Help us grow — star us on GitHubGitHub stars
LinkedRecords

Configuration

Environment variables and server setup

Overview

LinkedRecords is configured primarily through environment variables. This guide covers all available configuration options.

Quick Start

For local development, use Docker Compose:

docker compose -f https://github.com/wolfoo2931/linkedrecords.git#main:docker-compose.yml up

This starts LinkedRecords on port 6543 with a built-in mock OIDC provider for testing.

The Docker Compose setup is for local development only. It includes a mock OIDC provider with test accounts and should not be used in production.

Database Configuration

LinkedRecords uses PostgreSQL for data storage:

VariableDescriptionDefault
PGHOSTPostgreSQL hostlocalhost
PGPORTPostgreSQL port5432
PGUSERDatabase user-
PGPASSWORDDatabase password-
PGDATABASEDatabase name-
PGHOST=localhost
PGPORT=5432
PGUSER=linkedrecords
PGPASSWORD=your-secure-password
PGDATABASE=linkedrecords

Authentication (OIDC)

LinkedRecords supports OpenID Connect for authentication:

VariableDescriptionRequired
AUTH_ISSUER_BASE_URLOIDC provider URLYes
AUTH_CLIENT_IDOAuth client IDYes
AUTH_CLIENT_SECRETOAuth client secretConfidential clients
AUTH_COOKIE_SIGNING_SECRETSecret for signing cookiesYes
AUTH_TOKEN_AUDIENCEToken audience (public client mode)Public clients

Confidential Client Mode

For same-domain setups where the frontend and backend share a domain:

AUTH_ISSUER_BASE_URL=https://your-tenant.auth0.com/
AUTH_CLIENT_ID=your-client-id
AUTH_CLIENT_SECRET=your-client-secret
AUTH_COOKIE_SIGNING_SECRET=a-long-random-secret-string

Public Client Mode

For cross-domain setups (SPA on different domain than API):

AUTH_ISSUER_BASE_URL=https://your-tenant.auth0.com/
AUTH_CLIENT_ID=your-client-id
AUTH_TOKEN_AUDIENCE=your-api-audience
AUTH_COOKIE_SIGNING_SECRET=a-long-random-secret-string

CORS Configuration

For cross-domain access, configure allowed origins:

VariableDescriptionDefault
CORS_ORIGINJSON array of allowed origins["http://localhost:*"]
CORS_ORIGIN='["https://your-app.com", "https://staging.your-app.com"]'

URL Configuration

VariableDescriptionDefault
SERVER_BASE_URLPublic URL of the LinkedRecords server-
FRONTEND_BASE_URLURL of the frontend application-
SERVER_BASE_URL=https://api.your-app.com
FRONTEND_BASE_URL=https://your-app.com

Redis Configuration

Redis is used for caching and real-time pub/sub:

VariableDescriptionDefault
REDIS_URLRedis connection URLredis://localhost:6379
REDIS_URL=redis://username:password@redis-host:6379

S3/MinIO Configuration (Optional)

For blob storage, configure S3-compatible object storage:

VariableDescriptionDefault
S3_ENDPOINTS3-compatible endpoint URL-
S3_BUCKETBucket name-
S3_ACCESS_KEYAccess key ID-
S3_SECRET_KEYSecret access key-
S3_USE_SSLUse HTTPS (true/false)true
S3_ENDPOINT=http://localhost:9000
S3_BUCKET=linkedrecords
S3_ACCESS_KEY=minioadmin
S3_SECRET_KEY=minioadmin
S3_USE_SSL=false

If S3 is not configured, blob storage will use PostgreSQL (with reduced performance for large files).

