_TRUSTED_ORIGINSComma-separated list of trusted originshttps://yourdomain.com

OAuth Providers

Required only if you want OAuth login. Both are optional — users can always sign up with email and password.

GitHub OAuth

VariableDescription
GITHUB_OAUTH_CLIENT_IDClient ID from your GitHub OAuth app
GITHUB_OAUTH_CLIENT_SECRETClient secret from your GitHub OAuth app

Create a GitHub OAuth app at github.com/settings/applications/new. Set the callback URL to https://yourdomain.com/api/auth/callback/github.

Discord OAuth

VariableDescription
DISCORD_OAUTH_CLIENT_IDClient ID from your Discord application
DISCORD_OAUTH_CLIENT_SECRETClient secret from your Discord application

Create a Discord application at discord.com/developers/applications. Set the redirect URL to https://yourdomain.com/api/auth/callback/discord.

Feature Flags

VariableDefaultDescription
EMBERLY_RUN_CLOUDfalseEnables cloud-specific features (marketing pages, managed billing UI). Set to false for self-hosted instances.
EMBERLY_RUN_EVENT_WORKERfalseRuns the background event worker in-process. Set to true to enable async jobs (OCR, email, bucket provisioning).

In production, set EMBERLY_RUN_EVENT_WORKER=true so that background jobs (OCR, expiration emails, storage bucket provisioning) actually run. Without it, uploads still work but async processing is skipped.

Optional Variables

Error Tracking (Sentry)

VariableDescription
NEXT_PUBLIC_SENTRY_DSNSentry DSN for frontend and API error reporting
SENTRY_ORGSentry organization slug (build-time only, for source map upload)
SENTRY_PROJECTSentry project name (build-time only)
SENTRY_AUTH_TOKENSentry auth token (build-time only, for CI source map upload)

Leave all Sentry variables empty to disable error tracking entirely.

File Scanning

VariableDescription
VIRUSTOTAL_API_KEYVirusTotal API key for malware scanning

Without this key, VirusTotal scanning is skipped and only local extension/MIME checks run. Uploads are still processed normally. For production instances, a VirusTotal API key is strongly recommended.

Admin Panel Configuration

The following are not environment variables. They are configured after the app is running via the Admin Panel under Settings → Integrations, and stored in the database:

IntegrationConfigured in Admin Panel
S3 / Object storageProvider, bucket name, endpoint, access keys, public URL
StripeSecret key, webhook secret, price IDs
Resend / SMTP emailAPI key, from address, SMTP credentials
CloudflareZone ID, API token, CNAME target
Storage pools (Vultr, Linode, OVHcloud)API keys, pool configuration

This means you do not need to restart the application to change integrations — they update live from the database.

Development vs Production

VariableDevelopmentProduction
NEXTAUTH_URLhttp://localhost:3000https://yourdomain.com
NEXT_PUBLIC_BASE_URLhttp://localhost:3000https://yourdomain.com
EMBERLY_RUN_CLOUDfalsefalse (unless you are running the managed cloud service)
EMBERLY_RUN_EVENT_WORKERoptionaltrue
VIRUSTOTAL_API_KEYoptionalrecommended

Example Production .env

DATABASE_URL="postgresql://emberly:strongpassword@localhost:5432/emberly?schema=public"
REDIS_URL="redis://default:strongpassword@localhost:6379"

NEXTAUTH_URL="https://files.yourdomain.com"
NEXT_PUBLIC_BASE_URL="https://files.yourdomain.com"
NEXTAUTH_SECRET="your-generated-secret-here"
NEXTAUTH_TRUSTED_ORIGINS="https://files.yourdomain.com"

GITHUB_OAUTH_CLIENT_ID="ghp_..."
GITHUB_OAUTH_CLIENT_SECRET="..."
DISCORD_OAUTH_CLIENT_ID="..."
DISCORD_OAUTH_CLIENT_SECRET="..."

EMBERLY_RUN_CLOUD=false
EMBERLY_RUN_EVENT_WORKER=true

VIRUSTOTAL_API_KEY="..."
NEXT_PUBLIC_SENTRY_DSN="https://...@sentry.io/..."

Previous

Production Deployment

Next

Storage Configuration

On this page