Environment Variables

Enviroment Variable	Description	Default Value
APP_SITE_URL	Site URL. e.g. https://example.com, https://example.com:8080
MONGO_URI	URI to connect to MongoDB.	mongodb://localhost/growi
ELASTICSEARCH_VERSION	Elasticsearch major version that system connects to. (7 or 8 can be specified)	8
ELASTICSEARCH_URI	URI to connect to Elasticsearch.
ELASTICSEARCH_REQUEST_TIMEOUT	Max request timeout in milliseconds for each request.(msec)	8000
ELASTICSEARCH_REJECT_UNAUTHORIZED	Turn off certificate verification when connecting with HTTPS schema.	false
REDIS_URI	URI to connect to Redis (use it as a session store instead of MongoDB).
PASSWORD_SEED	A password seed used by the password hash generator.
SECRET_TOKEN	A secret key for verifying the integrity of signed cookies.
SESSION_NAME	The name of the session ID cookie to set in the response by Express.	connect.sid
FORCE_WIKI_MODE	Forces wiki mode.	undefined
	: undefined Publicity will be configured by the admin security page settings
	: public Forces all pages to become public
	: private Forces all pages to become private
DISABLE_LINK_SHARING	Disable link sharing feature	false
FORMAT_NODE_LOG	If false, Output server log as JSON. (Enabled only when NODE_ENV=production)	true
USER_UPPER_LIMIT	(TBD)
MIN_PASSWORD_LENGTH	Minimum password length that users can set.	8
DEFAULT_EMAIL_PUBLISHED	Default setting for publishing new user email addresses.	true
S2CMSG_PUBSUB_CONNECTIONS_LIMIT	Maximum number of connections for all clients that receive push messages.	5000
S2CMSG_PUBSUB_CONNECTIONS_LIMIT_FOR_GUEST	Maximum number of connections for guest clients that receive push messages.	2000
S2CMSG_PUBSUB_CONNECTIONS_LIMIT_FOR_ADMIN	Maximum number of connections for admin users in admin pages. (This is isolated from S2CMSG_PUBSUB_CONNECTIONS_LIMIT)	100
AUDIT_LOG_ENABLED	If true, the Audit Log feature is enabled	false
ACTIVITY_EXPIRATION_SECONDS	Number of seconds to keep the audit log. Audit logs are automatically deleted after a set number of seconds have elapsed since they were created.	2592000
AUDIT_LOG_ACTION_GROUP_SIZE	Size of action groups to be collected in the audit log (can be SMALL, MEDIUM, or LARGE)	SMALL
AUDIT_LOG_ADDITIONAL_ACTIONS	Add individual actions not included in the action group specified by AUDIT_LOG_ACTION_GROUP_SIZE, in CSV format (comma-separated string).
AUDIT_LOG_EXCLUDE_ACTIONS	Exclude individual actions in the action group specified by AUDIT_LOG_ACTION_GROUP_SIZE, in CSV format (comma-separated string).
TRUST_PROXY_BOOL	A boolean that can be set to the trust proxy settings for Express (opens new window) prioritized than TRUST_PROXY_CSV and TRUST_PROXY_HOPS.
TRUST_PROXY_CSV	A CSV value that can be set to the trust proxy settings for Express (opens new window) prioritized than TRUST_PROXY_HOPS.
TRUST_PROXY_HOPS	A number value that can be set to the trust proxy settings for Express (opens new window).
Option for file uploading
FILE_UPLOAD	Attached files storage.	aws
	: aws Amazon Web Service S3 (needs AWS settings on Admin page)
	: gcs Google Cloud Storage (needs settings with environment variables)
	: mongodb MongoDB GridFS (Setting-less)
	: local Server's Local file system (Setting-less)
	: none Disable file uploading
FILE_UPLOAD_DISABLED	If true, file uploading will be disabled. However, the files can be still viewed.	false
MAX_FILE_SIZE	The maximum file size limit for uploads (bytes).	Infinity
FILE_UPLOAD_TOTAL_LIMIT	Total capacity limit for uploads (bytes).	Infinity
S3_LIFETIME_SEC_FOR_TEMPORARY_URL	Time to keep the cache of signed URLs (number of seconds)	120
GCS_API_KEY_JSON_PATH	Path of the JSON file that contains service account key to authenticate to GCP API (opens new window)
GCS_BUCKET	Name of the GCS bucket
GCS_UPLOAD_NAMESPACE	Directory name to create in the bucket
GCS_LIFETIME_SEC_FOR_TEMPORARY_URL	Time to keep the cache of signed URLs (number of seconds)	120
GCS_REFERENCE_FILE_WITH_RELAY_MODE	If true, the GROWI server sends the attachment data (relay mode). In the case of false (default value), the users download data from GCS directly by Signed URLs (opens new window) created by the server.	false
GCS_USES_ONLY_ENV_VARS_FOR_SOME_OPTIONS	Prioritize env vars over values in DB for some GCS options.	false
AZURE_TEANANT_ID	ID of the application's Microsoft Entra tenant.