Quota Configuration

Control storage limits per user:

VariableDescriptionDefault
DEFAULT_STORAGE_SIZE_QUOTADefault storage quota in MB500
QUOTA_COUNT_KV_ATTRIBUTESMax key-value attributes-
QUOTA_COUNT_LT_ATTRIBUTESMax long-text attributes-
QUOTA_COUNT_BLOB_ATTRIBUTESMax blob attributes-
DEFAULT_STORAGE_SIZE_QUOTA=500
QUOTA_COUNT_KV_ATTRIBUTES=10000
QUOTA_COUNT_LT_ATTRIBUTES=1000

Payment Integration (Optional)

For paid plans with Paddle:

VariableDescription
PADDLE_API_KEYPaddle API key
PADDLE_API_URLPaddle API URL
PADDLE_NOTIFICATION_SECRETWebhook signing secret
PADDLE_API_KEY=your-paddle-api-key
PADDLE_API_URL=https://api.paddle.com
PADDLE_NOTIFICATION_SECRET=webhook-signing-secret

Performance Tuning

VariableDescriptionDefault
ENABLE_AUTH_RULE_CACHECache authorization rulesfalse
SHORT_LIVED_ACCESS_TOKEN_SIGNINGUse short-lived tokensfalse
ENABLE_AUTH_RULE_CACHE=true
SHORT_LIVED_ACCESS_TOKEN_SIGNING=true

Complete Example Configuration

Development

# Database
PGHOST=localhost
PGPORT=5432
PGUSER=linkedrecords
PGPASSWORD=development
PGDATABASE=linkedrecords_dev
 
# Auth (mock OIDC for development)
AUTH_ISSUER_BASE_URL=http://localhost:3000/
AUTH_CLIENT_ID=dev-client
AUTH_COOKIE_SIGNING_SECRET=dev-secret-at-least-32-chars-long
 
# URLs
SERVER_BASE_URL=http://localhost:6543
FRONTEND_BASE_URL=http://localhost:5173
 
# Redis
REDIS_URL=redis://localhost:6379
 
# CORS
CORS_ORIGIN='["http://localhost:5173", "http://localhost:3000"]'

Production

# Database
PGHOST=db.your-provider.com
PGPORT=5432
PGUSER=linkedrecords
PGPASSWORD=secure-production-password
PGDATABASE=linkedrecords
 
# Auth (Auth0 example)
AUTH_ISSUER_BASE_URL=https://your-tenant.auth0.com/
AUTH_CLIENT_ID=production-client-id
AUTH_CLIENT_SECRET=production-client-secret
AUTH_COOKIE_SIGNING_SECRET=production-secret-at-least-32-chars
 
# URLs
SERVER_BASE_URL=https://api.your-app.com
FRONTEND_BASE_URL=https://your-app.com
 
# Redis
REDIS_URL=redis://user:password@redis.your-provider.com:6379
 
# S3
S3_ENDPOINT=https://s3.amazonaws.com
S3_BUCKET=your-linkedrecords-bucket
S3_ACCESS_KEY=AKIA...
S3_SECRET_KEY=...
S3_USE_SSL=true
 
# CORS
CORS_ORIGIN='["https://your-app.com"]'
 
# Quotas
DEFAULT_STORAGE_SIZE_QUOTA=1000
QUOTA_COUNT_KV_ATTRIBUTES=100000
 
# Performance
ENABLE_AUTH_RULE_CACHE=true

OIDC Provider Setup

Auth0

  1. Create an Application (Regular Web Application for confidential, SPA for public)
  2. Configure Allowed Callback URLs: https://your-backend.com/callback
  3. Configure Allowed Logout URLs: https://your-app.com
  4. Configure Allowed Web Origins: https://your-app.com
  5. Get the Client ID and Client Secret

Other Providers

LinkedRecords works with any standard OIDC provider:

  • Okta: Use the OIDC metadata URL
  • Keycloak: Configure a client with appropriate scopes
  • Google: Create OAuth 2.0 credentials

Health Check

LinkedRecords exposes a health endpoint:

curl http://localhost:6543/health

Logging

Configure logging output through standard Node.js mechanisms:

# Debug logging
DEBUG=linkedrecords:*
 
# Production logging
NODE_ENV=production

Previous

Sharing Patterns

On this page