Self-Hosting

Server Config

Default location: docker/monolith/rivet-server/config.yaml

Schema

Server

clickhouse
nullable object
- clickhouse.http_url
  string
  URL to the HTTP access port for ClickHouse.
- clickhouse.native_url
  string
  URL to the native access port for ClickHouse.
- clickhouse.password
  nullable string
- clickhouse.provision_users
  nullable map
  - clickhouse.provision_users[key].password
    string
  - clickhouse.provision_users[key].role
    string
    admin
    write
    read_only
  - clickhouse.provision_users[key].username
    string
- clickhouse.secure
  nullable boolean
- clickhouse.username
  string
cloudflare
nullable object
- cloudflare.account_id
  string
- cloudflare.auth_token
  string
- cloudflare.backend_dispatcher_namespace
  string
- cloudflare.zone
  object
  - cloudflare.zone.game
    nullable string
  - cloudflare.zone.job
    nullable string
  - cloudflare.zone.main
    nullable string
cockroachdb
nullable object
- cockroachdb.max_connections
  nullable integer
- cockroachdb.min_connections
  nullable integer
- cockroachdb.password
  nullable string
- cockroachdb.provision_users
  nullable map
  Automatically provisions new users when migrating the database.
  - cockroachdb.provision_users[key].password
    string
  - cockroachdb.provision_users[key].role
    string
    read
    read_write
  - cockroachdb.provision_users[key].username
    string
- cockroachdb.url
  string
- cockroachdb.username
  string
hcaptcha
nullable object
- hcaptcha.secret_fallback
  nullable string
- hcaptcha.site_key_fallback
  nullable string
ip_info
nullable object
- ip_info.token
  string
jwt
object
- jwt.private
  string
- jwt.public
  string
  The public EdDSA key in a PEM format.
linode
nullable object
- linode.api_token
  string
loops
nullable object
- loops.token
  string
nats
nullable object
- nats.password
  nullable string
- nats.urls
  array of strings
- nats.username
  nullable string
neon
nullable object
- neon.api_key
  string
nomad
nullable object
- nomad.server_count
  integer
- nomad.url
  string
prometheus
nullable object
- prometheus.url
  string
redis
nullable object
- redis.ephemeral
  object
  - redis.ephemeral.password
    nullable string
  - redis.ephemeral.url
    string
  - redis.ephemeral.username
    nullable string
- redis.persistent
  object
  - redis.persistent.password
    nullable string
  - redis.persistent.url
    string
  - redis.persistent.username
    nullable string
rivet
nullable object
- rivet.api_edge
  nullable object
  Configuration for the edge API service.
  - rivet.api_edge.host
    nullable string
  - rivet.api_edge.port
    nullable integer
  - rivet.api_edge.traefik_provider_token
    nullable string
- rivet.api_public
  nullable object
  Configuration for the public API service.
  - rivet.api_public.host
    nullable string
    The host on which the API service listens.
  - rivet.api_public.port
    nullable integer
    The port on which the API service listens.
  - rivet.api_public.public_origin
    nullable string
    The public origin URL for the API.
  - rivet.api_public.respect_forwarded_for
    nullable boolean
    Flag to respect the X-Forwarded-For header for client IP addresses.
    
    Will be ignored in favor of CF-Connecting-IP if DNS provider is configured as Cloudflare.
  - rivet.api_public.verbose_errors
    nullable boolean
    Flag to enable verbose error reporting.
- rivet.auth
  nullable object
  Configuration for authentication and access control.
  - rivet.auth.access_kind
    string
    public
    Anyone can sign up for an account.
    private
    Only admin users can create teams & projects.
    development
    Anyone can access the cluster without authorization.
    
