POSTGRES_PASSWORDREQ | PostgreSQL password for the embedded unifi user. Also used as the encryption key for stored API keys if SECRET_KEY is not set |
SECRET_KEY | Encryption key for stored API keys. Takes precedence over POSTGRES_PASSWORD. Recommended for external DB setups |
ABUSEIPDB_API_KEY | Enables threat scoring on blocked inbound IPs. Free tier: 1,000 check lookups/day + 5 blacklist pulls/day |
MAXMIND_ACCOUNT_ID | Enables GeoIP auto-update. Without it, manually place .mmdb files |
MAXMIND_LICENSE_KEY | Paired with account ID for auto-update |
TZ | Timezone for cron schedules. Defaults to UTC. Examples: Europe/London, Asia/Amman, America/New_York |
LOG_LEVEL | Logging verbosity: DEBUG, INFO, WARNING, ERROR, CRITICAL. Defaults to INFO |
UNIFI_HOST | UniFi Controller URL (e.g., https://192.168.1.1). Can also be set via Settings UI |
UNIFI_API_KEY | UniFi API key (Local Admin, for UniFi OS). Can also be set via Settings UI |
UNIFI_SITE | UniFi site name. Defaults to 'default' |
UNIFI_VERIFY_SSL | Set to false for self-signed certificates. Defaults to true |
UNIFI_POLL_INTERVAL | Device polling interval in seconds. Defaults to 300 (5 minutes) |
RETENTION_DAYS | Log retention in days for firewall/DHCP/Wi-Fi/system. Defaults to 60 |
DNS_RETENTION_DAYS | DNS log retention in days. Defaults to 10 |
DB_HOST | External PostgreSQL host. When set to a non-localhost address, embedded PG is disabled |
DB_PORT | External PostgreSQL port (default: 5432) |
DB_NAME | Database name (default: unifi_logs) |
DB_USER | Database user (default: unifi) |
DB_PASSWORD | Database password (falls back to POSTGRES_PASSWORD) |
DB_SSLMODE | SSL mode: require, verify-ca, verify-full |
DB_SSLROOTCERT | Path to CA certificate file |
DB_SSLCERT | Path to client certificate (mTLS) |
DB_SSLKEY | Path to client key (mTLS) |