Docs
Configuration
Environment Variables

.env File Configuration

Welcome to the comprehensive guide for configuring your application’s environment with the .env file. This document is your one-stop resource for understanding and customizing the environment variables that will shape your application’s behavior in different contexts.

While the default settings provide a solid foundation for a standard docker installation, delving into this guide will unveil the full potential of LibreChat. This guide empowers you to tailor LibreChat to your precise needs. Discover how to adjust language model availability, integrate social logins, manage the automatic moderation system, and much more. It’s all about giving you the control to fine-tune LibreChat for an optimal user experience.

Reminder: Please restart LibreChat for the configuration changes to take effect

Alternatively, you can create a new file named docker-compose.override.yml in the same directory as your main docker-compose.yml file for LibreChat, where you can set your .env variables as needed under environment, or modify the default configuration provided by the main docker-compose.yml, without the need to directly edit or duplicate the whole file.

For more info see:


Server Configuration

Port

  • The server listens on a specific port.
  • The PORT environment variable sets the port where the server listens. By default, it is set to 3080.
KeyTypeDescriptionExample
HOSTstringSpecifies the host.HOST=localhost
PORTnumberSpecifies the port.PORT=3080

MongoDB Database

  • Change this to your MongoDB URI if different. You should also add LibreChat or your own APP_TITLE as the database name in the URI.
KeyTypeDescriptionExample
MONGO_URIstringSpecifies the MongoDB URI.MONGO_URI=mongodb://127.0.0.1:27017/LibreChat

For example:

  • If you are using an online database, the URI format is mongodb+srv://<username>:<password>@<host>/<database>?<options>. Your MONGO_URI should look like this: mongodb+srv://username:[email protected]/LibreChat?retryWrites=true (retryWrites=true is the only option you need when using the online database)

See also:

Application Domains

To configure LibreChat for local use or custom domain deployment, set the following environment variables:

KeyTypeDescriptionExample
DOMAIN_CLIENTstringSpecifies the client-side domain.DOMAIN_CLIENT=http://localhost:3080
DOMAIN_SERVERstringSpecifies the server-side domain.DOMAIN_SERVER=http://localhost:3080

When deploying LibreChat to a custom domain, replace http://localhost:3080 with your deployed URL

  • e.g. https://librechat.example.com.

Prevent Public Search Engines Indexing

By default, your website will not be indexed by public search engines (e.g. Google, Bing, …). This means that people will not be able to find your website through these search engines. If you want to make your website more visible and searchable, you can change the following setting to false

KeyTypeDescriptionExample
NO_INDEXbooleanPrevents public search engines from indexing your website.NO_INDEX=true

Note: This method is not guaranteed to work for all search engines, and some search engines may still index your website or web page for other purposes, such as caching or archiving. Therefore, you should not rely solely on this method to protect sensitive or confidential information on your website or web page.

Logging

LibreChat has built-in central logging, see Logging System for more info.

Log Files

  • Debug logging is enabled by default and crucial for development.
  • To report issues, reproduce the error and submit logs from ./api/logs/debug-%DATE%.log at: LibreChat GitHub Issues
  • Error logs are stored in the same location.

Environment Variables

KeyTypeDescriptionExample
DEBUG_LOGGINGbooleanKeep debug logs active.DEBUG_LOGGING=true
DEBUG_CONSOLEbooleanEnable verbose console/stdout logs in the same format as file debug logs.DEBUG_CONSOLE=false
CONSOLE_JSONbooleanEnable verbose JSON console/stdout logs suitable for cloud deployments like GCP/AWS.CONSOLE_JSON=false

Note:

  • DEBUG_LOGGING can be used with either DEBUG_CONSOLE or CONSOLE_JSON but not both.
  • DEBUG_CONSOLE and CONSOLE_JSON are mutually exclusive.
  • CONSOLE_JSON: When handling console logs in cloud deployments (such as GCP or AWS), enabling this will dump the logs with a UTC timestamp and format them as JSON.

Note: DEBUG_CONSOLE is not recommended, as the outputs can be quite verbose, and so it’s disabled by default.

Permission

UID and GID are numbers assigned by Linux to each user and group on the system. If you have permission problems, set here the UID and GID of the user running the Docker Compose command. The applications in the container will run with these UID/GID.

KeyTypeDescriptionExample
UIDnumberThe user ID.# UID=1000
GIDnumberThe group ID.# GID=1000

Configuration Path - librechat.yaml

Specify an alternative location for the LibreChat configuration file. You may specify an absolute path, a relative path, or a URL. The filename in the path is flexible and does not have to be librechat.yaml; any valid configuration file will work.

Note: If you prefer LibreChat to search for the configuration file in the root directory (which is the default behavior), simply leave this option commented out.

