Configuration¶
dawu-manager is configured through environment variables. No configuration file is required for basic operation.
Environment Variables¶
| Variable | Required | Default | Description |
|---|---|---|---|
DATABASE_URL |
No | file:~/.dawu-manager/data.db (npx) |
Path to the SQLite database file. Docker images default to file:/data/dawu.db. |
NEXTAUTH_SECRET |
Yes | Auto-generated (dev only) | Secret used for JWT token signing and API key encryption key derivation. Must be set for production. |
NEXTAUTH_URL |
No | http://localhost:3789 |
Canonical URL for NextAuth.js authentication callbacks. Set to your public URL in production. |
PORT |
No | 3789 |
TCP port the server listens on. |
ENCRYPTION_KEY |
No | Falls back to NEXTAUTH_SECRET |
Dedicated secret for API key encryption. When set, decouples encryption from session signing. |
NODE_ENV |
No | development |
Set to production for production builds. |
NEXT_TELEMETRY_DISABLED |
No | 1 (Docker) |
Disables Next.js anonymous telemetry collection. |
Variable Details¶
NEXTAUTH_SECRET¶
This is the most important configuration variable. It serves two purposes:
- JWT signing -- All user session tokens are signed with this secret. Changing it invalidates all active sessions.
- API key encryption -- Unless
ENCRYPTION_KEYis set, this secret is used to derive the AES-256-GCM encryption key for stored dawos-agent API keys.
Generate a cryptographically secure value:
Production requirement
Without a fixed NEXTAUTH_SECRET, the server generates a random secret on each startup. This means all users are logged out and, critically, all stored API keys become undecryptable after a restart. Always set this variable in production.
ENCRYPTION_KEY¶
An optional dedicated secret for API key encryption. When set, dawu-manager uses this value instead of NEXTAUTH_SECRET for the scrypt key derivation used in AES-256-GCM encryption.
This separation is useful when you need to rotate the session signing secret (NEXTAUTH_SECRET) without re-encrypting all stored API keys.
When to use ENCRYPTION_KEY
For most deployments, relying on NEXTAUTH_SECRET alone is sufficient. Set ENCRYPTION_KEY separately only if your security policy requires independent rotation of session and encryption keys.
DATABASE_URL¶
The SQLite database file path. The format is file:<path>.
| Deployment | Default Path | Example |
|---|---|---|
| npx | ~/.dawu-manager/data.db |
file:/home/user/.dawu-manager/data.db |
| Docker | /data/dawu.db |
file:/data/dawu.db |
| Development | ./dev.db |
file:./dev.db |
The directory must exist and be writable by the process owner.
NEXTAUTH_URL¶
The public-facing URL of your dawu-manager instance. This value is used by NextAuth.js for constructing authentication callback URLs.
# Internal network
NEXTAUTH_URL=http://192.168.1.100:3789
# Behind a reverse proxy with HTTPS
NEXTAUTH_URL=https://dawu.example.com
Reverse proxy deployments
When running behind nginx or another reverse proxy, set this to the external URL that users access in their browsers, not the internal address.
CLI Options¶
When using npx dawu-manager, the following command-line flags are available:
| Flag | Description | Example |
|---|---|---|
--port <number> |
Override the listen port | npx dawu-manager --port 4000 |
--help |
Display usage information | npx dawu-manager --help |
--version |
Display the installed version | npx dawu-manager --version |
Database Location by Deployment Method¶
| Method | Database Path | Persistence |
|---|---|---|
npx dawu-manager |
~/.dawu-manager/data.db |
Persists across restarts and upgrades |
| Docker Compose | /data/dawu.db (named volume) |
Persists in Docker volume dawu-data |
| Docker run | /data/dawu.db (named volume) |
Persists in Docker volume |
Development (pnpm dev) |
./dev.db |
Local file in project directory |
Production Configuration Example¶
npx deployment¶
export NEXTAUTH_SECRET="your-64-char-random-secret-here"
export NEXTAUTH_URL="https://dawu.example.com"
export PORT=3789
npx dawu-manager
Docker Compose¶
services:
dawu-manager:
image: ghcr.io/cepat-kilat-teknologi/dawu-manager:latest
ports:
- "3789:3789"
volumes:
- dawu-data:/data
environment:
DATABASE_URL: file:/data/dawu.db
NEXTAUTH_SECRET: your-64-char-random-secret-here
NEXTAUTH_URL: https://dawu.example.com
ENCRYPTION_KEY: optional-separate-encryption-key
restart: unless-stopped
volumes:
dawu-data: