Parameters
| Parameter | Description |
|---|---|
MODE | Execution mode |
PORT | API server port |
BETTER_AUTH_SECRET | Authentication secret key |
BETTER_AUTH_URL | Base URL of the instance |
CORS_ORIGIN | Allowed origin for external apps |
API_SECRET | Secret for signed URLs |
DB_PATH | Custom SQLite database path |
PUBLIC_RATE_LIMIT_MAX | Max requests per window |
PUBLIC_RATE_LIMIT_WINDOW_MS | Rate limit window (ms) |
MAX_FILE_SIZE_MB | Maximum upload file size in MB |
Parameter reference
Execution mode.
| Value | Behavior |
|---|---|
fullstack | API + web dashboard (default) |
api | API only — auto-generates an API key on first startup, printed once to the container logs |
Port the API server listens on.
3000 (default) · 8080Secret used by Better Auth to sign sessions and tokens. Must be at least 32 characters.
Public base URL of your Openinary instance. Used for auth callbacks and CORS.
http://localhost:3000 · https://media.example.comAllowed origin when Openinary is called from a separate frontend. Only set this in production — by default
localhost:3001 (Next.js dev) is allowed automatically.https://yourapp.comSecret used to sign and verify signed URLs. Required if you use the
/authenticated/* route. Minimum 16 characters.Custom path for the SQLite database. Only needed when mounting to a non-standard location.
/data/auth.db · /mnt/volume/openinary.dbUpload
Maximum allowed file size for uploads, in megabytes.
50 (default) · 500 · 2048Useful for self-hosted setups where users need to upload large video files. Set it in your
.env file or Docker environment — no image rebuild required.Rate limiting
Rate limiting applies to all public routes (/t/*, /download/*, /health, etc.).
Maximum requests per window.
100 (default) · 200 (high traffic) · 50 (strict)Window duration in milliseconds.
| Value | Duration |
|---|---|
60000 | 1 minute (default) |
300000 | 5 minutes |
3600000 | 1 hour |
Related
Storage
Connect S3-compatible cloud storage.
Signed URLs
Use
API_SECRET to sign transformation URLs.