# This is a sample configuration file with all possible configuration options. # If you dont want to maintain a file like this you can pass in all variables via Server Variables LEAN_PORT=8080 # The port to expose and access Leantime LEAN_APP_URL=https://leantime.example.com # Base URL, needed for subfolder or proxy installs (including http:// or https://) LEAN_APP_DIR= # Base of application without trailing slash (used for cookies), e.g, /leantime LEAN_DEBUG=0 # Debug flag # Database - MySQL container # MYSQL_ROOT_PASSWORD=changeme123 # MySQL root password MYSQL_DATABASE=leantime # Database name MYSQL_USER=leantime # Database username # MYSQL_PASSWORD=changeme123 # Database password # Database - leantime container LEAN_DB_HOST=leantime-mysql # Database host LEAN_DB_USER=leantime # Database username (needs to be the same as MYSQL_USER) # LEAN_DB_PASSWORD=changeme123 # Database password (needs to be the same as MYSQL_PASSWORD) LEAN_DB_DATABASE=leantime # Database name (needs to be the same as MYSQL_DATABASE) LEAN_DB_PORT=3306 # Database port ## Session Management # LEAN_SESSION_PASSWORD=3evBlq9zdUEuzKvVJHWWx3QzsQhturBApxwcws2m # Salting sessions, replace with a strong password LEAN_SESSION_EXPIRATION=28800 # How many seconds after inactivity should we logout? 28800seconds = 8hours LEAN_SESSION_SECURE=false # Serve cookies via https only? Set to true when using https, set to false when using http. ## Optional Configuration, you may omit these from your .env file ## Default Settings LEAN_SITENAME=Leantime # Name of your site, can be changed later LEAN_LANGUAGE=en-US # Default language LEAN_DEFAULT_TIMEZONE=Etc/UTC # Set default timezone LEAN_LOG_PATH= # Default Log Path (including filename), if not set /logs/error.log will be used LEAN_DISABLE_LOGIN_FORM=false # If true then dont show the login form (useful only if additional auth method[s] are available) ## Look & Feel, these settings are available in the UI and can be overwritten there. LEAN_LOGO_PATH=/dist/images/logo.svg # Default logo path, can be changed later LEAN_PRINT_LOGO_URL=/dist/images/logo.png # Default logo URL use for printing (must be jpg or png format) LEAN_DEFAULT_THEME=default # Default theme LEAN_PRIMARY_COLOR=#006d9f # Primary Theme color LEAN_SECONDARY_COLOR = #00a886 # Secondary Theme Color ## Fileuploads # Local File Uploads LEAN_USER_FILE_PATH=userfiles/ # Local relative path to store uploaded files (if not using S3) LEAN_DB_BACKUP_PATH=backupdb/ # Local relative path to store backup files, need permission to write # S3 File Uploads LEAN_USE_S3=false # Set to true if you want to use S3 instead of local files LEAN_S3_KEY= # S3 Key LEAN_S3_SECRET= # S3 Secret LEAN_S3_BUCKET= # Your S3 bucket LEAN_S3_USE_PATH_STYLE_ENDPOINT=false # Sets the endpoint style: false => https://[bucket].[endpoint] ; true => https://[endpoint]/[bucket] LEAN_S3_REGION= # S3 region LEAN_S3_FOLDER_NAME= # Foldername within S3 (can be empty) LEAN_S3_END_POINT=null # S3 EndPoint S3 Compatible (https://sfo2.digitaloceanspaces.com) ## Email LEAN_EMAIL_RETURN= # Return email address, needs to be valid email address format LEAN_EMAIL_USE_SMTP=false # Use SMTP? If set to false, the default php mail() function will be used LEAN_EMAIL_SMTP_HOSTS= # SMTP host LEAN_EMAIL_SMTP_AUTH=true # SMTP authentication required LEAN_EMAIL_SMTP_USERNAME= # SMTP username LEAN_EMAIL_SMTP_PASSWORD= # SMTP password LEAN_EMAIL_SMTP_AUTO_TLS=true # SMTP Enable TLS encryption automatically if a server supports it LEAN_EMAIL_SMTP_SECURE= # SMTP Security protocol (usually one of: TLS, SSL, STARTTLS) LEAN_EMAIL_SMTP_SSLNOVERIFY=false # SMTP Allow insecure SSL: Dont verify