KeyTypeDescriptionExample
CONFIG_PATHstringAn alternative location for the LibreChat configuration file.# CONFIG_PATH=https://raw.githubusercontent.com/danny-avila/LibreChat/main/librechat.example.yaml

Endpoints

In this section, you can configure the endpoints and models selection, their API keys, and the proxy and reverse proxy settings for the endpoints that support it.

General Config

Uncomment ENDPOINTS to customize the available endpoints in LibreChat.

KeyTypeDescriptionExample
ENDPOINTSstringComma-separated list of available endpoints.# ENDPOINTS=openAI,assistants,gptPlugins,azureOpenAI,google,anthropic,bingAI,custom
PROXYstringProxy setting for all endpoints.PROXY=
TITLE_CONVObooleanEnable titling for all endpoints.TITLE_CONVO=true

Known Endpoints - librechat.yaml

KeyTypeDescriptionExample
ANYSCALE_API_KEYstringAPI key for Anyscale.# ANYSCALE_API_KEY=
APIPIE_API_KEYstringAPI key for Apipie.# APIPIE_API_KEY=
COHERE_API_KEYstringAPI key for Cohere.# COHERE_API_KEY=
FIREWORKS_API_KEYstringAPI key for Fireworks.# FIREWORKS_API_KEY=
GROQ_API_KEYstringAPI key for Groq.# GROQ_API_KEY=
MISTRAL_API_KEYstringAPI key for Mistral.# MISTRAL_API_KEY=
OPENROUTER_KEYstringAPI key for OpenRouter.# OPENROUTER_KEY=
PERPLEXITY_API_KEYstringAPI key for Perplexity.# PERPLEXITY_API_KEY=
SHUTTLEAI_API_KEYstringAPI key for ShuttleAI.# SHUTTLEAI_API_KEY=
TOGETHERAI_API_KEYstringAPI key for TogetherAI.# TOGETHERAI_API_KEY=

Anthropic

see: Anthropic Endpoint

  • You can request an access key from https://console.anthropic.com/
  • Leave ANTHROPIC_API_KEY= blank to disable this endpoint
  • Set ANTHROPIC_API_KEY= to “user_provided” to allow users to provide their own API key from the WebUI
  • If you have access to a reverse proxy for Anthropic, you can set it with ANTHROPIC_REVERSE_PROXY=
    • leave blank or comment it out to use default base url
KeyTypeDescriptionExample
ANTHROPIC_API_KEYstringAnthropic API key or "user_provided" to allow users to provide their own API key.Defaults to an empty string.
ANTHROPIC_MODELSstringComma-separated list of Anthropic models to use.# ANTHROPIC_MODELS=claude-3-opus-20240229,claude-3-sonnet-20240229,claude-3-haiku-20240307,claude-2.1,claude-2,claude-1.2,claude-1,claude-1-100k,claude-instant-1,claude-instant-1-100k
ANTHROPIC_REVERSE_PROXYstringReverse proxy for Anthropic.# ANTHROPIC_REVERSE_PROXY=
ANTHROPIC_TITLE_MODELstringModel to use for titling with Anthropic.# ANTHROPIC_TITLE_MODEL=claude-3-haiku-20240307

Note: Must be compatible with the Anthropic Endpoint. Also, Claude 2 and Claude 3 models perform best at this task, with claude-3-haiku models being the cheapest.

BingAI

Bing, also used for Sydney, jailbreak, and Bing Image Creator

KeyTypeDescriptionExample
BINGAI_TOKENstringBing access token. Leave blank to disable. Can be set to "user_provided" to allow users to provide their own token from the WebUI.BINGAI_TOKEN=user_provided
BINGAI_HOSTstringBing host URL. Leave commented out to use default server.# BINGAI_HOST=https://cn.bing.com

Note: It is recommended to leave it as “user_provided” and provide the token from the WebUI.

Google

Follow these instructions to setup the Google Endpoint

KeyTypeDescriptionExample
GOOGLE_KEYstringGoogle API key. Set to "user_provided" to allow users to provide their own API key from the WebUI.GOOGLE_KEY=user_provided
GOOGLE_REVERSE_PROXYstringGoogle reverse proxy URL.# GOOGLE_REVERSE_PROXY=

Customize the available models, separated by commas, without spaces. The first will be default. Leave it blank or commented out to use internal settings.

