.env File Configuration
Welcome to the comprehensive guide for configuring your application’s environment with the .env
file. This document is your one-stop resource for understanding and customizing the environment variables that will shape your application’s behavior in different contexts.
While the default settings provide a solid foundation for a standard docker
installation, delving into this guide will unveil the full potential of LibreChat. This guide empowers you to tailor LibreChat to your precise needs. Discover how to adjust language model availability, integrate social logins, manage the automatic moderation system, and much more. It’s all about giving you the control to fine-tune LibreChat for an optimal user experience.
Reminder: Please restart LibreChat for the configuration changes to take effect
Alternatively, you can create a new file named docker-compose.override.yml
in the same directory as your main docker-compose.yml
file for LibreChat, where you can set your .env variables as needed under environment
, or modify the default configuration provided by the main docker-compose.yml
, without the need to directly edit or duplicate the whole file.
For more info see:
-
Our quick guide:
-
The official docker documentation:
-
You can also view an example of an override file for LibreChat in your LibreChat folder and on GitHub:
Server Configuration
Port
- The server listens on a specific port.
- The
PORT
environment variable sets the port where the server listens. By default, it is set to3080
.
Key | Type | Description | Example |
---|---|---|---|
HOST | string | Specifies the host. | HOST=localhost |
PORT | number | Specifies the port. | PORT=3080 |
Static File Handling
Key | Type | Description | Example |
---|---|---|---|
STATIC_CACHE_MAX_AGE | string | Cache-Control max-age in seconds | STATIC_CACHE_MAX_AGE=172800 |
STATIC_CACHE_S_MAX_AGE | string | Cache-Control s-maxage in seconds for shared caches (CDNs and proxies) | STATIC_CACHE_S_MAX_AGE="86400" |
DISABLE_COMPRESSION | boolean | Disables compression for static files. | DISABLE_COMPRESSION=false |
Behaviour:
Sets the Cache-Control headers for static files. These configurations only trigger when the NODE_ENV
is set to production
.
- Uncomment
STATIC_CACHE_MAX_AGE
to change the localmax-age
for static files. By default this is set to 2 days (172800 seconds). - Uncomment
STATIC_CACHE_S_MAX_AGE
to set thes-maxage
for shared caches (CDNs and proxies). By default this is set to 1 day (86400 seconds). - Uncomment
DISABLE_COMPRESSION
to disable compression for static files. By default, compression is enabled.
Index HTML Cache Control
Key | Type | Description | Example |
---|---|---|---|
INDEX_HTML_CACHE_CONTROL | string | Cache-Control header for index.html | INDEX_HTML_CACHE_CONTROL=no-cache, no-store, must-revalidate |
INDEX_HTML_PRAGMA | string | Pragma header for index.html | INDEX_HTML_PRAGMA=no-cache |
INDEX_HTML_EXPIRES | string | Expires header for index.html | INDEX_HTML_EXPIRES=0 |
Behaviour:
Controls caching headers specifically for the index.html response. By default, these settings prevent caching to ensure users always get the latest version of the application.
MongoDB Database
Key | Type | Description | Example |
---|---|---|---|
MONGO_URI | string | Specifies the MongoDB URI. | MONGO_URI=mongodb://127.0.0.1:27017/LibreChat |
Change this to your MongoDB URI if different. You should add LibreChat
or your own APP_TITLE
as the database name in the URI.
If you are using an online database, the URI format is mongodb+srv://<username>:<password>@<host>/<database>?<options>
. Your MONGO_URI
should look like this:
mongodb+srv://username:[email protected]/LibreChat?retryWrites=true
(retryWrites
is the only option you need when using the online database.)
Alternatively you can use documentDb
that emulates mongoDb
but it:
- does not support
retryWrites
- useretryWrites=false
- requires TLS connection, hence use parameters
tls=true
to enable TLS andtlsCAFile=/path-to-ca/bundle.pem
to point to the AWS provided CA bundle file
The URI for documentDb
will look like:
mongodb+srv://username:password@domain/dbname?retryWrites=false&tls=true&tlsCAFile=/path-to-ca/bundle.pem
See also:
- MongoDB Atlas for instructions on how to create an online MongoDB Atlas database (useful for use without Docker)
- MongoDB Community Server for instructions on how to create a local MongoDB database (without Docker)
- MongoDB Authentication To enable explicit authentication for MongoDB in Docker.
- Manage your database with Mongo Express for securely accessing your Docker MongoDB database
Application Domains
To configure LibreChat for local use or custom domain deployment, set the following environment variables:
Key | Type | Description | Example |
---|---|---|---|
DOMAIN_CLIENT | string | Specifies the client-side domain. | DOMAIN_CLIENT=http://localhost:3080 |
DOMAIN_SERVER | string | Specifies the server-side domain. | DOMAIN_SERVER=http://localhost:3080 |
When deploying LibreChat to a custom domain, replace http://localhost:3080
with your deployed URL
- e.g.
https://librechat.example.com
.
Prevent Public Search Engines Indexing
By default, your website will not be indexed by public search engines (e.g. Google, Bing, …). This means that people will not be able to find your website through these search engines. If you want to make your website more visible and searchable, you can change the following setting to false
Key | Type | Description | Example |
---|---|---|---|
NO_INDEX | boolean | Prevents public search engines from indexing your website. | NO_INDEX=true |
❗Note: This method is not guaranteed to work for all search engines, and some search engines may still index your website or web page for other purposes, such as caching or archiving. Therefore, you should not rely solely on this method to protect sensitive or confidential information on your website or web page.
Logging
LibreChat has built-in central logging, see Logging System for more info.
Log Files
- Debug logging is enabled by default and crucial for development.
- To report issues, reproduce the error and submit logs from
./api/logs/debug-%DATE%.log
at: LibreChat GitHub Issues - Error logs are stored in the same location.
