|
| 1 | +# Environment Variables |
| 2 | + |
| 3 | +This document describes the server configuration environment variables for ElizaOS. |
| 4 | + |
| 5 | +## Server Security & Authentication |
| 6 | + |
| 7 | +### ELIZA_SERVER_AUTH_TOKEN |
| 8 | + |
| 9 | +Controls API authentication for the ElizaOS server. |
| 10 | + |
| 11 | +- **Purpose**: When set, requires all `/api/*` routes to include an `X-API-KEY` header with this token value |
| 12 | +- **Default**: Unset (no authentication required) |
| 13 | +- **Security**: When unset, all API endpoints are publicly accessible |
| 14 | +- **Usage**: |
| 15 | + ```bash |
| 16 | + ELIZA_SERVER_AUTH_TOKEN=your-secret-token |
| 17 | + ``` |
| 18 | +- **Headers**: Clients must send `X-API-KEY: your-secret-token` header |
| 19 | +- **Behavior**: |
| 20 | + - If unset: All requests allowed (no authentication) |
| 21 | + - If set: Only requests with matching `X-API-KEY` header allowed |
| 22 | + - Returns `401 Unauthorized` for invalid/missing keys |
| 23 | + |
| 24 | +## Web UI Control |
| 25 | + |
| 26 | +### ELIZA_UI_ENABLE |
| 27 | + |
| 28 | +Controls whether the web user interface is served by the server. |
| 29 | + |
| 30 | +- **Purpose**: Enable or disable the web UI for security and deployment flexibility |
| 31 | +- **Values**: |
| 32 | + - `true` - Force enable UI |
| 33 | + - `false` - Force disable UI |
| 34 | + - Unset/empty - Automatic behavior (enabled in development, disabled in production) |
| 35 | +- **Default Behavior**: |
| 36 | + - Development (`NODE_ENV=development`): UI enabled |
| 37 | + - Production (`NODE_ENV=production`): UI disabled for security |
| 38 | +- **Usage**: |
| 39 | + ```bash |
| 40 | + # Force enable in production |
| 41 | + ELIZA_UI_ENABLE=true |
| 42 | + |
| 43 | + # Force disable in development |
| 44 | + ELIZA_UI_ENABLE=false |
| 45 | + |
| 46 | + # Use automatic behavior |
| 47 | + ELIZA_UI_ENABLE= |
| 48 | + ``` |
| 49 | +- **Security**: Disabling UI reduces attack surface by removing web interface |
| 50 | +- **API Access**: API endpoints remain available regardless of UI setting |
| 51 | + |
| 52 | +## Examples |
| 53 | + |
| 54 | +### Production Deployment (Secure) |
| 55 | +```bash |
| 56 | +NODE_ENV=production |
| 57 | +ELIZA_SERVER_AUTH_TOKEN=secure-random-token-here |
| 58 | +ELIZA_UI_ENABLE=false |
| 59 | +``` |
| 60 | + |
| 61 | +### Development Setup (Convenient) |
| 62 | +```bash |
| 63 | +NODE_ENV=development |
| 64 | +# ELIZA_SERVER_AUTH_TOKEN= # Unset for easy development |
| 65 | +# ELIZA_UI_ENABLE= # Unset for automatic behavior (UI enabled) |
| 66 | +``` |
| 67 | + |
| 68 | +### Headless API Server |
| 69 | +```bash |
| 70 | +ELIZA_SERVER_AUTH_TOKEN=api-only-token |
| 71 | +ELIZA_UI_ENABLE=false |
| 72 | +``` |
| 73 | + |
| 74 | +## Related Files |
| 75 | + |
| 76 | +- **Configuration**: `.env.example` - Template with all available environment variables |
| 77 | +- **Authentication**: `packages/server/src/authMiddleware.ts` - API key validation logic |
| 78 | +- **UI Control**: `packages/server/src/index.ts` - Web UI enable/disable logic |
0 commit comments