KeyTypeDescriptionExample
GOOGLE_MODELSstringAvailable Gemini API Google models, separated by commas.# GOOGLE_MODELS=gemini-1.0-pro,gemini-1.0-pro-001,gemini-1.0-pro-latest,gemini-1.0-pro-vision-latest,gemini-1.5-pro-latest,gemini-pro,gemini-pro-vision
GOOGLE_MODELSstringAvailable Vertex AI Google models, separated by commas.# GOOGLE_MODELS=gemini-1.5-pro-preview-0409,gemini-1.0-pro-vision-001,gemini-pro,gemini-pro-vision,chat-bison,chat-bison-32k,codechat-bison,codechat-bison-32k,text-bison,text-bison-32k,text-unicorn,code-gecko,code-bison,code-bison-32k

OpenAI

See: OpenAI Setup

KeyTypeDescriptionExample
OPENAI_API_KEYstringYour OpenAI API key. Leave blank to disable this endpoint or set to "user_provided" to allow users to provide their own API key from the WebUI.OPENAI_API_KEY=user_provided
OPENAI_MODELSstringCustomize the available models, separated by commas, without spaces. The first will be default. Leave commented out to use internal settings.# OPENAI_MODELS=gpt-3.5-turbo-0125,gpt-3.5-turbo-0301,gpt-3.5-turbo,gpt-4,gpt-4-0613,gpt-4-vision-preview,gpt-3.5-turbo-0613,gpt-3.5-turbo-16k-0613,gpt-4-0125-preview,gpt-4-turbo-preview,gpt-4-1106-preview,gpt-3.5-turbo-1106,gpt-3.5-turbo-instruct,gpt-3.5-turbo-instruct-0914,gpt-3.5-turbo-16k
DEBUG_OPENAIbooleanEnable debug mode for the OpenAI endpoint.DEBUG_OPENAI=false
OPENAI_TITLE_MODELstringThe model used for OpenAI titling.# OPENAI_TITLE_MODEL=gpt-3.5-turbo
OPENAI_SUMMARIZEbooleanEnable message summarization. Fasle by default# OPENAI_SUMMARIZE=true
OPENAI_SUMMARY_MODELstringThe model used for OpenAI summarization.# OPENAI_SUMMARY_MODEL=gpt-3.5-turbo
OPENAI_FORCE_PROMPTbooleanForce the API to be called with a prompt payload instead of a messages payload.# OPENAI_FORCE_PROMPT=false
OPENAI_REVERSE_PROXYstringReverse proxy settings for OpenAI.# OPENAI_REVERSE_PROXY=
OPENAI_ORGANIZATIONstringSpecify which organization to use for each API request to OpenAI. Optional# OPENAI_ORGANIZATION=

Assistants

See: Assistants Setup

KeyTypeDescriptionExample
ASSISTANTS_API_KEYstringYour OpenAI API key for Assistants API. Leave blank to disable this endpoint or set to "user_provided" to allow users to provide their own API key from the WebUI.ASSISTANTS_API_KEY=user_provided
ASSISTANTS_MODELSstringCustomize the available models, separated by commas, without spaces. The first will be default. Leave blank to use internal settings.# ASSISTANTS_MODELS=gpt-3.5-turbo-0125,gpt-3.5-turbo-16k-0613,gpt-3.5-turbo-16k,gpt-3.5-turbo,gpt-4,gpt-4-0314,gpt-4-32k-0314,gpt-4-0613,gpt-3.5-turbo-0613,gpt-3.5-turbo-1106,gpt-4-0125-preview,gpt-4-turbo-preview,gpt-4-1106-preview
ASSISTANTS_BASE_URLstringAlternate base URL for Assistants API.# ASSISTANTS_BASE_URL=

Note: You can customize the available models, separated by commas, without spaces. The first will be default. Leave it blank or commented out to use internal settings.

Plugins

Here are some useful resources about plugins:

General Configuration

Environment Variables

KeyTypeDescriptionExample
PLUGIN_MODELSstringIdentify available models, separated by commas without spaces. The first model in the list will be set as default. Defaults to internal settings.# PLUGIN_MODELS=gpt-4,gpt-4-turbo,gpt-4-turbo-preview,gpt-4-0125-preview,gpt-4-1106-preview,gpt-4-0613,gpt-3.5-turbo,gpt-3.5-turbo-0125,gpt-3.5-turbo-1106,gpt-3.5-turbo-0613
KeyTypeDescriptionExample
DEBUG_PLUGINSbooleanSet to false to disable debug mode for plugins.DEBUG_PLUGINS=true
⚠️
Warning
  • The API keys are “user_provided” through the webUI when commented out or empty. Do not set them to “user_provided”, either provide the API key or leave them blank/commented out.
✏️
Note

Note: Make sure the gptPlugins endpoint is set in the ENDPOINTS environment variable if it was configured before.

Credentials Configuration

To securely store credentials, you need a fixed key and IV. You can set them here for prod and dev environments.

KeyTypeDescriptionExample
CREDS_KEYstring32-byte key (64 characters in hex) for securely storing credentials. Required for app startup.CREDS_KEY=f34be427ebb29de8d88c107a71546019685ed8b241d8f2ed00c3df97ad2566f0
CREDS_IVstring16-byte IV (32 characters in hex) for securely storing credentials. Required for app startup.CREDS_IV=e2341419ec3dd3d19b13a1a87fafcbfb
⚠️
Warning

Warning: If you don’t set CREDS_KEY and CREDS_IV, the app will crash on startup.