Environment Variables
Key | Type | Description | Example |
---|---|---|---|
DEBUG_LOGGING | boolean | Keep debug logs active. | DEBUG_LOGGING=true |
DEBUG_CONSOLE | boolean | Enable verbose console/stdout logs in the same format as file debug logs. | DEBUG_CONSOLE=false |
CONSOLE_JSON | boolean | Enable verbose JSON console/stdout logs suitable for cloud deployments like GCP/AWS. | CONSOLE_JSON=false |
Note:
DEBUG_LOGGING
can be used with eitherDEBUG_CONSOLE
orCONSOLE_JSON
but not both.DEBUG_CONSOLE
andCONSOLE_JSON
are mutually exclusive.CONSOLE_JSON
: When handling console logs in cloud deployments (such as GCP or AWS), enabling this will dump the logs with a UTC timestamp and format them as JSON.
Note: DEBUG_CONSOLE
is not recommended, as the outputs can be quite verbose, and so it’s disabled by default.
Permission
UID and GID are numbers assigned by Linux to each user and group on the system. If you have permission problems, set here the UID and GID of the user running the Docker Compose command. The applications in the container will run with these UID/GID.
Key | Type | Description | Example |
---|---|---|---|
UID | number | The user ID. | # UID=1000 |
GID | number | The group ID. | # GID=1000 |
Configuration Path - librechat.yaml
Specify an alternative location for the LibreChat configuration file.
You may specify an absolute path, a relative path, or a URL. The filename in the path is flexible and does not have to be librechat.yaml
; any valid configuration file will work.
Note: If you prefer LibreChat to search for the configuration file in the root directory (which is the default behavior), simply leave this option commented out.
Key | Type | Description | Example |
---|---|---|---|
CONFIG_PATH | string | An alternative location for the LibreChat configuration file. | # CONFIG_PATH=https://raw.githubusercontent.com/danny-avila/LibreChat/main/librechat.example.yaml |
Endpoints
In this section, you can configure the endpoints and models selection, their API keys, and the proxy and reverse proxy settings for the endpoints that support it.
General Config
Uncomment ENDPOINTS
to customize the available endpoints in LibreChat.
Key | Type | Description | Example |
---|---|---|---|
ENDPOINTS | string | Comma-separated list of available endpoints. | # ENDPOINTS=openAI,assistants,gptPlugins,azureOpenAI,google,anthropic,bingAI,custom |
PROXY | string | Proxy setting for all endpoints. | PROXY= |
TITLE_CONVO | boolean | Enable titling for all endpoints. | TITLE_CONVO=true |
Known Endpoints - librechat.yaml
- see also: Custom Endpoints & Configuration
Key | Type | Description | Example |
---|---|---|---|
ANYSCALE_API_KEY | string | API key for Anyscale. | # ANYSCALE_API_KEY= |
APIPIE_API_KEY | string | API key for Apipie. | # APIPIE_API_KEY= |
COHERE_API_KEY | string | API key for Cohere. | # COHERE_API_KEY= |
FIREWORKS_API_KEY | string | API key for Fireworks. | # FIREWORKS_API_KEY= |
GROQ_API_KEY | string | API key for Groq. | # GROQ_API_KEY= |
MISTRAL_API_KEY | string | API key for Mistral. | # MISTRAL_API_KEY= |
OPENROUTER_KEY | string | API key for OpenRouter. | # OPENROUTER_KEY= |
PERPLEXITY_API_KEY | string | API key for Perplexity. | # PERPLEXITY_API_KEY= |
SHUTTLEAI_API_KEY | string | API key for ShuttleAI. | # SHUTTLEAI_API_KEY= |
TOGETHERAI_API_KEY | string | API key for TogetherAI. | # TOGETHERAI_API_KEY= |
Anthropic
see: Anthropic Endpoint
- You can request an access key from https://console.anthropic.com/
- Leave
ANTHROPIC_API_KEY=
blank to disable this endpoint - Set
ANTHROPIC_API_KEY=
to “user_provided” to allow users to provide their own API key from the WebUI - If you have access to a reverse proxy for
Anthropic
, you can set it withANTHROPIC_REVERSE_PROXY=
- leave blank or comment it out to use default base url
Key | Type | Description | Example |
---|---|---|---|
ANTHROPIC_API_KEY | string | Anthropic API key or "user_provided" to allow users to provide their own API key. | Defaults to an empty string. |
ANTHROPIC_MODELS | string | Comma-separated list of Anthropic models to use. | # ANTHROPIC_MODELS=claude-3-opus-20240229,claude-3-sonnet-20240229,claude-3-haiku-20240307,claude-2.1,claude-2,claude-1.2,claude-1,claude-1-100k,claude-instant-1,claude-instant-1-100k |
ANTHROPIC_REVERSE_PROXY | string | Reverse proxy for Anthropic. | # ANTHROPIC_REVERSE_PROXY= |
ANTHROPIC_TITLE_MODEL | string | Model to use for titling with Anthropic. | # ANTHROPIC_TITLE_MODEL=claude-3-haiku-20240307 |
Note: Must be compatible with the Anthropic Endpoint. Also, Claude 2 and Claude 3 models perform best at this task, with
claude-3-haiku
models being the cheapest.
BingAI
Bing, also used for Sydney, jailbreak, and Bing Image Creator
Key | Type | Description | Example |
---|---|---|---|
BINGAI_TOKEN | string | Bing access token. Leave blank to disable. Can be set to "user_provided" to allow users to provide their own token from the WebUI. | BINGAI_TOKEN=user_provided |
BINGAI_HOST | string | Bing host URL. Leave commented out to use default server. | # BINGAI_HOST=https://cn.bing.com |
Note: It is recommended to leave it as “user_provided” and provide the token from the WebUI.
