Connect Domain
Self-hosting

Configuration

Environment variables for the control-plane and edge, production guardrails, and observability.

Control-plane

VarPurposeDefault
DATABASE_URLPostgres DSNlocal socket DSN
PORTHTTP port8080
TOKEN_HMAC_SECRETwidget JWT signing secretdev default (must set in prod)
EDGE_ORIGIN_DEFAULTfallback proxy originhttp://localhost:3001
WORKER_ENABLED1 starts background pollersoff
CD_ENVproduction enables guardrailsunset
CREDENTIAL_ENC_KEY32-byte key (base64/hex) to encrypt DNS credentialsunset (required in prod to store credentials)
CORS_ALLOWED_ORIGINSoptional comma-separated allowlistunset (reflects)
DEMO_API_KEYseeded demo keysk_test_demo
ADAPTER_TEST_MOCK, DNS_STUB_FILE, DNS_STUB_JSONtest bypasses (refused in prod)unset

Edge

VarPurposeDefault
CONTROLPLANE_URLcontrol-plane base for askhttp://localhost:8080
EDGE_TLS_PORTon-demand-TLS listener8443
EDGE_HTTP_PORTplain-HTTP admin/health8081
EDGE_ISSUERinternal or letsencryptinternal
EDGE_STORAGE_DIRcert/key + CA storage./edge-data
EDGE_ACME_EMAILACME contact""
EDGE_ACME_STAGINGLet's Encrypt stagingfalse
EDGE_ASK_TIMEOUTmax time for one ask3s
EDGE_ASK_POSITIVE_TTLcache TTL for allow=true60s
EDGE_ASK_NEGATIVE_TTLcache TTL for allow=false5s
EDGE_PROXY_TIMEOUTupstream request timeout30s

Production guardrails

Setting CD_ENV=production makes the control-plane refuse to start (or store) on unsafe configuration:

  • TOKEN_HMAC_SECRET unset or the dev default → refuse to start.
  • ADAPTER_TEST_MOCK or DNS_STUB_* set → refuse to start.
  • Storing a DNS credential without CREDENTIAL_ENC_KEY → refused.

Observability

GET /metrics exposes Prometheus gauges (aggregate only, no tenant identifiers):

  • customdomain_connections{state=…}
  • customdomain_certificates{status=…}
  • customdomain_webhook_deliveries{status=…}
  • customdomain_certificates_expiring_soon — the renewal-failure alerting signal; alert on this (and certificates{status="failed"}) in your monitoring system.

Background worker

Set WORKER_ENABLED=1 to run the pollers that advance connections on their own: auto-verify (ownership TXT), auto-propagate (records → live), drift detection, and webhook retry. Interval 5s, batch 100, cert TTL mirror 90d.

On this page