Azure AI Search

This plugin supports searching Azure AI Search for answers to your questions. See: Azure AI Search

KeyTypeDescriptionExample
AZURE_AI_SEARCH_SERVICE_ENDPOINTstringThe service endpoint for Azure AI Search.AZURE_AI_SEARCH_SERVICE_ENDPOINT=
AZURE_AI_SEARCH_INDEX_NAMEstringThe index name for Azure AI Search.AZURE_AI_SEARCH_INDEX_NAME=
AZURE_AI_SEARCH_API_KEYstringThe API key for Azure AI Search.AZURE_AI_SEARCH_API_KEY=
AZURE_AI_SEARCH_API_VERSIONstringThe API version for Azure AI Search.AZURE_AI_SEARCH_API_VERSION=
AZURE_AI_SEARCH_SEARCH_OPTION_QUERY_TYPEstringThe query type for Azure AI Search.AZURE_AI_SEARCH_SEARCH_OPTION_QUERY_TYPE=
AZURE_AI_SEARCH_SEARCH_OPTION_TOPnumberThe top count for Azure AI Search.AZURE_AI_SEARCH_SEARCH_OPTION_TOP=
AZURE_AI_SEARCH_SEARCH_OPTION_SELECTstringThe select fields for Azure AI Search.AZURE_AI_SEARCH_SEARCH_OPTION_SELECT=

DALL-E:

API Keys:

KeyTypeDescriptionExample
DALLE_API_KEYstringThe OpenAI API key for DALL-E 2 and DALL-E 3 services.# DALLE2_API_KEY=

API Keys (Version Specific):

KeyTypeDescriptionExample
DALLE3_API_KEYstringThe OpenAI API key for DALL-E 3.# DALLE3_API_KEY=
DALLE2_API_KEYstringThe OpenAI API key for DALL-E 2.# DALLE2_API_KEY=

System Prompts:

KeyTypeDescriptionExample
DALLE3_SYSTEM_PROMPTstringThe system prompt for DALL-E 3.# DALLE3_SYSTEM_PROMPT=
DALLE2_SYSTEM_PROMPTstringThe system prompt for DALL-E 2.# DALLE2_SYSTEM_PROMPT=

Reverse Proxy Settings:

KeyTypeDescriptionExample
DALLE_REVERSE_PROXYstringThe reverse proxy URL for DALL-E API requests.# DALLE_REVERSE_PROXY=

Base URLs:

KeyTypeDescriptionExample
DALLE3_BASEURLstringThe base URL for DALL-E 3 API endpoints.# DALLE3_BASEURL=
DALLE2_BASEURLstringThe base URL for DALL-E 2 API endpoints.# DALLE2_BASEURL=

Azure OpenAI Integration (Optional):

KeyTypeDescriptionExample
DALLE3_AZURE_API_VERSIONstringThe API version for DALL-E 3 with Azure OpenAI service.# DALLE3_AZURE_API_VERSION=
DALLE2_AZURE_API_VERSIONstringThe API version for DALL-E 2 with Azure OpenAI service.# DALLE2_AZURE_API_VERSION=

Remember to replace placeholder text with actual prompts or instructions and provide your actual API keys if you choose to include them directly in the file (though managing sensitive keys outside of the codebase is a best practice). Always review and respect OpenAI’s usage policies when embedding API keys in software.

Note: if you have PROXY set, it will be used for DALL-E calls also, which is universal for the app.

DALL-E (Azure)

Here’s the updated layout for the DALL-E configuration options:

DALL-E:

API Keys:

KeyTypeDescriptionExample
DALLE_API_KEYstringThe OpenAI API key for DALL-E 2 and DALL-E 3 services.# DALLE_API_KEY=

API Keys (Version Specific):

KeyTypeDescriptionExample
DALLE3_API_KEYstringThe OpenAI API key for DALL-E 3.# DALLE3_API_KEY=
DALLE2_API_KEYstringThe OpenAI API key for DALL-E 2.# DALLE2_API_KEY=

System Prompts:

KeyTypeDescriptionExample
DALLE3_SYSTEM_PROMPTstringThe system prompt for DALL-E 3.# DALLE3_SYSTEM_PROMPT="Your DALL-E-3 System Prompt here"
DALLE2_SYSTEM_PROMPTstringThe system prompt for DALL-E 2.# DALLE2_SYSTEM_PROMPT="Your DALL-E-2 System Prompt here"

Reverse Proxy Settings:

KeyTypeDescriptionExample
DALLE_REVERSE_PROXYstringThe reverse proxy URL for DALL-E API requests.# DALLE_REVERSE_PROXY=

Base URLs:

KeyTypeDescriptionExample
DALLE3_BASEURLstringThe base URL for DALL-E 3 API endpoints.# DALLE3_BASEURL=https://<AZURE_OPENAI_API_INSTANCE_NAME>.openai.azure.com/openai/deployments/<DALLE3_DEPLOYMENT_NAME>/
DALLE2_BASEURLstringThe base URL for DALL-E 2 API endpoints.# DALLE2_BASEURL=https://<AZURE_OPENAI_API_INSTANCE_NAME>.openai.azure.com/openai/deployments/<DALLE2_DEPLOYMENT_NAME>/

Azure OpenAI Integration (Optional):

KeyTypeDescriptionExample
DALLE3_AZURE_API_VERSIONstringThe API version for DALL-E 3 with Azure OpenAI service.# DALLE3_AZURE_API_VERSION=the-api-version # e.g.: 2023-12-01-preview
DALLE2_AZURE_API_VERSIONstringThe API version for DALL-E 2 with Azure OpenAI service.# DALLE2_AZURE_API_VERSION=the-api-version # e.g.: 2023-12-01-preview

Remember to replace placeholder text with actual prompts or instructions and provide your actual API keys if you choose to include them directly in the file (though managing sensitive keys outside of the codebase is a best practice). Always review and respect OpenAI’s usage policies when embedding API keys in software.

Note: if you have PROXY set, it will be used for DALL-E calls also, which is universal for the app.

Google Search

See detailed instructions here: Google Search

Environment Variables:

KeyTypeDescriptionExample
GOOGLE_SEARCH_API_KEYstringGoogle Search API key.GOOGLE_SEARCH_API_KEY=
GOOGLE_CSE_IDstringGoogle Custom Search Engine ID.GOOGLE_CSE_ID=

SerpAPI

Description: SerpApi is a real-time API to access Google search results (not as performant)

Environment Variables:

KeyTypeDescriptionExample
SERPAPI_API_KEYstringYour SerpAPI API key.SERPAPI_API_KEY=

Stable Diffusion (Automatic1111)

See detailed instructions here: Stable Diffusion

Description: Use http://127.0.0.1:7860 with local install and http://host.docker.internal:7860 for docker

Environment Variables:

KeyTypeDescriptionExample
SD_WEBUI_URLstringStable Diffusion web UI URL.SD_WEBUI_URL=http://host.docker.internal:7860

Tavily

Get your API key here: https://tavily.com/#api

Environment Variables:

KeyTypeDescriptionExample
TAVILY_API_KEYstringTavily API key.TAVILY_API_KEY=

Traversaal

Description: LLM-enhanced search tool.

Get API key here: https://api.traversaal.ai/dashboard

Environment Variables:

KeyTypeDescriptionExample
TRAVERSAAL_API_KEYstringTraversaal API key.TRAVERSAAL_API_KEY=

WolframAlpha

See detailed instructions here: Wolfram Alpha

Environment Variables:

KeyTypeDescriptionExample
WOLFRAM_APP_IDstringWolfram Alpha App ID.WOLFRAM_APP_ID=

Zapier

Description: - You need a Zapier account. Get your API key from here: Zapier

  • Create allowed actions - Follow step 3 in this getting start guide from Zapier

Note: Zapier is known to be finicky with certain actions. Writing email drafts is probably the best use of it.

Environment Variables:

KeyTypeDescriptionExample
ZAPIER_NLA_API_KEYstringZapier NLA API key.ZAPIER_NLA_API_KEY=

Search (Meilisearch)

Enables search in messages and conversations:

KeyTypeDescriptionExample
SEARCHbooleanEnables search in messages and conversations.SEARCH=true

Note: If you’re not using docker, it requires the installation of the free self-hosted Meilisearch or a paid remote plan

To disable anonymized telemetry analytics for MeiliSearch for absolute privacy, set to true:

KeyTypeDescriptionExample
MEILI_NO_ANALYTICSbooleanDisables anonymized telemetry analytics for MeiliSearch.MEILI_NO_ANALYTICS=true

For the API server to connect to the search server. Replace ‘0.0.0.0’ with ‘meilisearch’ if serving MeiliSearch with docker-compose.

KeyTypeDescriptionExample
MEILI_HOSTstringThe API server connection to the search server.MEILI_HOST=http://0.0.0.0:7700

This master key must be at least 16 bytes, composed of valid UTF-8 characters. MeiliSearch will throw an error and refuse to launch if no master key is provided or if it is under 16 bytes. MeiliSearch will suggest a secure autogenerated master key. This is a ready-made secure key for docker-compose, you can replace it with your own.