Follow these instructions to setup the Google Endpoint
Key | Type | Description | Example |
---|---|---|---|
GOOGLE_KEY | string | Google API key. Set to "user_provided" to allow users to provide their own API key from the WebUI. | GOOGLE_KEY=user_provided |
GOOGLE_REVERSE_PROXY | string | Google reverse proxy URL. | GOOGLE_REVERSE_PROXY= |
GOOGLE_MODELS | string | Available Gemini API Google models, separated by commas. | GOOGLE_MODELS=gemini-1.0-pro,gemini-1.0-pro-001,gemini-1.0-pro-latest,gemini-1.0-pro-vision-latest,gemini-1.5-pro-latest,gemini-pro,gemini-pro-vision |
GOOGLE_MODELS | string | Available Vertex AI Google models, separated by commas. | GOOGLE_MODELS=gemini-1.5-pro-preview-0409,gemini-1.0-pro-vision-001,gemini-pro,gemini-pro-vision,chat-bison,chat-bison-32k,codechat-bison,codechat-bison-32k,text-bison,text-bison-32k,text-unicorn,code-gecko,code-bison,code-bison-32k |
GOOGLE_TITLE_MODEL | string | The model used for titling with Google. | GOOGLE_TITLE_MODEL=gemini-pro |
GOOGLE_LOC | string | Specifies the Google Cloud location for processing API requests | GOOGLE_LOC=us-central1 |
GOOGLE_SAFETY_SEXUALLY_EXPLICIT | string | Safety setting for sexually explicit content. Options are BLOCK_ALL, BLOCK_ONLY_HIGH, WARN_ONLY, and OFF. | GOOGLE_SAFETY_SEXUALLY_EXPLICIT=BLOCK_ONLY_HIGH |
GOOGLE_SAFETY_HATE_SPEECH | string | Safety setting for hate speech content. Options are BLOCK_ALL, BLOCK_ONLY_HIGH, WARN_ONLY, and OFF. | GOOGLE_SAFETY_HATE_SPEECH=BLOCK_ONLY_HIGH |
GOOGLE_SAFETY_HARASSMENT | string | Safety setting for harassment content. Options are BLOCK_ALL, BLOCK_ONLY_HIGH, WARN_ONLY, and OFF. | GOOGLE_SAFETY_HARASSMENT=BLOCK_ONLY_HIGH |
GOOGLE_SAFETY_DANGEROUS_CONTENT | string | Safety setting for dangerous content. Options are BLOCK_ALL, BLOCK_ONLY_HIGH, WARN_ONLY, and OFF. | GOOGLE_SAFETY_DANGEROUS_CONTENT=BLOCK_ONLY_HIGH |
Customize the available models, separated by commas, without spaces. The first will be default. Leave it blank or commented out to use internal settings.
Note: For the Vertex AI GOOGLE_SAFETY
variables, you do not have access to the BLOCK_NONE
setting by default. To use this restricted HarmBlockThreshold
setting, you will need to either:
- (a) Get access through an allowlist via your Google account team
- (b) Switch your account type to monthly invoiced billing following this instruction: https://cloud.google.com/billing/docs/how-to/invoiced-billing
OpenAI
See: OpenAI Setup
Key | Type | Description | Example |
---|---|---|---|
OPENAI_API_KEY | string | Your OpenAI API key. Leave blank to disable this endpoint or set to "user_provided" to allow users to provide their own API key from the WebUI. | OPENAI_API_KEY=user_provided |
OPENAI_MODELS | string | Customize the available models, separated by commas, without spaces. The first will be default. Leave commented out to use internal settings. | # OPENAI_MODELS=gpt-3.5-turbo-0125,gpt-3.5-turbo-0301,gpt-3.5-turbo,gpt-4,gpt-4-0613,gpt-4-vision-preview,gpt-3.5-turbo-0613,gpt-3.5-turbo-16k-0613,gpt-4-0125-preview,gpt-4-turbo-preview,gpt-4-1106-preview,gpt-3.5-turbo-1106,gpt-3.5-turbo-instruct,gpt-3.5-turbo-instruct-0914,gpt-3.5-turbo-16k |
DEBUG_OPENAI | boolean | Enable debug mode for the OpenAI endpoint. | DEBUG_OPENAI=false |
OPENAI_TITLE_MODEL | string | The model used for OpenAI titling. | # OPENAI_TITLE_MODEL=gpt-3.5-turbo |
OPENAI_SUMMARIZE | boolean | Enable message summarization. False by default | # OPENAI_SUMMARIZE=true |
OPENAI_SUMMARY_MODEL | string | The model used for OpenAI summarization. | # OPENAI_SUMMARY_MODEL=gpt-3.5-turbo |
OPENAI_FORCE_PROMPT | boolean | Force the API to be called with a prompt payload instead of a messages payload. | # OPENAI_FORCE_PROMPT=false |
OPENAI_REVERSE_PROXY | string | Reverse proxy settings for OpenAI. | # OPENAI_REVERSE_PROXY= |
OPENAI_ORGANIZATION | string | Specify which organization to use for each API request to OpenAI. Optional | # OPENAI_ORGANIZATION= |
Assistants
See: Assistants Setup
Key | Type | Description | Example |
---|---|---|---|
ASSISTANTS_API_KEY | string | Your OpenAI API key for Assistants API. Leave blank to disable this endpoint or set to "user_provided" to allow users to provide their own API key from the WebUI. | ASSISTANTS_API_KEY=user_provided |
ASSISTANTS_MODELS | string | Customize the available models, separated by commas, without spaces. The first will be default. Leave blank to use internal settings. | # ASSISTANTS_MODELS=gpt-3.5-turbo-0125,gpt-3.5-turbo-16k-0613,gpt-3.5-turbo-16k,gpt-3.5-turbo,gpt-4,gpt-4-0314,gpt-4-32k-0314,gpt-4-0613,gpt-3.5-turbo-0613,gpt-3.5-turbo-1106,gpt-4-0125-preview,gpt-4-turbo-preview,gpt-4-1106-preview |
ASSISTANTS_BASE_URL | string | Alternate base URL for Assistants API. | # ASSISTANTS_BASE_URL= |
Note: You can customize the available models, separated by commas, without spaces. The first will be default. Leave it blank or commented out to use internal settings.