AZURE_CLIENT_ID	ID of a Microsoft Entra application.
AZURE_CLIENT_SECRET	One of the application's client secrets.
AZURE_STORAGE_ACCOUNT_NAME	Storage Account Name
AZURE_STORAGE_CONTAINER_NAME	Container Name
AZURE_LIFETIME_SEC_FOR_TEMPORARY_URL	Time to keep the cache of signed URLs (number of seconds)	120
AZURE_REFERENCE_FILE_WITH_RELAY_MODE	If true, the GROWI server sends the attachment data (relay mode). In the case of false (default value), the users download data from Azure(Blob) directly by Shared Access Signatured URLs (opens new window) created by the server.	false
AZURE_USES_ONLY_ENV_VARS_FOR_SOME_OPTIONS	Prioritize env vars over values in DB for some Azure(Blob) options.	false
Option to integrate with external systems
NCHAN_URI	URI to connect to Nginx Nchan (opens new window) server.
HACKMD_URI	URI to connect to HackMD(CodiMD) (opens new window) server.
	This server must load the GROWI agent. Here's how to prepare it.
HACKMD_URI_FOR_SERVER	URI to connect to HackMD(CodiMD) (opens new window) server from GROWI Express server. If not set, HACKMD_URI will be used.
PLANTUML_URI	URI to connect to PlantUML (opens new window) server.
DRAWIO_URI	URI to connect to diagrams.net(draw.io) (opens new window) server.
S2SMSG_PUBSUB_SERVER_TYPE
	: nchan Nginx Nchan (opens new window)
	: redis (Not implemented yet)
S2SMSG_PUBSUB_NCHAN_PUBLISH_PATH	Publisher endpoint path for Nchan server	/pubsub
S2SMSG_PUBSUB_NCHAN_SUBSCRIBE_PATH	Subscriber endpoint path for Nchan server	/pubsub
S2SMSG_PUBSUB_NCHAN_CHANNEL_ID	The channel ID to connect to Nchan server
PROMSTER_ENABLED	Enable Promster (opens new window) server	false
PROMSTER_PORT	The port to launch Promster server	7788
SLACKBOT_TYPE	Type of Slack Bot to use when linking with Slack
SLACKBOT_WITHOUT_PROXY_SIGNING_SECRET	Signing Secret string used for Custom Bot without proxy environment
SLACKBOT_WITHOUT_PROXY_BOT_TOKEN	Bot Token string used for Custom Bot without proxy environment
SLACKBOT_WITH_PROXY_PROXY_URI	URI of slackbot-proxy server used for Custom Bot with proxy environment
SLACKBOT_WITH_PROXY_SALT_FOR_GTOP	Salt (for GROWI to Proxy) when generating tokens for the Official Bot or Custom Bot with proxy environment	gtop
SLACKBOT_WITH_PROXY_SALT_FOR_PTOG	Salt (for GROWI to Proxy) when generating tokens for the Official Bot or Custom Bot with proxy environment	ptog
Option (Overwritable in admin page)
APP_SITE_URL_USES_ONLY_ENV_VARS	Prioritize env vars over values in DB for Site URL	false
FILE_UPLOAD_USES_ONLY_ENV_VAR_FOR_FILE_UPLOAD_TYPE	Prioritize env var over value in DB for File Upload Type	false
LOCAL_STRATEGY_ENABLED	Enable or disable ID/Pass login
LOCAL_STRATEGY_USES_ONLY_ENV_VARS_FOR_SOME_OPTIONS	Prioritize env vars over values in DB for some ID/Pass login options	false
SAML_ENABLED	Enable or disable SAML
SAML_USES_ONLY_ENV_VARS_FOR_SOME_OPTIONS	Prioritize env vars over values in DB for some SAML options	false
SAML_ENTRY_POINT	IdP entry point
SAML_ISSUER	Issuer string to supply to IdP
SAML_ATTR_MAPPING_ID	Attribute map for ID
SAML_ATTR_MAPPING_USERNAME	Attribute map for username
SAML_ATTR_MAPPING_MAIL	Attribute map for email
SAML_ATTR_MAPPING_FIRST_NAME	Attribute map for first name
SAML_ATTR_MAPPING_LAST_NAME	Attribute map for last name
SAML_CERT	PEM-encoded X.509 signing certificate string to validate the response from IdP
OAUTH_GOOGLE_CLIENT_ID	Google API client ID for OAuth login.
OAUTH_GOOGLE_CLIENT_SECRET	Google API client secret for OAuth login.
OAUTH_GITHUB_CLIENT_ID	GitHub API client ID for OAuth login.
OAUTH_GITHUB_CLIENT_SECRET	GitHub API client secret for OAuth login.
OAUTH_TWITTER_CONSUMER_KEY	Twitter consumer key(API key) for OAuth login.
OAUTH_TWITTER_CONSUMER_SECRET	Twitter consumer secret(API secret) for OAuth login.