Configuration
License server environment options
This page lists every supported environment variable, what it controls, and its default value. DATABASE_URL and one of MANAGEMENT_API_KEYS or MANAGEMENT_API_KEY are required to start the server.
Minimal startup example
bash
# Required
DATABASE_URL=postgres://postgres:postgres@postgres:5432/simple_license_server?sslmode=disable
MANAGEMENT_API_KEYS=management_key_prod_please_make_this_long_and_random
# Optional
PORT=8080
REQUEST_TIMEOUT=15sEnvironment variables
| Variable | Required | Default | What it does |
|---|---|---|---|
DATABASE_URL | Yes | None | Postgres connection string used by the API at startup. |
MANAGEMENT_API_KEYS | Yes* | None | Comma-separated management bootstrap keys for /management/* endpoints (each key must be 16+ chars). |
MANAGEMENT_API_KEY | Yes* | None | Single-key fallback used only when MANAGEMENT_API_KEYS is not set. |
PORT | No | 8080 | HTTP listen port for the API server. |
REQUEST_TIMEOUT | No | 15s | Per-request timeout applied by middleware. |
SHUTDOWN_TIMEOUT | No | 10s | Graceful shutdown timeout when the process receives a stop signal. |
HTTP_READ_TIMEOUT | No | 15s | Maximum time for reading request headers/body. |
HTTP_WRITE_TIMEOUT | No | 30s | Maximum time before timing out writes of the response. |
HTTP_IDLE_TIMEOUT | No | 60s | Maximum keep-alive idle time for client connections. |
RATE_LIMIT_ENABLED | No | true | Enables global + per-IP rate limiting middleware. |
RATE_LIMIT_GLOBAL_RPS | No | 100 | Global requests-per-second allowance when rate limiting is enabled. |
RATE_LIMIT_GLOBAL_BURST | No | 200 | Global burst capacity when rate limiting is enabled. |
RATE_LIMIT_PER_IP_RPS | No | 20 | Per-client-IP requests-per-second allowance. |
RATE_LIMIT_PER_IP_BURST | No | 40 | Per-client-IP burst capacity. |
RATE_LIMIT_IP_TTL | No | 10m | TTL for per-IP limiter entries before cleanup. |
RATE_LIMIT_MAX_IP_ENTRIES | No | 10000 | Maximum number of tracked IP limiter entries. |
TRUST_PROXY_HEADERS | No | false | Trust X-Forwarded-For/X-Real-IP when running behind a trusted proxy. |
Validation notes
*One ofMANAGEMENT_API_KEYSorMANAGEMENT_API_KEYmust be set.- All API keys must be at least 16 characters.
- Use
POST /management/api-keysto create generated server API keys for/generateand/revoke. - All timeout values must be valid Go durations (for example
15s,10m). - When
RATE_LIMIT_ENABLED=true, all rate-limit numeric values must be greater than zero. - Booleans accept values like
true/false,1/0,yes/no.