Plugins
Here are some useful resources about plugins:
General Configuration
Environment Variables
Key | Type | Description | Example |
---|---|---|---|
PLUGIN_MODELS | string | Identify available models, separated by commas without spaces. The first model in the list will be set as default. Defaults to internal settings. | # PLUGIN_MODELS=gpt-4,gpt-4-turbo,gpt-4-turbo-preview,gpt-4-0125-preview,gpt-4-1106-preview,gpt-4-0613,gpt-3.5-turbo,gpt-3.5-turbo-0125,gpt-3.5-turbo-1106,gpt-3.5-turbo-0613 |
Key | Type | Description | Example |
---|---|---|---|
DEBUG_PLUGINS | boolean | Set to false to disable debug mode for plugins. | DEBUG_PLUGINS=true |
Credentials Configuration
To securely store credentials, you need a fixed key and IV. You can set them here for prod and dev environments.
Key | Type | Description | Example |
---|---|---|---|
CREDS_KEY | string | 32-byte key (64 characters in hex) for securely storing credentials. Required for app startup. | CREDS_KEY=f34be427ebb29de8d88c107a71546019685ed8b241d8f2ed00c3df97ad2566f0 |
CREDS_IV | string | 16-byte IV (32 characters in hex) for securely storing credentials. Required for app startup. | CREDS_IV=e2341419ec3dd3d19b13a1a87fafcbfb |
Azure AI Search
This plugin supports searching Azure AI Search for answers to your questions. See: Azure AI Search
Key | Type | Description | Example |
---|---|---|---|
AZURE_AI_SEARCH_SERVICE_ENDPOINT | string | The service endpoint for Azure AI Search. | AZURE_AI_SEARCH_SERVICE_ENDPOINT= |
AZURE_AI_SEARCH_INDEX_NAME | string | The index name for Azure AI Search. | AZURE_AI_SEARCH_INDEX_NAME= |
AZURE_AI_SEARCH_API_KEY | string | The API key for Azure AI Search. | AZURE_AI_SEARCH_API_KEY= |
AZURE_AI_SEARCH_API_VERSION | string | The API version for Azure AI Search. | AZURE_AI_SEARCH_API_VERSION= |
AZURE_AI_SEARCH_SEARCH_OPTION_QUERY_TYPE | string | The query type for Azure AI Search. | AZURE_AI_SEARCH_SEARCH_OPTION_QUERY_TYPE= |
AZURE_AI_SEARCH_SEARCH_OPTION_TOP | number | The top count for Azure AI Search. | AZURE_AI_SEARCH_SEARCH_OPTION_TOP= |
AZURE_AI_SEARCH_SEARCH_OPTION_SELECT | string | The select fields for Azure AI Search. | AZURE_AI_SEARCH_SEARCH_OPTION_SELECT= |
DALL-E:
API Keys:
Key | Type | Description | Example |
---|---|---|---|
DALLE_API_KEY | string | The OpenAI API key for DALL-E 2 and DALL-E 3 services. | # DALLE2_API_KEY= |
API Keys (Version Specific):
Key | Type | Description | Example |
---|---|---|---|
DALLE3_API_KEY | string | The OpenAI API key for DALL-E 3. | # DALLE3_API_KEY= |
DALLE2_API_KEY | string | The OpenAI API key for DALL-E 2. | # DALLE2_API_KEY= |
System Prompts:
Key | Type | Description | Example |
---|---|---|---|
DALLE3_SYSTEM_PROMPT | string | The system prompt for DALL-E 3. | # DALLE3_SYSTEM_PROMPT= |
DALLE2_SYSTEM_PROMPT | string | The system prompt for DALL-E 2. | # DALLE2_SYSTEM_PROMPT= |
Reverse Proxy Settings:
Key | Type | Description | Example |
---|---|---|---|
DALLE_REVERSE_PROXY | string | The reverse proxy URL for DALL-E API requests. | # DALLE_REVERSE_PROXY= |
Base URLs:
Key | Type | Description | Example |
---|---|---|---|
DALLE3_BASEURL | string | The base URL for DALL-E 3 API endpoints. | # DALLE3_BASEURL= |
DALLE2_BASEURL | string | The base URL for DALL-E 2 API endpoints. | # DALLE2_BASEURL= |
Azure OpenAI Integration (Optional):
Key | Type | Description | Example |
---|---|---|---|
DALLE3_AZURE_API_VERSION | string | The API version for DALL-E 3 with Azure OpenAI service. | # DALLE3_AZURE_API_VERSION= |
DALLE2_AZURE_API_VERSION | string | The API version for DALL-E 2 with Azure OpenAI service. | # DALLE2_AZURE_API_VERSION= |
Remember to replace placeholder text with actual prompts or instructions and provide your actual API keys if you choose to include them directly in the file (though managing sensitive keys outside of the codebase is a best practice). Always review and respect OpenAI’s usage policies when embedding API keys in software.
Note: if you have PROXY set, it will be used for DALL-E calls also, which is universal for the app.
