Skip to main content

Deployments & App Management

Predefined variables

DollarDeploy automatically creates environment variables which you can use when deploying your apps.

List of the predefined app env vars

  • APP_HOSTNAME - primary associated hostname of the app
  • APP_URL - https url for primary hostname
  • APP_ALIASES - additional hostnames or blank
  • GIT_TAGS - latest git hash or tag, automatically updated when deploying
  • GIT_LAST_COMMIT - + latest commit message
  • NODE_ENV=production - automatically set for NodeJS apps
  • USER_EMAIL - email address of the user who deploy the app

Docker Compose only

This variables only available in Docker Compose when you deploy the app.

  • USER_UID - Current user ID
  • USER_GID - Current user group ID

Set during launching an app

These are set if needed during an app launch from a template.

  • GENERATED_PWD - 10-char alphanumeric you can use in passwords
  • GENERATED_HASH - 32-char alphanumeric you can use in tokens / salt / etc
  • GENERATED_SECRET - 64-char alphanumeric, compatible with openssl rand -hex 32

Customize server configuration

  • POSTGRES_VERSION=18 - If specified, will install specific version from Postgres APT repository, instead of installing default distro version.

  • POSTGRES_FORCE_INSTALL=1 - Force (re)install of Postgres

  • POSTGRES_DATABASES=postgres - Comma-separated list of databases to create.

  • POSTGRES_PASSWORD=postgres - Password for postgres. Username is fixed as postgres and cannot be changed.

  • ENCRYPTED_DEVICE=/dev/sdb - Block device to configure as encrypted device. It will be mounted at /mnt/encrypted and will be available at start for all services.

  • REDIS_DATA_PATH=/var/lib/redis - Change location for Redis snapshot.

  • POSTGRES_DATA_PATH=/var/lib/postgresql - Change location of Postgres database files and WAL

Build options

  • BUILD_MEMORY_LIMIT=2048 - Adjust how much memory allocated to the build container. By default it is 2Gb. For NextJs apps, DollarDeploy will automatically recommend 4GB for a build

  • BUILD_CPU_LIMIT=2 - Adjust how much CPU allocated to the build container. For NextJS apps we recommend at least 2 CPU.

  • BUILD_NO_SERVICE_ENV=1 - If set, service environment variables (e.g. POSTGRES_URL, REDIS_URL) will not be included during the build. They will still be available at runtime. Use this if you don't want prerender in NextJS trying to reach the services during the build.

Customize app deployment env vars

You can define these vars to control the deployment of your application. These are defined in the app settings.

Deployment options

  • DEPLOY_HOSTNAME_MATCH=0 - Default is 1. If defined and 0, will skip checking hostname matches IP address of the host. Usefull for early IPv6 support and if you use CloudFlare in front of your server.

  • NGINX_NO_CANONICAL_REDIRECT=1 - Default is 1. If 0 will disable redirecting to the canonical hostname for the app. Useful if you have wildcard domain managed by Cloudflare in front of your server.

  • NGINX_STATIC_PATHS - Default is empty. Comma-separated paths of folders within your app, which should Nginx statically serve. All these are mapped to Nginx to directly server as static files. You can also change prefix: if you specify /:path1 the path1 will be served at /

  • NGINX_PROXY_LOCATION=/ - Default is /. At which path serve reverse proxy. If you want to serve static files at root, use NGINX_STATIC_PATHS=/:dist NGINX_PROXY_LOCATION=/api to serve API

  • PRE_START_TIMEOUT=60 - Default is 60s. Amount in seconds to wait for a pre start command to successfully execute.

  • POST_START_TIMEOUT=60 - Default is 60s. Amount in seconds to wait for a post start command to successfully execute.

  • APP_LISTEN_HOSTNAME=127.0.0.1 - Default is 127.0.0.1. To make app listen on all interfaces and IP addresses, use 0.0.0.0. Only applicable to NodeJS / NextJS apps, or apps which listen to the HOSTNAME parameter.

  • APP_INTERNAL_HOSTNAME=127.0.0.1 - Default is 127.0.0.1. Hostname to connect to for reverse proxy and health checks. For PHP this is automatically set to external hostname, since PHP uses FastCGI protocol not HTTP and we can't use it with curl.