KeyTypeDescriptionExample
MEILI_MASTER_KEYstringThe master key for MeiliSearch.MEILI_MASTER_KEY=DrhYf7zENyR6AlUCKmnz0eYASOQdl6zxH7s7MKFSfFCt

User System

This section contains the configuration for:

Here is the rewritten content in MDX format with improvements:

Moderation

The Automated Moderation System uses a scoring mechanism to track user violations. As users commit actions like excessive logins, registrations, or messaging, they accumulate violation scores. Upon reaching a set threshold, the user and their IP are temporarily banned. This system ensures platform security by monitoring and penalizing rapid or suspicious activities.

see: Automated Moderation

Basic Moderation Settings

KeyTypeDescriptionExample
OPENAI_MODERATIONbooleanWhether or not to enable OpenAI moderation on the **OpenAI** and **Plugins** endpoints.OPENAI_MODERATION=false
OPENAI_MODERATION_API_KEYstringYour OpenAI API key.OPENAI_MODERATION_API_KEY=
OPENAI_MODERATION_REVERSE_PROXYstringNote: Commented out by default, this is not working with all reverse proxys.# OPENAI_MODERATION_REVERSE_PROXY=

Banning Settings

KeyTypeDescriptionExample
BAN_VIOLATIONSbooleanWhether or not to enable banning users for violations (they will still be logged).BAN_VIOLATIONS=true
BAN_DURATIONintegerHow long the user and associated IP are banned for (in milliseconds).BAN_DURATION=1000 * 60 * 60 * 2
BAN_INTERVALintegerThe user will be banned every time their score reaches/crosses over the interval threshold.BAN_INTERVAL=20

Score for each violation

KeyTypeDescriptionExample
LOGIN_VIOLATION_SCOREintegerScore for login violations.LOGIN_VIOLATION_SCORE=1
REGISTRATION_VIOLATION_SCOREintegerScore for registration violations.REGISTRATION_VIOLATION_SCORE=1
CONCURRENT_VIOLATION_SCOREintegerScore for concurrent violations.CONCURRENT_VIOLATION_SCORE=1
MESSAGE_VIOLATION_SCOREintegerScore for message violations.MESSAGE_VIOLATION_SCORE=1
NON_BROWSER_VIOLATION_SCOREintegerScore for non-browser violations.NON_BROWSER_VIOLATION_SCORE=20
ILLEGAL_MODEL_REQ_SCOREintegerScore for illegal model requests.ILLEGAL_MODEL_REQ_SCORE=5

Note: Non-browser access and Illegal model requests are almost always nefarious as it means a 3rd party is attempting to access the server through an automated script.

Message rate limiting (per user & IP)

KeyTypeDescriptionExample
LIMIT_CONCURRENT_MESSAGESbooleanWhether to limit the amount of messages a user can send per request.LIMIT_CONCURRENT_MESSAGES=true
CONCURRENT_MESSAGE_MAXintegerThe max amount of messages a user can send per request.CONCURRENT_MESSAGE_MAX=2

Limiters

Note: You can utilize both limiters, but default is to limit by IP only.

IP Limiter:
KeyTypeDescriptionExample
LIMIT_MESSAGE_IPbooleanWhether to limit the amount of messages an IP can send per `MESSAGE_IP_WINDOW`.LIMIT_MESSAGE_IP=true
MESSAGE_IP_MAXintegerThe max amount of messages an IP can send per `MESSAGE_IP_WINDOW`.MESSAGE_IP_MAX=40
MESSAGE_IP_WINDOWintegerIn minutes, determines the window of time for `MESSAGE_IP_MAX` messages.MESSAGE_IP_WINDOW=1
User Limiter:
KeyTypeDescriptionExample
LIMIT_MESSAGE_USERbooleanWhether to limit the amount of messages an user can send per `MESSAGE_USER_WINDOW`.LIMIT_MESSAGE_USER=false
MESSAGE_USER_MAXintegerThe max amount of messages an user can send per `MESSAGE_USER_WINDOW`.MESSAGE_USER_MAX=40
MESSAGE_USER_WINDOWintegerIn minutes, determines the window of time for `MESSAGE_USER_MAX` messages.MESSAGE_USER_WINDOW=1

Balance

The following enables user balances for the OpenAI/Plugins endpoints, which you can add manually or you will need to build out a balance accruing system for users.

see: Token Usage

KeyTypeDescriptionExample
CHECK_BALANCEbooleanEnable token credit balances for the OpenAI/Plugins endpoints.CHECK_BALANCE=false

Managing Balances

  • Run npm run add-balance to manually add balances.
  • You can also specify the email and token credit amount to add, e.g.: npm run add-balance [email protected] 1000
  • Run npm run list-balances to list the balance of every user.