DALL-E (Azure)
Here’s the updated layout for the DALL-E configuration options:
API Keys:
Key | Type | Description | Example |
---|---|---|---|
DALLE_API_KEY | string | The OpenAI API key for DALL-E 2 and DALL-E 3 services. | # DALLE_API_KEY= |
API Keys (Version Specific):
Key | Type | Description | Example |
---|---|---|---|
DALLE3_API_KEY | string | The OpenAI API key for DALL-E 3. | # DALLE3_API_KEY= |
DALLE2_API_KEY | string | The OpenAI API key for DALL-E 2. | # DALLE2_API_KEY= |
System Prompts:
Key | Type | Description | Example |
---|---|---|---|
DALLE3_SYSTEM_PROMPT | string | The system prompt for DALL-E 3. | # DALLE3_SYSTEM_PROMPT="Your DALL-E-3 System Prompt here" |
DALLE2_SYSTEM_PROMPT | string | The system prompt for DALL-E 2. | # DALLE2_SYSTEM_PROMPT="Your DALL-E-2 System Prompt here" |
Reverse Proxy Settings:
Key | Type | Description | Example |
---|---|---|---|
DALLE_REVERSE_PROXY | string | The reverse proxy URL for DALL-E API requests. | # DALLE_REVERSE_PROXY= |
Base URLs:
Key | Type | Description | Example |
---|---|---|---|
DALLE3_BASEURL | string | The base URL for DALL-E 3 API endpoints. | # DALLE3_BASEURL=https://<AZURE_OPENAI_API_INSTANCE_NAME>.openai.azure.com/openai/deployments/<DALLE3_DEPLOYMENT_NAME>/ |
DALLE2_BASEURL | string | The base URL for DALL-E 2 API endpoints. | # DALLE2_BASEURL=https://<AZURE_OPENAI_API_INSTANCE_NAME>.openai.azure.com/openai/deployments/<DALLE2_DEPLOYMENT_NAME>/ |
Azure OpenAI Integration (Optional):
Key | Type | Description | Example |
---|---|---|---|
DALLE3_AZURE_API_VERSION | string | The API version for DALL-E 3 with Azure OpenAI service. | # DALLE3_AZURE_API_VERSION=the-api-version # e.g.: 2023-12-01-preview |
DALLE2_AZURE_API_VERSION | string | The API version for DALL-E 2 with Azure OpenAI service. | # DALLE2_AZURE_API_VERSION=the-api-version # e.g.: 2023-12-01-preview |
Remember to replace placeholder text with actual prompts or instructions and provide your actual API keys if you choose to include them directly in the file (though managing sensitive keys outside of the codebase is a best practice). Always review and respect OpenAI’s usage policies when embedding API keys in software.
Note: if you have PROXY set, it will be used for DALL-E calls also, which is universal for the app.
Google Search
See detailed instructions here: Google Search
Environment Variables:
Key | Type | Description | Example |
---|---|---|---|
GOOGLE_SEARCH_API_KEY | string | Google Search API key. | GOOGLE_SEARCH_API_KEY= |
GOOGLE_CSE_ID | string | Google Custom Search Engine ID. | GOOGLE_CSE_ID= |
SerpAPI
Description: SerpApi is a real-time API to access Google search results (not as performant)
Environment Variables:
Key | Type | Description | Example |
---|---|---|---|
SERPAPI_API_KEY | string | Your SerpAPI API key. | SERPAPI_API_KEY= |
Stable Diffusion (Automatic1111)
See detailed instructions here: Stable Diffusion
Description: Use http://127.0.0.1:7860
with local install and http://host.docker.internal:7860
for docker
Environment Variables:
Key | Type | Description | Example |
---|---|---|---|
SD_WEBUI_URL | string | Stable Diffusion web UI URL. | SD_WEBUI_URL=http://host.docker.internal:7860 |
Tavily
Get your API key here: https://tavily.com/#api
Environment Variables:
Key | Type | Description | Example |
---|---|---|---|
TAVILY_API_KEY | string | Tavily API key. | TAVILY_API_KEY= |
Traversaal
Description: LLM-enhanced search tool.
Get API key here: https://api.traversaal.ai/dashboard
Environment Variables:
Key | Type | Description | Example |
---|---|---|---|
TRAVERSAAL_API_KEY | string | Traversaal API key. | TRAVERSAAL_API_KEY= |
WolframAlpha
See detailed instructions here: Wolfram Alpha
Environment Variables:
Key | Type | Description | Example |
---|---|---|---|
WOLFRAM_APP_ID | string | Wolfram Alpha App ID. | WOLFRAM_APP_ID= |
Zapier
Description: - You need a Zapier account. Get your API key from here: Zapier
- Create allowed actions - Follow step 3 in this getting start guide from Zapier
Note: Zapier is known to be finicky with certain actions. Writing email drafts is probably the best use of it.
Environment Variables:
Key | Type | Description | Example |
---|---|---|---|
ZAPIER_NLA_API_KEY | string | Zapier NLA API key. | ZAPIER_NLA_API_KEY= |
Search (Meilisearch)
Enables search in messages and conversations:
Key | Type | Description | Example |
---|---|---|---|
SEARCH | boolean | Enables search in messages and conversations. | SEARCH=true |
Note: If you’re not using docker, it requires the installation of the free self-hosted Meilisearch or a paid remote plan
To disable anonymized telemetry analytics for MeiliSearch for absolute privacy, set to true:
Key | Type | Description | Example |
---|---|---|---|
MEILI_NO_ANALYTICS | boolean | Disables anonymized telemetry analytics for MeiliSearch. | MEILI_NO_ANALYTICS=true |
For the API server to connect to the search server. Replace ‘0.0.0.0’ with ‘meilisearch’ if serving MeiliSearch with docker-compose.
Key | Type | Description | Example |
---|---|---|---|
MEILI_HOST | string | The API server connection to the search server. | MEILI_HOST=http://0.0.0.0:7700 |
This master key must be at least 16 bytes, composed of valid UTF-8 characters. MeiliSearch will throw an error and refuse to launch if no master key is provided or if it is under 16 bytes. MeiliSearch will suggest a secure autogenerated master key. This is a ready-made secure key for docker-compose, you can replace it with your own.
