Configuration

Onera is configured through environment variables. There are three .env.example files in the repository:

Root .env.example — Shared variables used by Docker Compose
apps/server/.env.example — Backend-specific variables
apps/web/.env.example — Frontend-specific variables

When deploying with Docker Compose, all variables are set in the root .env file.

Required Variables

These must be set for Onera to function:

Variable	Description
`POSTGRES_PASSWORD`	Password for the PostgreSQL database (Docker Compose only)
`DATABASE_URL`	PostgreSQL connection string. Set automatically in Docker Compose. For non-Docker setups: `postgresql://user:pass@host:5432/onera`
`SUPABASE_URL`	Supabase project URL from supabase.com/dashboard
`SUPABASE_SECRET_KEY`	Supabase service_role key
`VITE_SUPABASE_URL`	Supabase project URL (build-time, same as `SUPABASE_URL`)
`VITE_SUPABASE_PUBLISHABLE_KEY`	Supabase publishable key

URL Variables

Variable	Default	Description
`FRONTEND_URL`	`http://localhost:5173`	Frontend origin, used for CORS. Comma-separated for multiple origins.
`VITE_API_URL`	`http://localhost:3000`	Backend API URL, baked into the frontend at build time
`VITE_WS_URL`	`http://localhost:3000`	WebSocket URL, baked into the frontend at build time

For production with a reverse proxy, all three should be your public domain (e.g. https://chat.example.com).

WebAuthn / Passkeys

WebAuthn (passkeys) are domain-bound. If you deploy to a custom domain, you must configure these or passkey registration and authentication will fail:

Variable	Default	Description
`WEBAUTHN_RP_ID`	`localhost`	Your domain without protocol or port (e.g. `example.com`)
`WEBAUTHN_RP_NAME`	`Onera`	Display name shown during passkey prompts
`WEBAUTHN_ORIGIN`	`http://localhost:5173`	Full origin URL including protocol (e.g. `https://chat.example.com`)

Important: The WEBAUTHN_RP_ID must match the domain users access Onera from. If you use a subdomain like chat.example.com, set WEBAUTHN_RP_ID to either chat.example.com or example.com (the latter allows passkeys to work across subdomains).

Optional Variables

Variable	Default	Description
`PORT`	`3000`	Backend server port
`NODE_ENV`	`production`	Set automatically in Docker
`DODO_PAYMENTS_API_KEY`	—	Dodo Payments API key (for billing)
`DODO_PAYMENTS_WEBHOOK_SECRET`	—	Dodo Payments webhook secret

Supabase Setup

Onera uses Supabase for authentication and database. To set up:

Create a project at supabase.com/dashboard
Go to Settings → API to get your keys
Copy:
- Project URL → SUPABASE_URL and VITE_SUPABASE_URL
- service_role key → SUPABASE_SECRET_KEY
- publishable key → VITE_SUPABASE_PUBLISHABLE_KEY
Go to Settings → Database for the connection string → DATABASE_URL

Auth Providers

In your Supabase dashboard under Authentication → Providers, configure:

Email — enabled by default
Google OAuth — add your Google Cloud credentials
Apple OAuth — add your Apple Developer credentials

Build-Time vs Runtime Variables

Some variables are baked into the frontend at build time (during docker compose build):

Variable	When Applied
`VITE_API_URL`	Build time
`VITE_WS_URL`	Build time
`VITE_SUPABASE_URL`	Build time
`VITE_SUPABASE_PUBLISHABLE_KEY`	Build time
All other variables	Runtime

If you change a VITE_* variable, you must rebuild the web container:

docker compose build web
docker compose up -d web

Example Production `.env`

# Database
POSTGRES_PASSWORD=a-very-strong-random-password

# Supabase
SUPABASE_URL=https://your-project.supabase.co
SUPABASE_SECRET_KEY=sb_secret_...
VITE_SUPABASE_URL=https://your-project.supabase.co
VITE_SUPABASE_PUBLISHABLE_KEY=sb_publishable_...

# URLs (all pointing to your public domain)
FRONTEND_URL=https://chat.example.com
VITE_API_URL=https://chat.example.com
VITE_WS_URL=https://chat.example.com

# WebAuthn (required for passkeys on your domain)
WEBAUTHN_RP_ID=example.com
WEBAUTHN_RP_NAME=Onera
WEBAUTHN_ORIGIN=https://chat.example.com

Configuration

On this page