-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy path.env.example
More file actions
65 lines (52 loc) · 2.55 KB
/
.env.example
File metadata and controls
65 lines (52 loc) · 2.55 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
# SSH Connection Configuration
# When running ON the Unraid server itself (in Docker):
# - Use SSH_HOST=localhost or SSH_HOST=127.0.0.1
# - Use network_mode: host in docker-compose.yml
# - SSH_PRIVATE_KEY_PATH should be the path INSIDE the container (leave as is)
# - Set SSH_KEY_HOST_PATH in docker-compose or .env for the host path
# When running remotely (not on Unraid):
# - Use SSH_HOST=unraid.local or your Unraid server's IP/hostname
# - Comment out network_mode: host in docker-compose.yml
# SSH server address (use 'localhost' when running on Unraid itself)
SSH_HOST=localhost
# SSH port
SSH_PORT=22
# SSH username (should be a dedicated read-only user)
SSH_USERNAME=mcp-readonly
# Path to SSH private key INSIDE the container (don't change this)
SSH_PRIVATE_KEY_PATH=/home/mcp/.ssh/id_rsa
# Path to SSH private key on the HOST (for docker-compose volume mount)
# For Unraid: /root/.ssh/id_rsa_mcp or /boot/config/ssh/id_rsa_mcp
# For other systems: /home/user/.ssh/id_rsa_mcp
SSH_KEY_HOST_PATH=/root/.ssh/id_rsa_mcp
# Command execution timeout in milliseconds (default: 15000 = 15 seconds)
# Increase for long-running commands like database dumps
COMMAND_TIMEOUT_MS=15000
# Maximum consecutive command failures before circuit breaker opens (default: 3)
# When circuit breaker is open, commands will fail immediately to prevent retry loops
MAX_CONSECUTIVE_FAILURES=3
# =============================================================================
# Security Configuration
# =============================================================================
# Require OAuth authentication for MCP endpoint access
# CRITICAL: Set to 'true' for production deployments!
#
# Values:
# - true Require valid OAuth token (RECOMMENDED for production)
# - false Allow unauthenticated access (LOCAL DEVELOPMENT ONLY)
# - development Log warnings but allow access (LOCAL DEVELOPMENT ONLY)
#
# WARNING: Setting this to 'false' exposes your Unraid server to anyone who
# can reach the HTTP endpoint. Only use 'false' or 'development' for local
# development behind a firewall. NEVER expose an unauthenticated server to
# the internet.
#
# Default: true (secure by default)
REQUIRE_AUTH=true
# OAuth server URL (for OAuth discovery metadata)
# REQUIRED for production: Set this to your public URL when behind a reverse proxy
# If not set correctly, OAuth clients will fail with "protected resource does not match" error
# Default: http://localhost:8080
OAUTH_SERVER_URL=https://mcp.example.com
# Mock token for testing (optional, not used in production)
MOCK_TOKEN=mcp-unraid-access-token