Configuration
Self-hosted Atrium is configured via environment variables in the .env file. The Docker Compose file references these variables — you don't need to edit the Compose file directly.
Core settings
| Variable | Required | Description | Default |
|---|---|---|---|
DOMAIN | Yes | The domain name for your Atrium instance. | — |
ACME_EMAIL | Yes | Email address for Let's Encrypt certificate notifications. | — |
POSTGRES_USER | No | PostgreSQL username. | atrium |
POSTGRES_PASSWORD | Yes | PostgreSQL password. Pre-generated in the config package. | — |
POSTGRES_DB | No | PostgreSQL database name. | atrium |
JWT_SECRET | Yes | Secret used to sign authentication tokens. Pre-generated, keep confidential. | — |
ATRIUM_VERSION | No | Container image tag to use. | stable-latest |
Email (SMTP)
| Variable | Required | Description | Default |
|---|---|---|---|
SMTP_HOST | No | SMTP server hostname. Without SMTP, email notifications are disabled. | — |
SMTP_PORT | No | SMTP port. | 587 |
SMTP_USER | No | SMTP login username. | — |
SMTP_PASS | No | SMTP login password. | — |
SMTP_FROM | No | Sender address for outgoing emails. | noreply@{DOMAIN} |
SMTP_SECURE | No | true for implicit TLS (port 465), false for STARTTLS (port 587). | false |
Control Plane connectivity
| Variable | Required | Description | Default |
|---|---|---|---|
CONTROL_PLANE_URL | No | URL of the Control Plane. | https://cp.atrium.sprocksystems.de |
INSTANCE_TOKEN | Yes | Token for authenticating with the Control Plane. Provided during provisioning. | — |
ATRIUM_UPDATE_MODE | No | Update behavior: auto, notify, or disabled. | notify |
TLS
| Variable | Required | Description | Default |
|---|---|---|---|
CF_DNS_API_TOKEN | No | Cloudflare API token for DNS-01 ACME challenge. Only needed if port 80 is blocked. | — |
Database connection
In the standard Docker Compose deployment, the backend connects to PostgreSQL via Docker networking. The following variable is pre-configured:
| Variable | Description | Default |
|---|---|---|
DATABASE_URL | PostgreSQL connection string. | postgresql://{POSTGRES_USER}:{POSTGRES_PASSWORD}@postgres:5432/{POSTGRES_DB} |
You typically don't need to change this unless you're using an external PostgreSQL instance.
Modifying configuration
After changing .env, restart the affected containers:
cd ~/atrium
docker compose up -d
Docker Compose detects which services have changed environment variables and restarts only those containers.
JWT_SECRET, POSTGRES_PASSWORD, and INSTANCE_TOKEN are security-critical. Changing JWT_SECRET invalidates all active user sessions. Changing POSTGRES_PASSWORD requires updating both the .env file and the PostgreSQL user password inside the database.