Key | Type | Description | Example |
---|---|---|---|
MEILI_MASTER_KEY | string | The master key for MeiliSearch. | MEILI_MASTER_KEY=DrhYf7zENyR6AlUCKmnz0eYASOQdl6zxH7s7MKFSfFCt |
User System
This section contains the configuration for:
Moderation
The Automated Moderation System uses a scoring mechanism to track user violations. As users commit actions like excessive logins, registrations, or messaging, they accumulate violation scores. Upon reaching a set threshold, the user and their IP are temporarily banned. This system ensures platform security by monitoring and penalizing rapid or suspicious activities.
see: Automated Moderation
Basic Moderation Settings
Key | Type | Description | Example |
---|---|---|---|
OPENAI_MODERATION | boolean | Whether or not to enable OpenAI moderation on the **OpenAI** and **Plugins** endpoints. | OPENAI_MODERATION=false |
OPENAI_MODERATION_API_KEY | string | Your OpenAI API key. | OPENAI_MODERATION_API_KEY= |
OPENAI_MODERATION_REVERSE_PROXY | string | Note: Commented out by default, this is not working with all reverse proxys. | # OPENAI_MODERATION_REVERSE_PROXY= |
Banning Settings
Key | Type | Description | Example |
---|---|---|---|
BAN_VIOLATIONS | boolean | Whether or not to enable banning users for violations (they will still be logged). | BAN_VIOLATIONS=true |
BAN_DURATION | integer | How long the user and associated IP are banned for (in milliseconds). | BAN_DURATION=1000 * 60 * 60 * 2 |
BAN_INTERVAL | integer | The user will be banned every time their score reaches/crosses over the interval threshold. | BAN_INTERVAL=20 |
Score for each violation
Key | Type | Description | Example |
---|---|---|---|
LOGIN_VIOLATION_SCORE | integer | Score for login violations. | LOGIN_VIOLATION_SCORE=1 |
REGISTRATION_VIOLATION_SCORE | integer | Score for registration violations. | REGISTRATION_VIOLATION_SCORE=1 |
CONCURRENT_VIOLATION_SCORE | integer | Score for concurrent violations. | CONCURRENT_VIOLATION_SCORE=1 |
MESSAGE_VIOLATION_SCORE | integer | Score for message violations. | MESSAGE_VIOLATION_SCORE=1 |
NON_BROWSER_VIOLATION_SCORE | integer | Score for non-browser violations. | NON_BROWSER_VIOLATION_SCORE=20 |
ILLEGAL_MODEL_REQ_SCORE | integer | Score for illegal model requests. | ILLEGAL_MODEL_REQ_SCORE=5 |
Note: Non-browser access and Illegal model requests are almost always nefarious as it means a 3rd party is attempting to access the server through an automated script.
Message rate limiting (per user & IP)
Key | Type | Description | Example |
---|---|---|---|
LIMIT_CONCURRENT_MESSAGES | boolean | Whether to limit the amount of messages a user can send per request. | LIMIT_CONCURRENT_MESSAGES=true |
CONCURRENT_MESSAGE_MAX | integer | The max amount of messages a user can send per request. | CONCURRENT_MESSAGE_MAX=2 |
Limiters
Note: You can utilize both limiters, but default is to limit by IP only.
IP Limiter:
Key | Type | Description | Example |
---|---|---|---|
LIMIT_MESSAGE_IP | boolean | Whether to limit the amount of messages an IP can send per `MESSAGE_IP_WINDOW`. | LIMIT_MESSAGE_IP=true |
MESSAGE_IP_MAX | integer | The max amount of messages an IP can send per `MESSAGE_IP_WINDOW`. | MESSAGE_IP_MAX=40 |
MESSAGE_IP_WINDOW | integer | In minutes, determines the window of time for `MESSAGE_IP_MAX` messages. | MESSAGE_IP_WINDOW=1 |
User Limiter:
Key | Type | Description | Example |
---|---|---|---|
LIMIT_MESSAGE_USER | boolean | Whether to limit the amount of messages an user can send per `MESSAGE_USER_WINDOW`. | LIMIT_MESSAGE_USER=false |
MESSAGE_USER_MAX | integer | The max amount of messages an user can send per `MESSAGE_USER_WINDOW`. | MESSAGE_USER_MAX=40 |
MESSAGE_USER_WINDOW | integer | In minutes, determines the window of time for `MESSAGE_USER_MAX` messages. | MESSAGE_USER_WINDOW=1 |
Balance
The following feature allows for the management of user balances within the system’s endpoints. You have the option to add balances manually, or you may choose to implement a system that accumulates balances automatically for users. If a specific initial balance is defined in the configuration, tokens will be credited to the user’s balance automatically when they register.
see: Token Usage
Key | Type | Description | Example |
---|---|---|---|
CHECK_BALANCE | boolean | Enable token credit balances for the OpenAI/Plugins endpoints. | CHECK_BALANCE=false |
START_BALANCE | integer | If the value is set, tokens will be credited to the user's balance after registration. | START_BALANCE=20000 |
Managing Balances
- Run
npm run add-balance
to manually add balances.- You can also specify the email and token credit amount to add, e.g.:
npm run add-balance [email protected] 1000
- You can also specify the email and token credit amount to add, e.g.:
- Run
npm run set-balance
to manually set balances, similar toadd-balance
. - Run
npm run list-balances
to list the balance of every user.
Note: 1000 credits = $0.001 (1 mill USD)
Registration and Login
- General Settings:
Key | Type | Description | Example |
---|---|---|---|
ALLOW_EMAIL_LOGIN | boolean | Enable or disable ONLY email login. | ALLOW_EMAIL_LOGIN=true |
ALLOW_REGISTRATION | boolean | Enable or disable Email registration of new users. | ALLOW_REGISTRATION=true |
ALLOW_SOCIAL_LOGIN | boolean | Allow users to connect to LibreChat with various social networks. | ALLOW_SOCIAL_LOGIN=false |
ALLOW_SOCIAL_REGISTRATION | boolean | Enable or disable registration of new users using various social networks. | ALLOW_SOCIAL_REGISTRATION=false |
ALLOW_PASSWORD_RESET | boolean | Enable or disable the ability for users to reset their password by themselves | ALLOW_PASSWORD_RESET=false |
ALLOW_ACCOUNT_DELETION | boolean | Enable or disable the ability for users to delete their account by themselves. Enabled by default if omitted/commented out | ALLOW_ACCOUNT_DELETION=true |
ALLOW_UNVERIFIED_EMAIL_LOGIN | boolean | Set to true to allow users to log in without verifying their email address. If set to false, users will be required to verify their email before logging in. | ALLOW_UNVERIFIED_EMAIL_LOGIN=true |
Quick Tip: Even with registration disabled, add users directly to the database using
npm run create-user
. Quick Tip: With registration disabled, you can delete a user withnpm run delete-user [email protected]
.
