Environment Configuration
Audiobookshelf is configured via environment variables. You can pass them to your Docker container using:
-e VARIABLE=VALUE
Or set them in /etc/default/audiobookshelf if you install Audiobookshelf via packages.
Below is a list of all available options, grouped by category.
Filesystem
| Variable | Default | Description |
|---|---|---|
CONFIG_PATH | ./config | Path to the config directory. Contains the database (users/books/libraries/settings). This location must not be mounted over the network. |
METADATA_PATH | ./metadata | Path to the metadata directory. Contains cache, streams, covers, downloads, backups, and logs. |
BACKUP_PATH | ./metadata/backups | Path to where backups are stored. Backups include the database and images/metadata. |
External Tools
| Variable | Default | Description |
|---|---|---|
FFMPEG_PATH | ffmpeg | Path to the ffmpeg binary. If unset, Audiobookshelf assumes it exists in the system path. |
FFPROBE_PATH | ffprobe | Path to the ffprobe binary. If unset, Audiobookshelf assumes it exists in the system path. |
Network
| Variable | Default | Description |
|---|---|---|
HOST | The host Audiobookshelf binds to. Use 127.0.0.1 for localhost only, or leave unset for all interfaces. | |
PORT | The TCP port Audiobookshelf will listen on. | |
EXP_PROXY_SUPPORT | Experimental: Respects HTTP_PROXY and HTTPS_PROXY environment variables. Disables SSRF request filter. |
Security
| Variable | Default | Description |
|---|---|---|
JWT_SECRET_KEY | Secret for generating JSON Web Tokens. If not provided, a secure random token is generated. Do NOT change after deployment. If you do, all clients need to reauthenticate. | |
ACCESS_TOKEN_EXPIRY | 43200 | Access token expiration in seconds |
REFRESH_TOKEN_EXPIRY | 604800 | Refresh token expiration in seconds |
RATE_LIMIT_AUTH_WINDOW | 600000 | Rate limiting window in milliseconds |
RATE_LIMIT_AUTH_MAX | 40 | Maximum auth attempts per window. Use 0 to disable |
ALLOW_CORS | '0' | Allow Cross-Origin Resource Sharing if set to '1'. |
DISABLE_SSRF_REQUEST_FILTER | '0' | Disables the "Server Side Request Forgery" filter. May be needed for self-hosted podcasts. |
SSRF_REQUEST_FILTER_WHITELIST | Comma-separated whitelist of domains to exclude from the SSRF filter. | |
ALLOW_IFRAME | '0' | Allow use of iframes. Can also be managed at the reverse proxy level. |
Other
| Variable | Default | Description |
|---|---|---|
SOURCE | Installation source (e.g., docker, debian, rpm). Shown in the web client. | |
NODE_ENV | production | Type of deployment. Should be production unless developing. |
PODCAST_DOWNLOAD_TIMEOUT | 30 seconds | Timeout to wait for a podcast to start downloading. |
MAX_FAILED_EPISODE_CHECKS | 24 | Maximum number of failed episode checks before disabling the RSS feed. Disable with 0 |
QUERY_LOGGING | Debug SQL queries. Use log to log queries, benchmark to also log runtime. | |
QUERY_PROFILING | Experimental profiling of specific database queries. Not implemented on most queries. | |
SQLITE_MMAP_SIZE | Set the mmap_size pragma for the SQLite database. | |
SQLITE_CACHE_SIZE | Set the cache_size pragma for the SQLite database. | |
SQLITE_TEMP_STORE | Set the temp_store pragma for the SQLite database. |
Security Note
If you are self-hosting a podcast from the same server, you may need to disable the SSRF filter using:
-e DISABLE_SSRF_REQUEST_FILTER=1
Default Values
If a variable is not set, Audiobookshelf will use its default value as shown above.