Skip to content
getgeolens.com
GeoLens Docs

Configuration Reference

All environment variables used by GeoLens, their defaults, and descriptions. Set these in the .env file at the project root.

Database

Section titled “Database”
VariableDefaultRequiredDescription
POSTGRES_DBgeolensYesPostgreSQL database name
POSTGRES_USERgeolensYesPostgreSQL superuser username
POSTGRES_PASSWORDNone (required)YesPostgreSQL superuser password. Generate with openssl rand -base64 24.
POSTGRES_HOSTdbNoDatabase hostname. Use db for Docker Compose (service name).
POSTGRES_PORT5432NoDatabase port (internal). The host-mapped port is configured separately.

Authentication

Section titled “Authentication”
VariableDefaultRequiredDescription
JWT_SECRET_KEYNone (required)YesSecret key for signing JWT tokens. Generate with openssl rand -hex 32.
JWT_ALGORITHMHS256NoJWT signing algorithm
ACCESS_TOKEN_EXPIRE_MINUTES15NoJWT token lifetime in minutes
GEOLENS_ADMIN_USERNAMENone (required)YesUsername for the automatically created admin account
GEOLENS_ADMIN_PASSWORDNone (required)YesPassword for the initial admin account
REGISTRATION_ENABLEDfalseNoWhether self-registration is enabled. When false, only admins can create users.

Upload Settings

Section titled “Upload Settings”
VariableDefaultRequiredDescription
UPLOAD_MAX_SIZE_MB500NoMaximum upload file size in megabytes
UPLOAD_STAGING_DIR/app/stagingNoDirectory for temporary file storage during ingestion/export. Must be writable by the API runtime user (uid:gid 1001:1001). Mapped to upload_staging Docker volume.
UPLOAD_ALLOWED_EXTENSIONS.zip,.gpkg,.geojson,.json,.csv,.tif,.tiff,.xlsx,.xlsNoComma-separated list of allowed file extensions for upload
PRESIGNED_MULTIPART_THRESHOLD_MB100NoFiles larger than this (MB) use multipart presigned S3 URLs. Only applies when STORAGE_PROVIDER=s3.

UPLOAD_STAGING_DIR Writability Requirement

Section titled “UPLOAD_STAGING_DIR Writability Requirement”

GeoLens validates staging writability at startup and before export execution. Both UPLOAD_STAGING_DIR and ${UPLOAD_STAGING_DIR}/exports must allow write access for the API runtime user.

Quick validation command:

Terminal window
docker compose exec api sh -lc '\
  dir=${UPLOAD_STAGING_DIR:-/app/staging}; \
  mkdir -p "$dir/exports" && \
  touch "$dir/.geolens-write-test" "$dir/exports/.geolens-write-test" && \
  rm -f "$dir/.geolens-write-test" "$dir/exports/.geolens-write-test"'

If this command fails, fix ownership/permissions on the mounted path or set UPLOAD_STAGING_DIR to a writable directory, then restart the API container.

Job Queue

Section titled “Job Queue”
VariableDefaultRequiredDescription
PROCRASTINATE_SCHEMAcatalogNoPostgreSQL schema for the Procrastinate job queue tables

Public URLs

Section titled “Public URLs”
VariableDefaultRequiredDescription
PUBLIC_APP_URLhttp://localhost:8080NoBrowser-facing app URL. Used for share links and OAuth redirect URIs.
PUBLIC_API_URLhttp://localhost:8080/apiNoExternally-reachable API base URL. Used in OGC self/collection/next link hrefs.
PUBLIC_BASE_URLNoneNoDeprecated. Legacy alias for PUBLIC_API_URL. Use PUBLIC_API_URL instead.

CORS

Section titled “CORS”
VariableDefaultRequiredDescription
CORS_ALLOWED_ORIGINS"" (same-origin only)NoComma-separated list of allowed origins for cross-origin API requests. Required when the frontend is served from a different domain than the API.

Tile Serving & CDN

Section titled “Tile Serving & CDN”
VariableDefaultRequiredDescription
TILE_CACHE_TTL300NoTile cache TTL in seconds
TILE_SIGNING_SECRETNone (falls back to JWT_SECRET_KEY)NoSecret for signing tile request URLs. Set separately when you want to rotate tile secrets without invalidating JWT tokens.
CDN_BASE_URLNoneNoCDN origin URL for tile delivery. When set, the frontend requests tiles from this URL instead of the API.