- Session and Refresh Token Settings:
Key | Type | Description | Example |
---|---|---|---|
SESSION_EXPIRY | integer (milliseconds) | Session expiry time. | SESSION_EXPIRY=1000 * 60 * 15 |
REFRESH_TOKEN_EXPIRY | integer (milliseconds) | Refresh token expiry time. | REFRESH_TOKEN_EXPIRY=(1000 * 60 * 60 * 24) * 7 |
-
For more information: Refresh Token
-
JWT Settings:
You should use new secure values. The examples given are 32-byte keys (64 characters in hex). Use this replit to generate some quickly: JWT Keys
Key | Type | Description | Example |
---|---|---|---|
JWT_SECRET | string (hex) | JWT secret key. | JWT_SECRET=16f8c0ef4a5d391b26034086c628469d3f9f497f08163ab9b40137092f2909ef |
JWT_REFRESH_SECRET | string (hex) | JWT refresh secret key. | JWT_REFRESH_SECRET=eaa5191f2914e30b9387fd84e254e4ba6fc51b4654968a9b0803b456a54b8418 |
Social Logins
For more details: OAuth2-OIDC
Discord Authentication
For more information: Discord
Key | Type | Description | Example |
---|---|---|---|
DISCORD_CLIENT_ID | string | Your Discord client ID. | DISCORD_CLIENT_ID= |
DISCORD_CLIENT_SECRET | string | Your Discord client secret. | DISCORD_CLIENT_SECRET= |
DISCORD_CALLBACK_URL | string | The callback URL for Discord authentication. | DISCORD_CALLBACK_URL=/oauth/discord/callback |
Facebook Authentication
For more information: Facebook Authentication
Key | Type | Description | Example |
---|---|---|---|
FACEBOOK_CLIENT_ID | string | Your Facebook client ID. | FACEBOOK_CLIENT_ID= |
FACEBOOK_CLIENT_SECRET | string | Your Facebook client secret. | FACEBOOK_CLIENT_SECRET= |
FACEBOOK_CALLBACK_URL | string | The callback URL for Facebook authentication. | FACEBOOK_CALLBACK_URL=/oauth/facebook/callback |
GitHub Authentication
For more information: GitHub Authentication
Key | Type | Description | Example |
---|---|---|---|
GITHUB_CLIENT_ID | string | Your GitHub client ID. | GITHUB_CLIENT_ID= |
GITHUB_CLIENT_SECRET | string | Your GitHub client secret. | GITHUB_CLIENT_SECRET= |
GITHUB_CALLBACK_URL | string | The callback URL for GitHub authentication. | GITHUB_CALLBACK_URL=/oauth/github/callback |
Google Authentication
For more information: Google Authentication
Key | Type | Description | Example |
---|---|---|---|
GOOGLE_CLIENT_ID | string | Your Google client ID. | GOOGLE_CLIENT_ID= |
GOOGLE_CLIENT_SECRET | string | Your Google client secret. | GOOGLE_CLIENT_SECRET= |
GOOGLE_CALLBACK_URL | string | The callback URL for Google authentication. | GOOGLE_CALLBACK_URL=/oauth/google/callback |
OpenID Connect
For more information:
Key | Type | Description | Example |
---|---|---|---|
OPENID_CLIENT_ID | string | Your OpenID client ID. | OPENID_CLIENT_ID= |
OPENID_CLIENT_SECRET | string | Your OpenID client secret. | OPENID_CLIENT_SECRET= |
OPENID_ISSUER | string | The OpenID issuer URL. | OPENID_ISSUER= |
OPENID_SESSION_SECRET | string | The secret for OpenID session storage. | OPENID_SESSION_SECRET= |
OPENID_SCOPE | string | The OpenID scope. | OPENID_SCOPE="openid profile email" |
OPENID_CALLBACK_URL | string | The callback URL for OpenID authentication. | OPENID_CALLBACK_URL=/oauth/openid/callback |
OPENID_REQUIRED_ROLE | string | The required role for validation. | OPENID_REQUIRED_ROLE= |
OPENID_REQUIRED_ROLE_TOKEN_KIND | string | The token kind for required role validation. | OPENID_REQUIRED_ROLE_TOKEN_KIND= |
OPENID_REQUIRED_ROLE_PARAMETER_PATH | string | The parameter path for required role validation. | OPENID_REQUIRED_ROLE_PARAMETER_PATH= |
OPENID_BUTTON_LABEL | string | The label for the OpenID login button. | OPENID_BUTTON_LABEL= |
OPENID_IMAGE_URL | string | The URL of the OpenID login button image. | OPENID_IMAGE_URL= |
LDAP/AD Authentication
For more information: LDAP/AD Authentication
Key | Type | Description | Example |
---|---|---|---|
LDAP_URL | string | LDAP server URL. | LDAP_URL=ldap://localhost:389 |
LDAP_BIND_DN | string | Bind DN | LDAP_BIND_DN=cn=root |
LDAP_BIND_CREDENTIALS | string | Password for bindDN | LDAP_BIND_CREDENTIALS=password |
LDAP_USER_SEARCH_BASE | string | LDAP user search base | LDAP_USER_SEARCH_BASE=o=users,o=example.com |
LDAP_SEARCH_FILTER | string | LDAP search filter | LDAP_SEARCH_FILTER=mail={{username}} |
LDAP_CA_CERT_PATH | string | CA certificate path. | LDAP_CA_CERT_PATH=/path/to/root_ca_cert.crt |
LDAP_TLS_REJECT_UNAUTHORIZED | string | LDAP TLS verification | LDAP_TLS_REJECT_UNAUTHORIZED=true |
Password Reset
Email is used for account verification and password reset. See: Email setup
Important Note: All of the service or host, username, and password, and the From address must be set for email to work.