Note: 1000 credits = $0.001 (1 mill USD)

Registration and Login

see: Authentication System

Image for Light Theme
Image for Dark Theme
  • General Settings:
KeyTypeDescriptionExample
ALLOW_EMAIL_LOGINbooleanEnable or disable ONLY email login.ALLOW_EMAIL_LOGIN=true
ALLOW_REGISTRATIONbooleanEnable or disable Email registration of new users.ALLOW_REGISTRATION=true
ALLOW_SOCIAL_LOGINbooleanAllow users to connect to LibreChat with various social networks.ALLOW_SOCIAL_LOGIN=false
ALLOW_SOCIAL_REGISTRATIONbooleanEnable or disable registration of new users using various social networks.ALLOW_SOCIAL_REGISTRATION=false

Quick Tip: Even with registration disabled, add users directly to the database using npm run create-user. Quick Tip: With registration disabled, you can delete a user with npm run delete-user [email protected].

  • Session and Refresh Token Settings:
KeyTypeDescriptionExample
SESSION_EXPIRYinteger (milliseconds)Session expiry time.SESSION_EXPIRY=1000 * 60 * 15
REFRESH_TOKEN_EXPIRYinteger (milliseconds)Refresh token expiry time.REFRESH_TOKEN_EXPIRY=(1000 * 60 * 60 * 24) * 7

You should use new secure values. The examples given are 32-byte keys (64 characters in hex). Use this replit to generate some quickly: JWT Keys

KeyTypeDescriptionExample
JWT_SECRETstring (hex)JWT secret key.JWT_SECRET=16f8c0ef4a5d391b26034086c628469d3f9f497f08163ab9b40137092f2909ef
JWT_REFRESH_SECRETstring (hex)JWT refresh secret key.JWT_REFRESH_SECRET=eaa5191f2914e30b9387fd84e254e4ba6fc51b4654968a9b0803b456a54b8418

Social Logins

For more details: OAuth2-OIDC

Discord Authentication

For more information: Discord

KeyTypeDescriptionExample
DISCORD_CLIENT_IDstringYour Discord client ID.DISCORD_CLIENT_ID=
DISCORD_CLIENT_SECRETstringYour Discord client secret.DISCORD_CLIENT_SECRET=
DISCORD_CALLBACK_URLstringThe callback URL for Discord authentication.DISCORD_CALLBACK_URL=/oauth/discord/callback

Facebook Authentication

For more information: Facebook Authentication

KeyTypeDescriptionExample
FACEBOOK_CLIENT_IDstringYour Facebook client ID.FACEBOOK_CLIENT_ID=
FACEBOOK_CLIENT_SECRETstringYour Facebook client secret.FACEBOOK_CLIENT_SECRET=
FACEBOOK_CALLBACK_URLstringThe callback URL for Facebook authentication.FACEBOOK_CALLBACK_URL=/oauth/facebook/callback

GitHub Authentication

For more information: GitHub Authentication

KeyTypeDescriptionExample
GITHUB_CLIENT_IDstringYour GitHub client ID.GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRETstringYour GitHub client secret.GITHUB_CLIENT_SECRET=
GITHUB_CALLBACK_URLstringThe callback URL for GitHub authentication.GITHUB_CALLBACK_URL=/oauth/github/callback

Google Authentication

For more information: Google Authentication

KeyTypeDescriptionExample
GOOGLE_CLIENT_IDstringYour Google client ID.GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRETstringYour Google client secret.GOOGLE_CLIENT_SECRET=
GOOGLE_CALLBACK_URLstringThe callback URL for Google authentication.GOOGLE_CALLBACK_URL=/oauth/google/callback

OpenID Connect

For more information:

KeyTypeDescriptionExample
OPENID_CLIENT_IDstringYour OpenID client ID.OPENID_CLIENT_ID=
OPENID_CLIENT_SECRETstringYour OpenID client secret.OPENID_CLIENT_SECRET=
OPENID_ISSUERstringThe OpenID issuer URL.OPENID_ISSUER=
OPENID_SESSION_SECRETstringThe secret for OpenID session storage.OPENID_SESSION_SECRET=
OPENID_SCOPEstringThe OpenID scope.OPENID_SCOPE="openid profile email"
OPENID_CALLBACK_URLstringThe callback URL for OpenID authentication.OPENID_CALLBACK_URL=/oauth/openid/callback
OPENID_REQUIRED_ROLEstringThe required role for validation.OPENID_REQUIRED_ROLE=
OPENID_REQUIRED_ROLE_TOKEN_KINDstringThe token kind for required role validation.OPENID_REQUIRED_ROLE_TOKEN_KIND=
OPENID_REQUIRED_ROLE_PARAMETER_PATHstringThe parameter path for required role validation.OPENID_REQUIRED_ROLE_PARAMETER_PATH=
OPENID_BUTTON_LABELstringThe label for the OpenID login button.OPENID_BUTTON_LABEL=
OPENID_IMAGE_URLstringThe URL of the OpenID login button image.OPENID_IMAGE_URL=

LDAP/AD Authentication

For more information: LDAP/AD Authentication

KeyTypeDescriptionExample
LDAP_URLstringLDAP server URL.LDAP_URL=ldap://localhost:389
LDAP_BIND_DNstringBind DNLDAP_BIND_DN=cn=root
LDAP_BIND_CREDENTIALSstringPassword for bindDNLDAP_BIND_CREDENTIALS=password
LDAP_USER_SEARCH_BASEstringLDAP user search baseLDAP_USER_SEARCH_BASE=o=users,o=example.com
LDAP_SEARCH_FILTERstringLDAP search filterLDAP_SEARCH_FILTER=mail={{username}}
LDAP_CA_CERT_PATHstringCA certificate path.LDAP_CA_CERT_PATH=/path/to/root_ca_cert.crt

Email Password Reset

Email is used for password reset. See: Email Password Reset

Important Note: All of the service or host, username, and password, and the From address must be set for email to work.