  • DEPLOY_FORCE_PM2=1 - Default is 0. Use pm2 for running React, NextJs and React-Static applications, instead of systemd default way.

PHP options

  • PHP_DISABLE_FUNCTIONS - Default is exec,passthru,shell_exec,system. Restricts what kind of functions PHP code can call. The default is a good security measure to protect your app from bad code.

  • PHP_MEMORY_LIMIT - Default is 128M. Amount of memory available per each PHP request.

Running the app options (systemd)

These options control the systemd service settings for your application. They provide process isolation and sandboxing capabilities. All of these have secure defaults but can be customized if your application requires specific permissions.

  • SYSTEMD_PROTECT_SYSTEM - Default is strict. Controls write access to system directories. Options: true (read-only /usr, /boot, /efi), full (also /etc read-only), strict (entire file system read-only except explicitly allowed paths). Set to false to disable.
  • SYSTEMD_PROTECT_HOME - Default is read-only. Controls access to home directories. Options: true (inaccessible), read-only, tmpfs (empty tmpfs mounted). Set to false to disable.
  • SYSTEMD_EXEC_PATHS - Default is empty. Additional paths where the application is allowed to execute binaries. UV and SDKMAN paths are automatically included.
  • SYSTEMD_READ_WRITE_PATHS - Default is empty. Additional paths where the application has read-write access. App directory and log directory are automatically included.
  • SYSTEMD_RESTRICT_SUIDSGID - Default is true. Prevents the app from creating or using SUID/SGID files, removing sudo capabilities.
  • SYSTEMD_LOCK_PERSONALITY - Default is true. Locks the execution domain (personality) of the process to prevent exploitation techniques.
  • SYSTEMD_PRIVATE_DEVICES - Default is true. Creates a private /dev for the service with only pseudo-devices (null, zero, random, etc.).
  • SYSTEMD_PRIVATE_TMP - Default is true. Creates a private /tmp directory for the service, isolated from other processes.
  • SYSTEMD_TEMPORARY_FILESYSTEM - Default is /var/tmp. Mounts a temporary filesystem at the specified path. Useful for apps that need write access to /var/tmp.
  • SYSTEMD_RESTRICT_NAMESPACES - Default is yes. Restricts the process from creating new namespaces (network, user, mount, etc.), preventing container escape attempts.
  • SYSTEMD_MEMORY_LIMIT - Memory limit in megabytes, for example SYSTEMD_MEMORY_LIMIT=2048 similar to docker options, this will limit process to use only 2Gb of memory.
  • SYSTEMD_CPU_LIMIT - CPU limit from 1 to X, for example SYSTEMD_CPU_LIMIT=1 this will limit process to use only 1 processor.*
  • SYSTEMD_TIMEOUT_START=300 - Maximum time to wait for service to start. Specified as TimeoutStartSec= in systemd.
  • SYSTEMD_TIMEOUT_STOP=300 - Maximum time to wait for service to stop. Specified as TimeoutStopSec= in systemd.

Cluster options (systemd template units)

We support running apps as systemd template units, automatically starting necessary number of copies of your app and stopping previous ones. This works really well with reuse port approach in modern Linux and other operating systems. Read more

  • SYSTEMD_CLUSTER_MODE=1 - Default is 0. Creates systemd template units instead of single service. Requires SYSTEMD_CLUSTER_NODES to be >= 1.
  • SYSTEMD_CLUSTER_NODES=2 - Default is 2. How many apps to start. All started app instances have same configuration and environment variables.

Docker-specific options

  • DOCKER_REMOVE_VOLUMES=1 - Default is 0. If 1 will remove volumes when removing the app (dangerous!)

  • DOCKER_COMPOSE_BUILD=1 - Default is 0. If defined, docker image will be build everytime you deploy.

  • DOCKER_COMPOSE_WAIT_TIMEOUT=120 - Default is 120s. Amount in seconds to wait for docker compose to start the app and wait for all health checks to pass.

  • DOCKER_COMPOSE_PULL=policy - Default is as defined in docker compose, or never if local image exists. Set to DOCKER_COMPOSE_PULL=always if you use :latest tagged images to update container image on deploy.

