# Scratchbox env-mode example for `scratchbox server --env`. # Set values here and pass this file with `--env-file .env`. # # The complete list of supported SCRATCHBOX_* env vars is the single source of # truth in internal/config/config.go (var envSuffixes). See the comment on # envSuffixes for maintenance rules when adding new vars. # # IMPORTANT: # - Scratchbox stores its key at $SCRATCHBOX_STORAGE_DATA_DIR/metadata.key. # - Keep that data directory persistent across restarts. # server SCRATCHBOX_SERVER_LISTEN_ADDR=:8080 SCRATCHBOX_SERVER_READ_HEADER_TIMEOUT=5s # Body/response deadlines. 0 = disabled. Raise or set 0 when LIMITS_MAX_UPLOAD_SIZE is multi-GiB. SCRATCHBOX_SERVER_READ_TIMEOUT=30s SCRATCHBOX_SERVER_WRITE_TIMEOUT=30s SCRATCHBOX_SERVER_IDLE_TIMEOUT=120s SCRATCHBOX_SERVER_SHUTDOWN_TIMEOUT=10s SCRATCHBOX_SERVER_MAX_HEADER_BYTES=1048576 SCRATCHBOX_SERVER_ACCESS_LOG_ENABLED=true SCRATCHBOX_SERVER_ACCESS_LOG_FILE_PATH= SCRATCHBOX_SERVER_ACCESS_LOG_MAX_SIZE=100MiB SCRATCHBOX_SERVER_ACCESS_LOG_MAX_BACKUPS=5 # limits # When raising MAX_UPLOAD_SIZE to multi-GiB, also set READ/WRITE_TIMEOUT high or 0 (see above). SCRATCHBOX_LIMITS_MAX_UPLOAD_SIZE=100MiB SCRATCHBOX_LIMITS_DEFAULT_TTL=15m # In-memory cache for small /api/raw range hits. Larger scratches stream from disk. SCRATCHBOX_LIMITS_RAW_CACHE_MAX_SIZE=200MiB SCRATCHBOX_LIMITS_RAW_CACHE_MAX_ENTRIES=32 # storage SCRATCHBOX_STORAGE_DATA_DIR=./data SCRATCHBOX_STORAGE_CLEANUP_INTERVAL=1m # security # Comma-separated IP/CIDR list. Empty = unrestricted. SCRATCHBOX_SECURITY_ALLOWED_IPS=127.0.0.1 # This should be set to your networks CIDR like 192.168.2.0/24 or a particulat IP like 192.168.2.55. SCRATCHBOX_SECURITY_TRUST_PROXY_HEADERS=false # Comma-separated IP/CIDR list. SCRATCHBOX_SECURITY_TRUSTED_PROXY_IPS= # Same as SCRATCHBOX_SECURITY_ALLOWED_IPS just Trusted Proxies you expect clients to come from instead. Must be *immediate* reverse proxies only; avoid 0/0. # Per-client token bucket on UI routes (/, /u, /s/{id}). SCRATCHBOX_SECURITY_RATE_LIMIT_UI_ENABLED=false SCRATCHBOX_SECURITY_RATE_LIMIT_UI_REQUESTS_PER_MINUTE=360 SCRATCHBOX_SECURITY_RATE_LIMIT_UI_BURST=120 # Per-client token bucket on API read routes (GET /api/config, GET /api/scratch/{id}, GET /api/raw/{id}). SCRATCHBOX_SECURITY_RATE_LIMIT_API_READ_ENABLED=false SCRATCHBOX_SECURITY_RATE_LIMIT_API_READ_REQUESTS_PER_MINUTE=300 SCRATCHBOX_SECURITY_RATE_LIMIT_API_READ_BURST=100 # Per-client token bucket on API write route (POST /api/scratch). SCRATCHBOX_SECURITY_RATE_LIMIT_API_WRITE_ENABLED=true SCRATCHBOX_SECURITY_RATE_LIMIT_API_WRITE_REQUESTS_PER_MINUTE=30 SCRATCHBOX_SECURITY_RATE_LIMIT_API_WRITE_BURST=10 # Enable Strict-Transport-Security (HSTS) header (recommended for public TLS deploys). SCRATCHBOX_SECURITY_HSTS_ENABLED=true