Configuration Reference
Complete reference for all environment variables, database settings, and service configurations for Licenz self-hosted deployments.
Environment Variables
All configuration is done through environment variables in the .env file:
# =============================================================================
# Licenz SaaS Environment Configuration
# =============================================================================
# -----------------------------------------------------------------------------
# Version (for Docker image tags)
# -----------------------------------------------------------------------------
VERSION=latest
# -----------------------------------------------------------------------------
# API Configuration
# -----------------------------------------------------------------------------
API_PORT=8080
# JWT Secret (REQUIRED - generate with: openssl rand -base64 64)
JWT_SECRET=your-secret-key-change-me-in-production
# Token expiry settings
ACCESS_TOKEN_EXPIRY_MINUTES=15
REFRESH_TOKEN_EXPIRY_DAYS=7
# Logging level (debug, info, warn, error)
RUST_LOG=licenz_saas_api=info,tower_http=info
# -----------------------------------------------------------------------------
# Web Frontend Configuration
# -----------------------------------------------------------------------------
WEB_PORT=3000
VITE_API_URL=/api
# -----------------------------------------------------------------------------
# PostgreSQL Configuration
# -----------------------------------------------------------------------------
POSTGRES_SUPERUSER=postgres
POSTGRES_SUPERUSER_PASSWORD=change-me-in-production
POSTGRES_USER=licenz
POSTGRES_PASSWORD=licenz
POSTGRES_DB=licenz
# Graxon database credentials
GRAXON_DB_USER=graxon
GRAXON_DB_PASSWORD=graxon
GRAXON_DB=graxon
# -----------------------------------------------------------------------------
# Redis Configuration
# -----------------------------------------------------------------------------
# REDIS_PASSWORD=your-redis-password
# -----------------------------------------------------------------------------
# Graxon Rules Engine
# -----------------------------------------------------------------------------
GRAXON_VERSION=0.0
GRAXON_LOG_LEVEL=graxon=info
# -----------------------------------------------------------------------------
# Payment Provider Webhooks (Optional)
# -----------------------------------------------------------------------------
# STRIPE_WEBHOOK_SECRET=whsec_...
# PADDLE_WEBHOOK_SECRET=...
# LEMONSQUEEZY_WEBHOOK_SECRET=...
# -----------------------------------------------------------------------------
# Backup Configuration
# -----------------------------------------------------------------------------
BACKUP_RETENTION_DAYS=30Required Variables
These variables must be set for Licenz to start:
| Variable | Description | Example |
|---|---|---|
JWT_SECRET | Secret key for JWT token signing (min 32 chars) | openssl rand -base64 64 |
POSTGRES_SUPERUSER_PASSWORD | PostgreSQL superuser password | secure-random-password |
API Configuration
| Variable | Default | Description |
|---|---|---|
API_PORT | 8080 | Port for the API server |
ACCESS_TOKEN_EXPIRY_MINUTES | 15 | JWT access token expiry in minutes |
REFRESH_TOKEN_EXPIRY_DAYS | 7 | JWT refresh token expiry in days |
RUST_LOG | info | Logging level (debug, info, warn, error) |
Database Configuration
PostgreSQL
| Variable | Default | Description |
|---|---|---|
POSTGRES_SUPERUSER | postgres | PostgreSQL superuser username |
POSTGRES_SUPERUSER_PASSWORD | - | PostgreSQL superuser password (required) |
POSTGRES_USER | licenz | Application database user |
POSTGRES_PASSWORD | licenz | Application database password |
POSTGRES_DB | licenz | Application database name |
Graxon Database
| Variable | Default | Description |
|---|---|---|
GRAXON_DB_USER | graxon | Graxon rules engine database user |
GRAXON_DB_PASSWORD | graxon | Graxon database password |
GRAXON_DB | graxon | Graxon database name |
Database Optimization
For production deployments, tune PostgreSQL for your workload:
# /etc/postgresql/16/main/postgresql.conf
# Memory Settings (adjust based on available RAM)
shared_buffers = 256MB
effective_cache_size = 768MB
maintenance_work_mem = 64MB
work_mem = 4MB
# Connection Settings
max_connections = 100
# Write-Ahead Log
wal_buffers = 16MB
checkpoint_completion_target = 0.9
# Query Planning
random_page_cost = 1.1 # For SSD storage
effective_io_concurrency = 200
# Logging
log_min_duration_statement = 1000 # Log queries over 1s
log_checkpoints = on
log_connections = on
log_disconnections = onMemory Calculation
Set shared_buffers to 25% of available RAM and effective_cache_size to 75% of available RAM for optimal performance.