Health check options

Automatically run when app is deployed. Read more

  • APP_READY_TIMEOUT=300 - Default is 300. For how many seconds wait for app to pass health checks.

  • APP_HEALTHCHECK_ENABLE=1 - Default is 1. After starting the app, perform the healthchecks to ensure the app is running ok, set to 0 to disable.

  • APP_HEALTHCHECK_PATH=/ - Default is /. HTTP path to check for a health. Can be set to something like /api/health etc.

  • APP_HEALTHCHECK_SUCCESS_CODE=200 - Default is 200, 204, 301, 302. Specify additional http response status code, to qualify app as deployed successfully.

  • APP_HEALTHCHECK_EXTERNAL=0 - Default is 0. Instead of checking internal url, check external url so it returns a success status code. For PHP apps, implies 1 since internal port is a FastCGI server.

Security options

These improve security hardening of your app, in addition to sensible defaults Read more

  • APP_HTTP_STRICT_TRANSPORT_SECURITY=max-age=31536000; includeSubDomains; preload - Default is force HTTPS all the time. Defines HSTS (Strict-Transport-Security) header. Learn more here.

  • APP_HTTP_FRAME_OPTIONS=SAMEORIGIN. Default is to allow iframe embedding only on the same origin. Learn more here.

  • APP_HTTP_REFERRER_POLICY=origin-when-cross-origin. Default is to send hostname in Referer header to external sites, and full URL in the same origin sites. Learn more here.

  • APP_HTTP_CONTENT_TYPE_OPTIONS. There is no default. Sets the X-Content-Type-Options HTTP header. If set to nosniff it will prevent browser from autodetecting content types. Make sure to set proper Content-Type header for every resource you serve from your app. Learn more here

  • APP_HTTP_CSP_HEADER. There is no default. Sets the Content-Security-Policy header to prevent XSS attacks and control resource loading. When configured, this header tells browsers which sources are trusted for scripts, styles, images, and other resources. Learn more here

Additional, framework specific env vars

These mostly disable telemetry or verbosity of the libraries or frameworks in use.

export SEMGREP_SEND_METRICS=off
export COLLECT_LEARNINGS_OPT_OUT=true
export STORYBOOK_DISABLE_TELEMETRY=1
export NEXT_TELEMETRY_DISABLED=1
export SLS_TELEMETRY_DISABLED=1
export SLS_NOTIFICATIONS_MODE=off
export DISABLE_OPENCOLLECTIVE=true

Environment vars automatically set by the host services

  • POSTGRES_URL - if you add Postgres service to the host (also POSTGRES_DOCKER_URL for accessing datavbase inside docker compose apps)
  • REDIS_URL - if you add Redis service to the host (and REDIS_DOCKER_URL if you have docker configured)
  • MONGODB_URL - If you add MongoDB service to the host
  • MARIADB_URL - If you add MariaDB (MySQL alternative) service to the host

Environment variable expansion

You can refer to only part of POSTGRES_URL, if you app requires that by using environment variable expansion. For example if you have MariaDB and Redis installed, you can have following variables properly defined:

MYSQL_PASSWORD=${MARIADB_URL:password}
MYSQL_DATABASE=${MARIADB_URL:database}
MYSQL_USER=${MARIADB_URL:username}
MYSQL_HOST=${MARIADB_DOCKER_URL:hostname}
REDIS_HOST=${REDIS_DOCKER_URL:hostname}

For example, if you have the following postgres://postgres:secret123@localhost:5432/mydb?sslmode=require#section1

Part Syntax Example Description Example Output
host ${POSTGRES_URL:host} Host including port if present localhost:5432
hostname ${POSTGRES_URL:hostname} Host without port localhost
port ${POSTGRES_URL:port} Port number (0 if not specified) 5432
path ${POSTGRES_URL:path} URL pathname /mydb
username ${POSTGRES_URL:username} Username from credentials postgres
password ${POSTGRES_URL:password} Password from credentials secret123
database ${POSTGRES_URL:database} Database name (path without leading /) mydb
query ${POSTGRES_URL:query} Query string without ? sslmode=require
fragment ${POSTGRES_URL:fragment} Fragment/hash without # section1