Environment Variables

All Tracera configuration is done through environment variables. Copy .env.example to .env and customize.

Server

Variable	Default	Description
`SERVER_HOST`	`0.0.0.0`	Bind address for the HTTP server
`SERVER_PORT`	`8080`	Port for the HTTP server
`BASE_URL`	`http://localhost:8080`	Public-facing URL (used for OAuth callbacks, magic links)
`FRONTEND_URL`	`{BASE_URL}`	Frontend URL for post-login redirects

BASE_URL must be set correctly in production — it’s used for OAuth redirect URIs and magic link URLs.

Database (TimescaleDB)

Variable	Default	Description
`DB_HOST`	`localhost`	TimescaleDB hostname
`DB_PORT`	`5432`	PostgreSQL port
`DB_USER`	`skinvestment`	Database user
`DB_PASSWORD`	`skinvestment`	Database password
`DB_NAME`	`skinvestment`	Database name
`DB_SSLMODE`	`disable`	SSL mode (`disable`, `require`, `verify-full`)

Use DB_SSLMODE=require or verify-full in production.

Redis

Variable	Default	Description
`REDIS_HOST`	`localhost`	Redis hostname
`REDIS_PORT`	`6379`	Redis port
`REDIS_PASSWORD`	(empty)	Redis password (optional)
`REDIS_DB`	`0`	Redis database index (0-15)

Session

Variable	Default	Description
`SESSION_SECRET`	required	Signing key for session cookies (min 32 bytes)
`SESSION_LIFETIME_HOURS`	`72`	Session duration in hours
`SESSION_COOKIE_SECURE`	Auto	Secure cookie flag. Auto-derived from `BASE_URL` scheme.

Generate a session secret:

openssl rand -base64 32

OAuth Providers

Google

Variable	Default	Description
`GOOGLE_CLIENT_ID`	(empty)	Google OAuth client ID
`GOOGLE_CLIENT_SECRET`	(empty)	Google OAuth client secret

Google OAuth is disabled if either variable is empty.

GitHub

Variable	Default	Description
`GITHUB_CLIENT_ID`	(empty)	GitHub OAuth client ID
`GITHUB_CLIENT_SECRET`	(empty)	GitHub OAuth client secret

GitHub OAuth is disabled if either variable is empty.

Steam

Variable	Default	Description
`STEAM_API_KEY`	(empty)	Steam Web API key (for fetching profiles)
`STEAM_OPENID_ENABLED`	`true`	Enable/disable Steam OpenID

Email

Variable	Default	Description
`RESEND_API_KEY`	(empty)	Resend API key. If unset, emails are logged to stdout.
`RESEND_FROM_EMAIL`	`onboarding@resend.dev`	Sender email address
`MAGIC_LINK_EXPIRY_MINUTES`	`10`	Magic link token expiry in minutes

Frontend

Variable	Default	Description
`BACKEND_BASE_URL`	`http://app:8080`	Backend URL for server-side requests (Docker internal)
`BACKEND_PUBLIC_URL`	`http://localhost:8080`	Backend URL for client-side requests (browser)

Price Ingestion

Variable	Default	Description
`PRICEMPIRE_API_KEY`	(empty)	PriceEmpire API key. Source disabled if unset.

Validation

The server validates all configuration at startup and will fail to start if:

SESSION_SECRET is missing or too short (< 32 bytes)
Port numbers are invalid
REDIS_DB is outside the 0-15 range
Timing values (intervals, lifetimes) are non-positive

Getting Started

Authentication

Database

Frontend

Configuration

Deployment

Development

Vision

Environment Variables

Environment Variables

Server

Database (TimescaleDB)

Redis

Session

OAuth Providers

Google

GitHub

Steam

Email

Frontend

Price Ingestion

Validation

Getting Started

Authentication

Database

Frontend

Configuration

Deployment

Development

Vision

​Environment Variables

​Server

​Database (TimescaleDB)

​Redis

​Session

​OAuth Providers

​Google

​GitHub

​Steam

​Email

​Frontend

​Price Ingestion

​Validation

Environment Variables

Server

Database (TimescaleDB)

Redis

Session

OAuth Providers

Google

GitHub

Steam

Email

Frontend

Price Ingestion

Validation