Warning: If using EMAIL_SERVICE, do NOT set the extended connection parameters: HOST, PORT, ENCRYPTION, ENCRYPTION_HOSTNAME, ALLOW_SELFSIGNED. Failing to set valid values here will result in LibreChat using the unsecured password reset!

See: nodemailer well-known-services

KeyTypeDescriptionExample
EMAIL_SERVICEstringEmail service (e.g., Gmail, Outlook).EMAIL_SERVICE=
EMAIL_HOSTstringMail server host.EMAIL_HOST=
EMAIL_PORTnumberMail server port.EMAIL_PORT=25
EMAIL_ENCRYPTIONstringEncryption method (starttls, tls, etc.).EMAIL_ENCRYPTION=
EMAIL_ENCRYPTION_HOSTNAMEstringHostname for encryption.EMAIL_ENCRYPTION_HOSTNAME=
EMAIL_ALLOW_SELFSIGNEDbooleanAllow self-signed certificates.EMAIL_ALLOW_SELFSIGNED=
EMAIL_USERNAMEstringUsername for authentication.EMAIL_USERNAME=
EMAIL_PASSWORDstringPassword for authentication.EMAIL_PASSWORD=
EMAIL_FROM_NAMEstringFrom name.EMAIL_FROM_NAME=
EMAIL_FROMstringFrom email address. Required.[email protected]

Firebase CDN

See: Firebase CDN Configuration

⚠️
Important
  • If you are using Firebase as your file storage strategy, make sure to set the file_strategy option to firebase in your librechat.yaml configuration file. - For more information on configuring the librechat.yaml file, please refer to the YAML Configuration Guide: Custom Endpoints & Configuration
KeyTypeDescriptionExample
FIREBASE_API_KEYstringThe API key for your Firebase project.FIREBASE_API_KEY=
FIREBASE_AUTH_DOMAINstringThe Firebase Auth domain for your project.FIREBASE_AUTH_DOMAIN=
FIREBASE_PROJECT_IDstringThe ID of your Firebase project.FIREBASE_PROJECT_ID=
FIREBASE_STORAGE_BUCKETstringThe Firebase Storage bucket for your project.FIREBASE_STORAGE_BUCKET=
FIREBASE_MESSAGING_SENDER_IDstringThe Firebase Cloud Messaging sender ID.FIREBASE_MESSAGING_SENDER_ID=
FIREBASE_APP_IDstringThe Firebase App ID for your project.FIREBASE_APP_ID=

UI

Help and FAQ Button

KeyTypeDescriptionExample
HELP_AND_FAQ_URLstringHelp and FAQ URL. If empty or commented, the button is enabled.HELP_AND_FAQ_URL=https://librechat.ai

Behaviour:

  • If HELP_AND_FAQ_URL is empty or commented, the button is enabled.
  • If HELP_AND_FAQ_URL is set to a URL (e.g., https://example.com), the button is enabled and links to that URL.
  • If HELP_AND_FAQ_URL is set to /, the button is disabled.

App Title and Footer

KeyTypeDescriptionExample
APP_TITLEstringApp title.APP_TITLE=LibreChat
CUSTOM_FOOTERstringCustom footer.# CUSTOM_FOOTER="My custom footer"

Behaviour:

  • Uncomment CUSTOM_FOOTER to add a custom footer.
  • Uncomment and leave CUSTOM_FOOTER empty to remove the footer.

Birthday Hat

KeyTypeDescriptionExample
SHOW_BIRTHDAY_ICONbooleanShow the birthday hat icon.# SHOW_BIRTHDAY_ICON=true

Behaviour:

  • The birthday hat icon will show automatically on February 11th (LibreChat’s birthday).
  • Set SHOW_BIRTHDAY_ICON to false to disable the birthday hat.
  • Set SHOW_BIRTHDAY_ICON to true to enable the birthday hat all the time.

Other

Redis

Note: Redis support is experimental, and you may encounter some problems when using it.

Important: If using Redis, you should flush the cache after changing any LibreChat settings.

KeyTypeDescriptionExample
REDIS_URIstringRedis URI.# REDIS_URI=
USE_REDISbooleanUse Redis.# USE_REDIS=