Redis Configuration
| Variable | Default | Description |
|---|---|---|
REDIS_PASSWORD | - | Optional Redis authentication password |
Redis Optimization
Production Redis configuration for caching and rate limiting:
# redis.conf for production
# Memory management
maxmemory 128mb
maxmemory-policy allkeys-lru
# Persistence
appendonly yes
appendfsync everysec
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
# Security
requirepass your-redis-password
# Performance
tcp-keepalive 300
timeout 0Graxon Rules Engine
| Variable | Default | Description |
|---|---|---|
GRAXON_VERSION | 0.0 | Graxon Docker image version |
GRAXON_LOG_LEVEL | graxon=info | Graxon logging level |
Webhook Configuration
Configure webhooks for payment provider integration:
| Variable | Description |
|---|---|
STRIPE_WEBHOOK_SECRET | Stripe webhook signing secret (starts with whsec_) |
PADDLE_WEBHOOK_SECRET | Paddle webhook verification secret |
LEMONSQUEEZY_WEBHOOK_SECRET | LemonSqueezy webhook signing secret |
Logging Configuration
Control logging verbosity with the RUST_LOG environment variable:
# Logging levels for RUST_LOG environment variable
# Development (verbose)
RUST_LOG=licenz_saas_api=debug,tower_http=debug,sqlx=debug
# Production (balanced)
RUST_LOG=licenz_saas_api=info,tower_http=info
# Production (minimal)
RUST_LOG=licenz_saas_api=warn,tower_http=warn
# Trace specific modules
RUST_LOG=licenz_saas_api::auth=debug,licenz_saas_api::licenses=traceLog Levels
| Level | Description | Use Case |
|---|---|---|
error | Only errors | Production (minimal noise) |
warn | Warnings and errors | Production (recommended) |
info | General information | Production (default) |
debug | Debug information | Development/troubleshooting |
trace | Verbose tracing | Deep debugging only |
Network Configuration
The default Docker network configuration:
networks:
licenz-network:
driver: bridge
ipam:
config:
- subnet: 172.28.0.0/16Exposed Ports
| Service | Internal Port | External Port | Notes |
|---|---|---|---|
| API | 8080 | Configurable | Public-facing |
| Web | 80 | Configurable | Public-facing |
| PostgreSQL | 5432 | Not exposed | Internal only |
| Redis | 6379 | Not exposed | Internal only |
| Graxon | 9000 | Not exposed | Internal only |
Security Best Practices
Security Checklist
- Use strong, unique passwords for all services
- Generate JWT_SECRET with cryptographically secure random bytes
- Never expose database ports to the public internet
- Use TLS/SSL for all external connections
- Regularly rotate credentials and API keys
- Keep Docker images updated for security patches
Generating Secure Secrets
# Generate JWT secret
openssl rand -base64 64
# Generate database password
openssl rand -base64 32
# Generate Redis password
openssl rand -base64 24Volume Configuration
Persistent data is stored in Docker volumes:
| Volume | Path | Description |
|---|---|---|
licenz-postgres-data | /var/lib/postgresql/data | PostgreSQL database files |
licenz-redis-data | /data | Redis persistence data |
Custom Volume Locations
volumes:
postgres_data:
driver: local
driver_opts:
type: none
o: bind
device: /path/to/your/postgres/data