Warning: If using
EMAIL_SERVICE
, do NOT set the extended connection parameters: HOST, PORT, ENCRYPTION, ENCRYPTION_HOSTNAME, ALLOW_SELFSIGNED. Failing to set valid values here will result in LibreChat using the unsecured password reset!
See: nodemailer well-known-services
Key | Type | Description | Example |
---|---|---|---|
EMAIL_SERVICE | string | Email service (e.g., Gmail, Outlook). | EMAIL_SERVICE= |
EMAIL_HOST | string | Mail server host. | EMAIL_HOST= |
EMAIL_PORT | number | Mail server port. | EMAIL_PORT=25 |
EMAIL_ENCRYPTION | string | Encryption method (starttls, tls, etc.). | EMAIL_ENCRYPTION= |
EMAIL_ENCRYPTION_HOSTNAME | string | Hostname for encryption. | EMAIL_ENCRYPTION_HOSTNAME= |
EMAIL_ALLOW_SELFSIGNED | boolean | Allow self-signed certificates. | EMAIL_ALLOW_SELFSIGNED= |
EMAIL_USERNAME | string | Username for authentication. | EMAIL_USERNAME= |
EMAIL_PASSWORD | string | Password for authentication. | EMAIL_PASSWORD= |
EMAIL_FROM_NAME | string | From name. | EMAIL_FROM_NAME= |
EMAIL_FROM | string | From email address. Required. | [email protected] |
Firebase CDN
See: Firebase CDN Configuration
Key | Type | Description | Example |
---|---|---|---|
FIREBASE_API_KEY | string | The API key for your Firebase project. | FIREBASE_API_KEY= |
FIREBASE_AUTH_DOMAIN | string | The Firebase Auth domain for your project. | FIREBASE_AUTH_DOMAIN= |
FIREBASE_PROJECT_ID | string | The ID of your Firebase project. | FIREBASE_PROJECT_ID= |
FIREBASE_STORAGE_BUCKET | string | The Firebase Storage bucket for your project. | FIREBASE_STORAGE_BUCKET= |
FIREBASE_MESSAGING_SENDER_ID | string | The Firebase Cloud Messaging sender ID. | FIREBASE_MESSAGING_SENDER_ID= |
FIREBASE_APP_ID | string | The Firebase App ID for your project. | FIREBASE_APP_ID= |
UI
Help and FAQ Button
Key | Type | Description | Example |
---|---|---|---|
HELP_AND_FAQ_URL | string | Help and FAQ URL. If empty or commented, the button is enabled. | HELP_AND_FAQ_URL=https://librechat.ai |
Behaviour:
Sets the Cache-Control headers for static files. These configurations only trigger when the NODE_ENV
is set to production
.
Properly setting cache headers is crucial for optimizing the performance and efficiency of your web application. By controlling how long browsers and CDNs store copies of your static files, you can significantly reduce server load, decrease page load times, and improve the overall user experience.
- Uncomment
STATIC_CACHE_MAX_AGE
to change themax-age
for static files. By default this is set to 4 weeks. - Uncomment
STATIC_CACHE_S_MAX_AGE
to change thes-maxage
for static files. By default this is set to 1 week.- This is for the shared cache, which is used by CDNs and proxies.
App Title and Footer
Key | Type | Description | Example |
---|---|---|---|
APP_TITLE | string | App title. | APP_TITLE=LibreChat |
CUSTOM_FOOTER | string | Custom footer. | # CUSTOM_FOOTER="My custom footer" |
Behaviour:
- Uncomment
CUSTOM_FOOTER
to add a custom footer. - Uncomment and leave
CUSTOM_FOOTER
empty to remove the footer. - You can now add one or more links in the CUSTOM_FOOTER value using the following format:
[Anchor text](URL)
. Each link should be delineated with a pipe (|
).
Markdown example:
CUSTOM_FOOTER=[Link 1](http://example1.com) | [Link 2](http://example2.com)
Birthday Hat
Key | Type | Description | Example |
---|---|---|---|
SHOW_BIRTHDAY_ICON | boolean | Show the birthday hat icon. | # SHOW_BIRTHDAY_ICON=true |
Behaviour:
- The birthday hat icon will show automatically on February 11th (LibreChat’s birthday).
- Set
SHOW_BIRTHDAY_ICON
tofalse
to disable the birthday hat. - Set
SHOW_BIRTHDAY_ICON
totrue
to enable the birthday hat all the time.
Analytics
Google Tag Manager
LibreChat supports Google Tag Manager for analytics. You will need a Google Tag Manager ID to enable it in LibreChat. Follow this guide to generate a Google Tag Manager ID and configure Google Analytics. Then set the ANALYTICS_GTM_ID
environment variable to your Google Tag Manager ID.
Note: If ANALYTICS_GTM_ID
is not set, Google Tag Manager will not be enabled. If it is set incorrectly, you will see failing requests to gtm.js
Key | Type | Description | Example |
---|---|---|---|
ANALYTICS_GTM_ID | string | Google Tag Manager ID. | ANALYTICS_GTM_ID= |
Other
Redis
Note: Redis support is experimental, and you may encounter some problems when using it.
Important: If using Redis, you should flush the cache after changing any LibreChat settings.
Key | Type | Description | Example |
---|---|---|---|
REDIS_URI | string | Redis URI. | # REDIS_URI= |
USE_REDIS | boolean | Use Redis. | # USE_REDIS= |