Skip to main content
Nudgra OSS reads environment variables from .env locally and from the app.environment section in docker-compose.yml in the recommended production setup.

Local baseline

Copy .env.example to .env, then start from this local shape: 
DATABASE_URL=postgres://nudgra:nudgra@localhost:5432/nudgra
DATABASE_POOL_MAX=10
DATABASE_SSL=false

SITE_URL=http://localhost:3000
BETTER_AUTH_URL=http://localhost:3000
BETTER_AUTH_SECRET=replace-with-a-random-secret
TOKEN_ENCRYPTION_KEY=replace-with-another-random-secret
TRUSTED_ORIGINS=http://localhost:3000,http://127.0.0.1:3000

OPERATOR_EMAIL_ALLOWLIST=you@example.com
DEFAULT_WORKSPACE_TIMEZONE=UTC

GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=

META_APP_ID=
META_APP_SECRET=
META_VERIFY_TOKEN=
META_GRAPH_API_VERSION=v23.0

Production baseline

In production, these values must match your public domain: 
SITE_URL=https://your-domain.com
BETTER_AUTH_URL=https://your-domain.com
TRUSTED_ORIGINS=https://your-domain.com
OPERATOR_EMAIL_ALLOWLIST=you@example.com
Set the Google and Meta values after you configure Google OAuth and Meta / Instagram setup. 
GOOGLE_CLIENT_ID=your-google-client-id
GOOGLE_CLIENT_SECRET=your-google-client-secret
META_APP_ID=your-instagram-app-id
META_APP_SECRET=your-instagram-app-secret
META_VERIFY_TOKEN=your-generated-webhook-verify-token

Secret values

Generate BETTER_AUTH_SECRET, TOKEN_ENCRYPTION_KEY, and META_VERIFY_TOKEN with OpenSSL: 
openssl rand -base64 32
openssl rand -hex 32
Or generate them with Node: 
node -e "console.log(require('crypto').randomBytes(32).toString('base64url'))"
node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
Do not rotate BETTER_AUTH_SECRET or TOKEN_ENCRYPTION_KEY after real users or Instagram accounts are connected. Stored OAuth and Instagram tokens depend on those secrets.

Operator access

Use OPERATOR_EMAIL_ALLOWLIST to limit who can sign in to the dashboard: 
OPERATOR_EMAIL_ALLOWLIST=operator@example.com,backup@example.com
The source app also supports NUDGRA_ALLOWED_EMAILS as a backwards-compatible alias. Prefer OPERATOR_EMAIL_ALLOWLIST in new deployments.

Postgres and jobs

The recommended Docker Compose deployment sets the app database URL to the internal Postgres service: 
DATABASE_URL=postgres://nudgra:nudgra@postgres:5432/nudgra
For production, change the Postgres password in docker-compose.yml and update DATABASE_URL to match. pg-boss uses the PG_BOSS_SCHEMA schema, which defaults to pgboss.