Logging

Section titled “Logging”
VariableDefaultRequiredDescription
LOG_JSONfalseNoOutput logs in structured JSON format. Recommended for production. When enabled, Swagger UI (/api/docs) is disabled.
LOG_LEVELINFONoLog level. Options: DEBUG, INFO, WARNING, ERROR.

Storage Provider

Section titled “Storage Provider”
VariableDefaultRequiredDescription
STORAGE_PROVIDERlocalNoStorage backend for uploaded files. Options: local, s3.
S3_ENDPOINTNoneWhen s3S3-compatible endpoint URL. Leave unset for AWS S3. For MinIO: http://minio:9000.
S3_BUCKETNoneWhen s3S3 bucket name.
S3_ACCESS_KEY_IDNoneWhen s3S3 access key ID.
S3_SECRET_ACCESS_KEYNoneWhen s3S3 secret access key.
S3_REGIONus-east-1NoS3 region.
S3_ALLOW_HTTPfalseNoAllow HTTP (non-TLS) connections to S3 endpoint. Enable for local MinIO.
S3_ADDRESSING_STYLEautoNoS3 addressing style. Options: auto, path, virtual. Use path for MinIO.

Managed Database / SSL

Section titled “Managed Database / SSL”
VariableDefaultRequiredDescription
DATABASE_URL_OVERRIDENoneNoFull PostgreSQL connection URL for managed databases (RDS, Cloud SQL). Overrides individual POSTGRES_* variables.
DATABASE_SSL_MODEpreferNoDatabase SSL mode. Options: disable, prefer, require, verify-full.
DATABASE_SSL_CA_CERTNoneWhen verify-fullPath to CA certificate file for database SSL verification.
DATABASE_POOL_PRE_PINGtrueNoEnable connection pool pre-ping to detect broken connections before use. Adds slight latency per checkout. Set to false only if you need to disable this for a specific environment.
DB_USE_EXTERNAL_POOLERfalseNoEnable external connection pooler mode (PgBouncer, RDS Proxy). Disables prepared statements.

Connection Pool Tuning

Section titled “Connection Pool Tuning”

These variables control the SQLAlchemy connection pool. Ignored when DB_USE_EXTERNAL_POOLER is true.

VariableDefaultRequiredDescription
DB_POOL_SIZE10NoMaximum number of persistent connections in the pool.
DB_MAX_OVERFLOW5NoMaximum number of additional connections beyond DB_POOL_SIZE.
DB_POOL_TIMEOUT30NoSeconds to wait for a connection from the pool before raising an error.
DB_POOL_RECYCLE1800NoSeconds after which a connection is recycled (replaced). Prevents stale connections with managed databases.
TILE_POOL_MIN_SIZE2NoMinimum connections in the dedicated asyncpg tile query pool.
TILE_POOL_MAX_SIZE10NoMaximum connections in the dedicated asyncpg tile query pool.

Cache

Section titled “Cache”
VariableDefaultRequiredDescription
REDIS_URLNoneNoRedis/Valkey connection URL for cross-instance caching. Leave unset for in-memory caching (single-instance default). Example: redis://valkey:6379/0.

Backup

Section titled “Backup”

These variables configure the backup service (enable with docker compose --profile backup up -d).

VariableDefaultRequiredDescription
BACKUP_SCHEDULE0 2 * * *NoCron expression for automated database backups. Default: daily at 2:00 AM UTC.
BACKUP_RETENTION_DAILY7NoNumber of daily backups to retain locally.
BACKUP_RETENTION_WEEKLY4NoNumber of weekly (Sunday) backups to retain locally.
BACKUP_S3_ENABLEDfalseNoEnable off-site backup upload to S3-compatible storage. Uses S3_* credentials.

Worker

Section titled “Worker”
VariableDefaultRequiredDescription
WORKER_SHUTDOWN_TIMEOUT30NoGraceful shutdown timeout for the background worker in seconds

Authentication (Additional)

Section titled “Authentication (Additional)”
VariableDefaultRequiredDescription
REFRESH_TOKEN_EXPIRE_DAYS7NoJWT refresh token lifetime in days.

Configuration Lockdown

Section titled “Configuration Lockdown”
VariableDefaultRequiredDescription
ENV_ONLY_CONFIGfalseNoWhen true, all admin-overridable settings are locked to their environment values. The PersistentConfig DB layer is bypassed for reads and returns 403 on writes. Use for hardened production deployments where operators want to prevent runtime configuration changes via the admin UI.
GEOLENS_EDITION(auto-detected)NoOverride the auto-detected edition. Options: community, enterprise. Without this variable, the edition is enterprise if any plugin extensions are loaded, otherwise community. Controls which feature flags and UI elements are available.

