forked from Soju06/codex-lb
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
92 lines (76 loc) · 3.48 KB
/
.env.example
File metadata and controls
92 lines (76 loc) · 3.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# Database
CODEX_LB_DATABASE_URL=sqlite+aiosqlite:///~/.codex-lb/store.db
# Optional PostgreSQL example (SQLite stays default if not set):
# CODEX_LB_DATABASE_URL=postgresql+asyncpg://codex_lb:codex_lb@127.0.0.1:5432/codex_lb
CODEX_LB_DATABASE_MIGRATE_ON_STARTUP=true
CODEX_LB_DATABASE_SQLITE_PRE_MIGRATE_BACKUP_ENABLED=true
CODEX_LB_DATABASE_SQLITE_PRE_MIGRATE_BACKUP_MAX_FILES=5
# Upstream ChatGPT base URL (no /codex suffix)
CODEX_LB_UPSTREAM_BASE_URL=https://chatgpt.com/backend-api
# Timeouts (seconds)
CODEX_LB_UPSTREAM_CONNECT_TIMEOUT_SECONDS=30
CODEX_LB_PROXY_REQUEST_BUDGET_SECONDS=600
CODEX_LB_STREAM_IDLE_TIMEOUT_SECONDS=300
# OAuth / token refresh
CODEX_LB_AUTH_BASE_URL=https://auth.openai.com
CODEX_LB_OAUTH_CLIENT_ID=app_EMoamEEZ73f0CkXaXp7hrann
CODEX_LB_OAUTH_SCOPE="openid profile email"
CODEX_LB_OAUTH_TIMEOUT_SECONDS=30
CODEX_LB_OAUTH_REDIRECT_URI=http://localhost:1455/auth/callback
CODEX_LB_OAUTH_CALLBACK_HOST=127.0.0.1
# Do not change the port. OpenAI dislikes changes.
CODEX_LB_OAUTH_CALLBACK_PORT=1455
CODEX_LB_TOKEN_REFRESH_TIMEOUT_SECONDS=30
CODEX_LB_TOKEN_REFRESH_INTERVAL_DAYS=8
# Encryption key file (optional override; recommended for Docker volumes)
# CODEX_LB_ENCRYPTION_KEY_FILE=/var/lib/codex-lb/encryption.key
# Upstream usage fetch
CODEX_LB_USAGE_FETCH_TIMEOUT_SECONDS=10
CODEX_LB_USAGE_FETCH_MAX_RETRIES=2
CODEX_LB_USAGE_REFRESH_ENABLED=true
CODEX_LB_USAGE_REFRESH_INTERVAL_SECONDS=60
CODEX_LB_STICKY_SESSION_CLEANUP_ENABLED=true
CODEX_LB_STICKY_SESSION_CLEANUP_INTERVAL_SECONDS=300
# Firewall
# Trust X-Forwarded-For for firewall client IP detection (enable only behind trusted reverse proxy)
CODEX_LB_FIREWALL_TRUST_PROXY_HEADERS=false
# Comma-separated CIDR list for trusted proxy sources
CODEX_LB_FIREWALL_TRUSTED_PROXY_CIDRS=127.0.0.1/32,::1/128
# Dashboard authentication mode:
# - standard: built-in password + optional TOTP (default)
# - trusted_header: trust a reverse proxy auth header from trusted proxy CIDRs; password/TOTP stay available as fallback and are still managed via fallback password sessions
# - disabled: bypass dashboard auth entirely (only use behind network restrictions or external auth); built-in password/TOTP management is off
CODEX_LB_DASHBOARD_AUTH_MODE=standard
# Header to trust in trusted_header mode (Authelia commonly forwards Remote-User)
CODEX_LB_DASHBOARD_AUTH_PROXY_HEADER=Remote-User
# Example trusted_header setup:
# CODEX_LB_DASHBOARD_AUTH_MODE=trusted_header
# CODEX_LB_FIREWALL_TRUST_PROXY_HEADERS=true
# CODEX_LB_FIREWALL_TRUSTED_PROXY_CIDRS=172.18.0.0/16
# CODEX_LB_DASHBOARD_AUTH_PROXY_HEADER=Remote-User
# Example hard bypass / Docker override:
# CODEX_LB_DASHBOARD_AUTH_MODE=disabled
# Production / Multi-Replica Settings
# Prometheus metrics (opt-in)
CODEX_LB_METRICS_ENABLED=false
CODEX_LB_METRICS_PORT=9090
# Logging format
CODEX_LB_LOG_FORMAT=text
# Leader election (opt-in)
CODEX_LB_LEADER_ELECTION_ENABLED=false
CODEX_LB_LEADER_ELECTION_TTL_SECONDS=30
# Circuit breaker (opt-in)
CODEX_LB_CIRCUIT_BREAKER_ENABLED=false
CODEX_LB_CIRCUIT_BREAKER_FAILURE_THRESHOLD=5
CODEX_LB_CIRCUIT_BREAKER_RECOVERY_TIMEOUT_SECONDS=60
# Backpressure (0 = unlimited)
CODEX_LB_BACKPRESSURE_MAX_CONCURRENT_REQUESTS=0
# OpenTelemetry (opt-in)
CODEX_LB_OTEL_ENABLED=false
CODEX_LB_OTEL_EXPORTER_ENDPOINT=
# Shutdown drain timeout
CODEX_LB_SHUTDOWN_DRAIN_TIMEOUT_SECONDS=30
# HTTP connector limits
CODEX_LB_HTTP_CONNECTOR_LIMIT=100
CODEX_LB_HTTP_CONNECTOR_LIMIT_PER_HOST=50
# Dashboard password/TOTP fallback is configured in the settings UI when dashboard auth mode allows it