SECRET_KEY | Encryption key for stored API keys, UniFi credentials, and session tokens. Recommended but optional — falls back to POSTGRES_PASSWORD or DB_PASSWORD if not set |
AUTH_ENABLED | Set to true to enable built-in authentication. Requires HTTPS. Default: false |
POSTGRES_PASSWORD | PostgreSQL password for the embedded database user. Not required when using an external database with SECRET_KEY set |
ABUSEIPDB_API_KEY | Enables threat scoring on blocked inbound IPs. Free tier: 1,000 check lookups/day + 5 blacklist pulls/day |
MAXMIND_ACCOUNT_ID | Enables GeoIP auto-update. Without it, manually place .mmdb files |
MAXMIND_LICENSE_KEY | Paired with account ID for auto-update |
TZ | Timezone for cron schedules. Defaults to UTC. Examples: Europe/London, Asia/Amman, America/New_York |
LOG_LEVEL | Logging verbosity: DEBUG, INFO, WARNING, ERROR, CRITICAL. Defaults to INFO |
UNIFI_HOST | UniFi Controller URL (e.g., https://192.168.1.1). Can also be set via Settings UI |
UNIFI_API_KEY | UniFi API key (Local Admin). For UniFi OS controllers only. Can also be set via Settings UI |
UNIFI_USERNAME | Local username for self-hosted UniFi controllers. Use instead of UNIFI_API_KEY. Can also be set via Settings UI |
UNIFI_PASSWORD | Local password for self-hosted UniFi controllers. Paired with UNIFI_USERNAME. Can also be set via Settings UI |
UNIFI_SITE | UniFi site name. Defaults to 'default' |
UNIFI_VERIFY_SSL | Set to false for self-signed certificates. Defaults to true |
UNIFI_POLL_INTERVAL | Device polling interval in seconds. Defaults to 300 (5 minutes) |
UNIFI_ENABLED | Master toggle for UniFi integration. Auto-enables when both UNIFI_HOST and UNIFI_API_KEY are set |
PIHOLE_HOST | Pi-hole v6 base URL (e.g., http://10.10.10.229:60080). See Pi-hole docs page |
PIHOLE_PASSWORD | Pi-hole admin password. Setting both PIHOLE_HOST and PIHOLE_PASSWORD auto-enables the integration |
PIHOLE_POLL_INTERVAL | Pi-hole poll interval in seconds (15-86400). Defaults to 60 |
PIHOLE_ENABLED | Master toggle for the Pi-hole integration. Defaults to auto-enable when host + password are set |
RETENTION_DAYS | Log retention in days for firewall/DHCP/Wi-Fi/system. Defaults to 60 |
DNS_RETENTION_DAYS | DNS log retention in days. Defaults to 10 |
DB_HOST | External PostgreSQL host. When set to a non-localhost address, embedded PG is disabled |
DB_PORT | External PostgreSQL port (default: 5432) |
DB_NAME | Database name (default: unifi_logs) |
DB_USER | Database user (default: unifi) |
DB_PASSWORD | Database password (falls back to POSTGRES_PASSWORD) |
DB_SSLMODE | SSL mode: require, verify-ca, verify-full |
DB_SSLROOTCERT | Path to CA certificate file |
DB_SSLCERT | Path to client certificate (mTLS) |
DB_SSLKEY | Path to client key (mTLS) |