Docs / Getting started
Configuration
Environment variables, secrets, tuning knobs.
.env file
.env
# ─── Licensing (required) ──────────────────────────────────── LICENSE_KEY=your-license-key-here # ─── Application ───────────────────────────────────────────── APP_PORT=8080 PUBLIC_URL=https://ir.example.com TRUSTED_PROXY=127.0.0.1 SESSION_SECRET=CHANGE_ME_random_64_chars # ─── MySQL ─────────────────────────────────────────────────── DB_PORT=3306 DB_USERNAME=mlab_web DB_PASSWORD=CHANGE_ME_mysql_password DB_ROOT_PASSWORD=CHANGE_ME_mysql_root_password # ─── ClickHouse ────────────────────────────────────────────── CH_USERNAME=default CH_PASSWORD=CHANGE_ME_clickhouse_password # ─── Retention (days) ──────────────────────────────────────── RETENTION_ALERTS_DAYS=365 RETENTION_TIMELINE_DAYS=730 # ─── Auth (optional) ───────────────────────────────────────── # OIDC_ISSUER=https://login.example.com # OIDC_CLIENT_ID=ir-mlab # OIDC_CLIENT_SECRET=...
Variable reference
| Variable | Required | Default | Description |
|---|---|---|---|
LICENSE_KEY | Yes | — | Your ir.mlab.sh license key (free or paid). |
APP_PORT | No | 8080 | Port the app container exposes. |
PUBLIC_URL | Recommended | http://localhost:8080 | External URL used for webhooks, report links. |
TRUSTED_PROXY | If behind reverse proxy | — | IP of the proxy. Honors X-Forwarded-*. |
SESSION_SECRET | Yes | — | Random 64+ chars. Used to sign session cookies. |
DB_USERNAME / DB_PASSWORD | Yes | — | MySQL credentials. |
DB_ROOT_PASSWORD | Yes | — | MySQL root (used at first init only). |
CH_USERNAME / CH_PASSWORD | Yes | — | ClickHouse credentials. |
RETENTION_ALERTS_DAYS | No | 365 | Closed/dismissed alerts older than this are purged. |
RETENTION_TIMELINE_DAYS | No | 730 | Timeline events older than this are purged. |
OIDC_* | No | — | Enable Single Sign-On via OpenID Connect. |
Don't commit
.env. Add it to your .gitignore. Rotate SESSION_SECRET and all DB passwords if they ever leak.
Generating secrets
terminal
openssl rand -hex 32 # session secret / DB passwords
Where do I find my license key?
Sign in on mlab.sh, then visit Organization > Incident Response. A free key is created for you automatically. See Licensing for how validation works.