Noxus configuration is split between:
- runtime env vars (URLs, deployment mode, non-sensitive settings)
- secrets (credentials and keys)
- admin-managed platform settings (global configuration in the Noxus admin portal)
Configuration Sources
Environment Variable Layers
| Layer | Example |
|---|
| Base platform env | deployment env, URLs, storage mode, feature toggles |
| Service-specific env | frontend-only host binding, worker subscribe mode |
| Secrets | DB/Redis credentials, auth keys, provider secrets |
Environment Variable Reference
| Variable | Default | Description |
|---|
DEPLOYMENT_ENV | "prod" | Environment name for logging purposes |
DEPLOYMENT_NAME | "NOXUS" | Display name for the deployment instance |
ON_PREM | "false" | Set to "true" for non-cloud based deployments |
ADMIN_EMAIL | — | Admin email used during initial bootstrap - only used on first boot |
URLs
| Variable | Default | Description |
|---|
BACKEND_URL | — | Public URL for the backend API (e.g. https://api.example.com). Can be set to an internal LB for the frontend instance |
FRONTEND_URL | — | Public URL for the frontend (e.g. https://example.com) |
RELAY_URL | — | Public URL for the relay service (e.g. https://relay.example.com) |
Database Configuration
| Variable | Default | Description |
|---|
DATABASE | "spot" | PostgreSQL database name |
POSTGRES_POOL_SIZE | "64" | Connection pool size for the primary database |
VECTOR_POSTGRES_POOL_SIZE | "128" | Connection pool size for the vector database |
RUN_MIGRATIONS | "1" | Run Alembic migrations on startup |
Redis
| Variable | Default | Description |
|---|
REDIS_PORT | "6379" | Redis server port |
REDIS_SSL | "" | Enable SSL for Redis connections |
REDIS_SINGLE_DB_ONLY | "" | Restrict to a single Redis database, for compatibility with some managed Redis services |
CACHE_LOCATION | "redis" | Cache backend location |
Object Storage
| Variable | Default | Description |
|---|
BUCKET_CLIENT | "s3" | Storage provider: gcloud, s3, or minio |
STORAGE_BUCKET | — | Primary storage bucket name |
PUBLIC_STORAGE_BUCKET | — | Public assets bucket name |
S3_ENDPOINT_URL | "" | Custom S3 endpoint (leave empty for AWS S3) |
AWS_REGION | "eu-west-1" | AWS region for S3 operations |
Observability
| Variable | Default | Description |
|---|
OTEL_COLLECTOR_ENDPOINT | "" | OpenTelemetry collector endpoint |
PROMETHEUS_MULTIPROC_DIR | "/tmp" | Directory for Prometheus multiprocess metrics |
PROM_REMOTE_WRITE_URL | "" | Prometheus remote write endpoint |
ENABLE_LLM_OBSERVABILITY | "true" | Enable LLM call tracing in OTEL |
Worker Configuration (per deployment)
| Variable | Default | Description |
|---|
WORKER_SUBSCRIBE | "all_but_kb" | Queue type: all, all_but_kb, flow, chat, kb |
WORKER_SUBSCRIBE_TENANTS | "" | Comma-separated tenant IDs to process (empty = all) |
WORKER_SUBSCRIBE_WORKSPACES | "" | Comma-separated workspace IDs to process (empty = all) |
Plugin Server
| Variable | Default | Description |
|---|
PLUGIN_SERVER_URL | "" | URL of the plugin server |
ENABLE_PLUGINS | "false" | Enable plugin system |
Deployment-Independent Principles
- Keep non-sensitive settings in environment config
- Keep credentials in secrets only
- Keep environment names simple (
local, staging, prod)
- Do not expose internal-only controls (such as billing internals) in user-facing docs
Noxus supports extensive runtime configuration from the admin portal when the user has global admin permissions. This includes global server settings and auth behavior.
Practical Mapping In Your Stack
- VM compose:
env_file and explicit env mounts
- Helm:
env, extraEnv, secrets, plus service-specific secret variants
- Terraform stage3: secret/env materialization and namespace-scoped injection
