-
Notifications
You must be signed in to change notification settings - Fork 1
Configuration
Sambal is configured using environment variables and tries to follow 12-factor design.
Optionally change the default HOST and PORT the web application is served on.
SAMBAL_HOST=127.0.0.1
SAMBAL_PORT=8000
If you want to serve on all interfaces, set SAMBAL_HOST=0.0.0.0 as the host.
Redis is used for user sessions and is configured using a connection string:
SAMBAL_REDIS_URL=redis://:password@host/0
Make sure you put a password on Redis! don't just leave it open.
Redis alternatives like Valkey may also be used as it matures but remains untested at this point.
Others include KeyDB and DragonflyDB.
Sessions are signed using SAMBAL_SESSION_SECRET, the application won't start if this is empty or not set.
A second secret SAMBAL_AUTH_SECRET for the authtkt cookie also needs to be set. Please set this to a different secret, don't re-use the session secret.
Example:
SAMBAL_SESSION_SECRET=session-secret-goes-here
SAMBAL_AUTH_SECRET=authtkt-secret-goes-here
Use a unique set of secrets for every installation and don't ever let secrets leak or put them in git.
If SAMBAL_HTTPS is set to True it will set secure on both the session and auth-tkt cookies, this setting defaults to False.
If SAMBAL_HSTS is set to True it will also set HTTP Strict-Transport-Security headers in addition, this does not make sense if SAMBAL_HTTPS is False.