certificate, accept self-signed, etc. LEAN_EMAIL_SMTP_PORT= # Port (usually one of 25, 465, 587, 2526) ## LDAP LEAN_LDAP_USE_LDAP=false # Set to true if you want to use LDAP LEAN_LDAP_LDAP_DOMAIN= # Domain name after username@ so users can login without domain definition LEAN_LDAP_LDAP_TYPE=OL # Select the correct directory type. Currently Supported: OL - OpenLdap, AD - Active Directory LEAN_LDAP_HOST= # FQDN LEAN_LDAP_PORT=389 # Default Port LEAN_LDAP_URI= # LDAP URI as alternative to hostname and port. Uses ldap://hostname:port LEAN_LDAP_DN= # Location of users, example: CN=users,DC=example,DC=com # Leantime->Ldap attribute mapping LEAN_LDAP_KEYS="{ \"username\":\"uid\", \"groups\":\"memberOf\", \"email\":\"mail\", \"firstname\":\"displayname\", \"lastname\":\"\", \"phone\":\"telephoneNumber\", \"jobTitle\":\"title\" \"jobLevel\":\"level\" \"department\":\"department\" }" # For AD use these default attributes # LEAN_LDAP_KEYS="{ # \"username\":\"cn\", # \"groups\":\"memberOf\", # \"email\":\"mail\", # \"firstname\":\"givenName\", # \"lastname\":\"sn\", # \"phone\":\"telephoneNumber\", # \"jobTitle\":\"title\" # \"jobLevel\":\"level\" # \"department\":\"department\" # }" LEAN_LDAP_DEFAULT_ROLE_KEY=20; # Default Leantime Role on creation. (set to editor) # Default role assignments upon first login. # optional - Can be updated later in user settings for each user LEAN_LDAP_GROUP_ASSIGNMENT="{ \"5\": { \"ltRole\":\"readonly\", \"ldapRole\":\"readonly\" }, \"10\": { \"ltRole\":\"commenter\", \"ldapRole\":\"commenter\" }, \"20\": { \"ltRole\":\"editor\", \"ldapRole\":\"editor\" }, \"30\": { \"ltRole\":\"manager\", \"ldapRole\":\"manager\" }, \"40\": { \"ltRole\":\"admin\", \"ldapRole\":\"administrators\" }, \"50\": { \"ltRole\":\"owner\", \"ldapRole\":\"administrators\" } }" ## OpenID Connect # required LEAN_OIDC_ENABLE=false LEAN_OIDC_CLIENT_ID = LEAN_OIDC_CLIENT_SECRET = # required - the URL for your provider (examples down below) #LEAN_OIDC_PROVIDER_URL = #Create User if it doesnt exist in Leantime db, otherwise fail login LEAN_OIDC_CREATE_USER=false # Default role for users created via OIDC (20 is editor) LEAN_OIDC_DEFAULT_ROLE=20 # optional - these will be read from the well-known configuration if possible #LEAN_OIDC_AUTH_URL_OVERRIDE = #LEAN_OIDC_TOKEN_URL_OVERRIDE = #LEAN_OIDC_JWKS_URL_OVERRIDE = #LEAN_OIDC_USERINFO_URL_OVERRIDE = # optional - override the public key for RSA validation #LEAN_OIDC_CERTIFICATE_STRING = #LEAN_OIDC_CERTIFICATE_FILE = # optional - override the requested scopes #LEAN_OIDC_SCOPES = # optional - override the keys used for these fields #LEAN_OIDC_FIELD_EMAIL = #LEAN_OIDC_FIELD_FIRSTNAME = #LEAN_OIDC_FIELD_LASTNAME = #LEAN_OIDC_FIELD_PHONE = #LEAN_OIDC_FIELD_JOBTITLE = #LEAN_OIDC_FIELD_JOBLEVEL= #LEAN_OIDC_FIELD_DEPARTMENT = ## OpenID Connect setting for GitHub #LEAN_OIDC_PROVIDER_URL=https://token.actions.githubusercontent.com/ #LEAN_OIDC_AUTH_URL_OVERRIDE=https://github.com/login/oauth/authorize #LEAN_OIDC_TOKEN_URL_OVERRIDE=https://github.com/login/oauth/access_token #LEAN_OIDC_USERINFO_URL_OVERRIDE=https://api.github.com/user,https://api.github.com/user/emails #LEAN_OIDC_SCOPES=user:email,read:user #LEAN_OIDC_FIELD_EMAIL=0.email #LEAN_OIDC_FIELD_FIRSTNAME=name ## Redis (for session storage and cache) LEAN_USE_REDIS=false # Set to true to use redis as session cache LEAN_REDIS_URL= # Add URL path such as tcp://1.2.3.4:6379. If you are using a password, add ?auth=yourverycomplexpasswordhere to your URL LEAN_REDIS_HOST= LEAN_REDIS_PORT=6379 LEAN_REDIS_PASSWORD= LEAN_REDIS_SCHEME= ## Rate limiting LEAN_RATELIMIT_GENERAL=1000 LEAN_RATELIMIT_API=10 LEAN_RATELIMIT_AUTH=20