Configuration
Environment Variables
Complete runtime configuration reference for both deployment variants
All configuration is loaded from environment variables at startup. Values are in-container paths — use Docker volume mappings to connect them to host paths.
Full variable set from internal/config/config.go on the main branch.
| Variable | Default | Purpose |
|---|
PORT | 8080 | HTTP server port |
ENVIRONMENT | development | Runtime mode (set production in compose) |
LOG_LEVEL | info | Log verbosity (debug, info, warn, error) |
LOG_FILE | ./logs/crowdsec-manager.log | Log file path inside container |
| Variable | Default | Purpose |
|---|
DOCKER_HOST | (empty) | Docker socket override (e.g. unix:///var/run/docker.sock) |
DOCKER_HOSTS | (empty) | Multi-host format: id:endpoint,id:endpoint |
COMPOSE_FILE | ./docker-compose.yml | Docker Compose file used for stack operations |
PANGOLIN_DIR | . | Directory containing Pangolin configuration |
| Variable | Default | Purpose |
|---|
DATABASE_PATH | ./data/settings.db | SQLite settings database |
HISTORY_DATABASE_PATH | ./data/history.db | SQLite history database |
| Variable | Default | Purpose |
|---|
CONFIG_DIR | ./config | CrowdSec config directory |
CROWDSEC_ACQUIS_FILE | /etc/crowdsec/acquis.yaml | Acquisition config file |
CROWDSEC_WHITELIST_PATH | /etc/crowdsec/parsers/s02-enrich/mywhitelists.yaml | Whitelist file |
CROWDSEC_PROFILES_PATH | /etc/crowdsec/profiles.yaml | Profiles file |
CROWDSEC_NOTIFICATIONS_DIR | /etc/crowdsec/notifications | Notifications directory |
CROWDSEC_SCENARIOS_DIR | /etc/crowdsec/scenarios | Scenarios directory |
CROWDSEC_METRICS_URL | http://localhost:6060/metrics | CrowdSec metrics endpoint |
CROWDSEC_CONSOLE_URL | https://app.crowdsec.net/ | CrowdSec console URL |
CROWDSEC_CTI_URL_PATTERN | https://app.crowdsec.net/cti/{{.Value}} | CTI URL pattern |
| Variable | Default | Purpose |
|---|
TRAEFIK_DYNAMIC_CONFIG | /etc/traefik/dynamic_config.yml | Traefik dynamic config |
TRAEFIK_STATIC_CONFIG | /etc/traefik/traefik_config.yml | Traefik static config |
TRAEFIK_ACCESS_LOG | /var/log/traefik/access.log | Traefik access log |
TRAEFIK_ERROR_LOG | /var/log/traefik/traefik.log | Traefik error log |
TRAEFIK_CAPTCHA_HTML_PATH | /etc/traefik/conf/captcha.html | Captcha HTML template |
TRAEFIK_CAPTCHA_ENV_PATH | /etc/traefik/captcha.env | Captcha env file |
CAPTCHA_GRACE_PERIOD | 1800 | Captcha grace period in seconds |
| Variable | Default | Purpose |
|---|
BACKUP_DIR | ./backups | Backup storage directory |
RETENTION_DAYS | 60 | Days to keep backups |
| Variable | Default | Purpose |
|---|
CROWDSEC_CONTAINER_NAME | crowdsec | CrowdSec container name |
TRAEFIK_CONTAINER_NAME | traefik | Traefik container name |
PANGOLIN_CONTAINER_NAME | pangolin | Pangolin container name |
GERBIL_CONTAINER_NAME | gerbil | Gerbil container name |
| Variable | Default | Purpose |
|---|
INCLUDE_CROWDSEC | true | Include CrowdSec in managed service list |
INCLUDE_PANGOLIN | true | Include Pangolin in managed service list |
INCLUDE_GERBIL | true | Include Gerbil in managed service list |
| Variable | Default | Purpose |
|---|
DECISION_LIST_LIMIT | 200 | Max decisions returned per request |
ALERT_LIST_LIMIT | 200 | Max alerts returned per request |
| Variable | Default | Purpose |
|---|
NATS_URL | (empty) | NATS JetStream URL |
NATS_TOKEN | (empty) | NATS authentication token |
NATS_ENABLED | false | Enable NATS messaging |
| Variable | Default | Purpose |
|---|
SHUTDOWN_TIMEOUT | 30 | Graceful shutdown timeout in seconds |
READ_TIMEOUT | 15 | HTTP read timeout in seconds |
WRITE_TIMEOUT | 15 | HTTP write timeout in seconds |
The Independent variant strips all Traefik, Pangolin, Gerbil, backup, and captcha configuration. Only these variables are available.
| Variable | Default | Purpose |
|---|
PORT | 8080 | HTTP server port |
ENVIRONMENT | development | Runtime mode |
LOG_LEVEL | info | Log verbosity |
LOG_FILE | ./logs/crowdsec-manager.log | Log file path |
| Variable | Default | Purpose |
|---|
DOCKER_HOST | (empty) | Docker socket override |
DOCKER_HOSTS | (empty) | Multi-host format |
| Variable | Default | Purpose |
|---|
DATABASE_PATH | ./data/settings.db | SQLite settings database |
HISTORY_DATABASE_PATH | ./data/history.db | SQLite history database |
| Variable | Default | Purpose |
|---|
CONFIG_DIR | ./config | CrowdSec config directory |
CROWDSEC_SCENARIOS_DIR | /etc/crowdsec/scenarios | Scenarios directory |
CROWDSEC_METRICS_URL | http://localhost:6060/metrics | CrowdSec metrics endpoint |
CROWDSEC_CONSOLE_URL | https://app.crowdsec.net/ | CrowdSec console URL |
CROWDSEC_CONTAINER_NAME | crowdsec | CrowdSec container name |
| Variable | Default | Purpose |
|---|
INCLUDE_CROWDSEC | true | Include CrowdSec in managed service list |
| Variable | Default | Purpose |
|---|
DECISION_LIST_LIMIT | 200 | Max decisions returned per request |
ALERT_LIST_LIMIT | 200 | Max alerts returned per request |
| Variable | Default | Purpose |
|---|
NATS_URL | (empty) | NATS JetStream URL |
NATS_TOKEN | (empty) | NATS authentication token |
NATS_ENABLED | false | Enable NATS messaging |
| Variable | Default | Purpose |
|---|
SHUTDOWN_TIMEOUT | 30 | Graceful shutdown timeout in seconds |
READ_TIMEOUT | 15 | HTTP read timeout in seconds |
WRITE_TIMEOUT | 15 | HTTP write timeout in seconds |