AI & LLM

Section titled “AI & LLM”

GeoLens supports two AI subsystems: inference (chat, map generation, metadata drafts) and embeddings (semantic search). They can use different providers.

API keys are set exclusively via environment variables. All other AI settings (provider, model, base URL) can also be overridden at runtime from the admin Settings > AI tab.

Inference (Chat / Map Generation)

Section titled “Inference (Chat / Map Generation)”
VariableDefaultRequiredDescription
ANTHROPIC_API_KEYNoneNoAnthropic API key. When set, Anthropic is the default inference provider.
LLM_MODELclaude-sonnet-4-20250514NoDefault Anthropic model name (admin-overridable).
OPENAI_API_KEYNoneNoOpenAI-compatible API key. Used for inference when Anthropic key is absent, and always used for embeddings.
OPENAI_MODELgpt-4oNoDefault OpenAI-compatible model name (admin-overridable).
OPENAI_BASE_URLNoneNoCustom endpoint for OpenAI-compatible providers (Ollama, Groq, Together). Leave unset for default OpenAI.
Section titled “Embeddings (Semantic Search)”

Embeddings always use the OpenAI-compatible API. Anthropic does not provide an embedding endpoint.

VariableDefaultRequiredDescription
EMBEDDING_MODELtext-embedding-3-smallNoEmbedding model name (admin-overridable).
EMBEDDING_DIMS1536NoExpected vector dimensions (admin-overridable, auto-detectable from admin UI).
EMBEDDING_BASE_URLNoneNoSeparate endpoint for embeddings. Falls back to OPENAI_BASE_URL if unset.

Common Provider Configurations

Section titled “Common Provider Configurations”

Anthropic inference + OpenAI embeddings (recommended):

ANTHROPIC_API_KEY=sk-ant-...
OPENAI_API_KEY=sk-...

OpenAI for everything:

OPENAI_API_KEY=sk-...

Anthropic inference + Ollama embeddings:

ANTHROPIC_API_KEY=sk-ant-...
OPENAI_API_KEY=ollama          # any non-empty value
EMBEDDING_BASE_URL=http://ollama:11434/v1
EMBEDDING_MODEL=nomic-embed-text

Ollama for everything:

OPENAI_API_KEY=ollama          # any non-empty value
OPENAI_BASE_URL=http://ollama:11434/v1
OPENAI_MODEL=llama3
EMBEDDING_MODEL=nomic-embed-text

Host Port Mapping

Section titled “Host Port Mapping”

These variables control which ports are exposed on the Docker host. They do not affect internal container communication.

VariableDefaultDescription
DB_PORT5432Host port for PostgreSQL. Set to 5434 in .env.example to avoid conflicts.
API_PORT8000Host port for the FastAPI backend. Set to 8001 in .env.example.
FRONTEND_PORT8080Host port for the frontend.

Internal Service Ports

Section titled “Internal Service Ports”

These are fixed inside Docker containers and are not configurable:

ServicePortProtocol
PostgreSQL (db)5432TCP
FastAPI (api)8000HTTP
Worker (worker)8001HTTP (health only)
Titiler (titiler)8000HTTP
Frontend (frontend)5173HTTP (Vite dev server)

Docker Volumes

Section titled “Docker Volumes”
VolumePurposeMount Point
pgdataPostgreSQL data persistence/var/lib/postgresql/data on db
upload_stagingUploaded file staging area/app/staging on api

Example .env File

Section titled “Example .env File”
# Database
POSTGRES_DB=geolens
POSTGRES_USER=geolens
POSTGRES_PASSWORD=secure-db-password


# Auth
JWT_SECRET_KEY=a1b2c3d4e5f6...  # Use: openssl rand -hex 32
GEOLENS_ADMIN_USERNAME=admin
GEOLENS_ADMIN_PASSWORD=secure-admin-password


# AI (optional — omit to disable AI features)
ANTHROPIC_API_KEY=sk-ant-...     # Inference (chat, map generation)
OPENAI_API_KEY=sk-...            # Embeddings (semantic search)


# Ports (non-default to avoid conflicts)
DB_PORT=5434
API_PORT=8001
FRONTEND_PORT=8080