    If enabled: - A default project with slug "default" & environment with slug "default" will be created automatically - This allows using Rivet without manually creating a new project/environment - Project & environment fields will fallback to "default" if not provided - This allows using Rivet with simplfied requests, like POST /actors without a query - If no bearer token is provided, authentication will always succeed - This allows setting up development environments without manually creating tokens
- rivet.backend
  nullable object
  Configuration for backend features (Enterprise Edition).
  - rivet.backend.base_domain
    string
    Base domain serving the backend endpoints.
- rivet.billing
  nullable object
  Configuration for billing features (Enterprise Edition).
  - rivet.billing.indie_price_id
    string
    Price ID for the indie tier.
  - rivet.billing.studio_price_id
    string
    Price ID for the studio tier.
- rivet.cdn
  nullable empty object
  Deprecated: Configuration for CDN.
- rivet.clusters
  nullable map
  - rivet.clusters[key].bootstrap_datacenters
    map
    Datacenters to automatically be created on cluster boot.
    
    This should only be used for manual cluster creation. Do not use for enterprise distributions.
    rivet.clusters[key].bootstrap_datacenters[key].build_delivery_method
    string
    traffic_server
    s3_direct
    rivet.clusters[key].bootstrap_datacenters[key].guard
    nullable object
    rivet.clusters[key].bootstrap_datacenters[key].guard.public_hostname
    nullable object
    Variant #1
    rivet.clusters[key].bootstrap_datacenters[key].guard.public_hostname.dns_parent
    string
    Variant #2
    rivet.clusters[key].bootstrap_datacenters[key].guard.public_hostname.static
    string
    rivet.clusters[key].bootstrap_datacenters[key].hardware
    nullable object
    rivet.clusters[key].bootstrap_datacenters[key].hardware.bandwidth
    integer
    Kibps
    rivet.clusters[key].bootstrap_datacenters[key].hardware.cpu
    integer
    Mhz
    rivet.clusters[key].bootstrap_datacenters[key].hardware.cpu_cores
    integer
    rivet.clusters[key].bootstrap_datacenters[key].hardware.disk
    integer
    MiB
    rivet.clusters[key].bootstrap_datacenters[key].hardware.memory
    integer
    MiB
    rivet.clusters[key].bootstrap_datacenters[key].id
    string
    This ID must not change.
    rivet.clusters[key].bootstrap_datacenters[key].name
    string
  - rivet.clusters[key].id
    string
    This ID must not change.
- rivet.default_cluster_id
  nullable string
  If specified, will use this as the default cluster ID.
  
  This will have no effect if applied after the cluster has first ran.
- rivet.dns
  nullable object
  Configuration for DNS management.
  - rivet.dns.domain_cdn
    nullable string
    The domain used for CDN-related services.
  - rivet.dns.domain_job
    nullable string
    The domain used for job-related services.
  - rivet.dns.domain_main
    nullable string
    The domain used for backend services.
  - rivet.dns.provider
    string
    cloudflare
- rivet.guard
  nullable object
  The port ranges define what ports Guard will allocate ports on. If using cluster provisioning, these are also used for firewall rules.
  - rivet.guard.http_port
    nullable integer
  - rivet.guard.https_port
    nullable integer
  - rivet.guard.max_ingress_port_tcp
    nullable integer
  - rivet.guard.max_ingress_port_udp
    nullable integer
  - rivet.guard.min_ingress_port_tcp
    nullable integer
  - rivet.guard.min_ingress_port_udp
    nullable integer
  - rivet.guard.tls_enabled
    nullable boolean
- rivet.health
  nullable object
  Configuration for the health check service.
  - rivet.health.host
    nullable string
  - rivet.health.port
    nullable integer
- rivet.job_run
  nullable object
  Deprecated: Configuration for job running.
  - rivet.job_run.job_runner_binary_url
    string
- rivet.metrics
  nullable object
  Configuration for the metrics service.
  - rivet.metrics.host
    nullable string
  - rivet.metrics.port
    nullable integer
- rivet.namespace
  nullable string
  IMPORTANT: Do not change this value after the first time starting a cluster with this namespace.
- rivet.orchestrator
  nullable object
  The service that manages Rivet Actors.
  - rivet.orchestrator.host
    nullable string
    The host on which the Pegboard service listens.
  - rivet.orchestrator.port
    nullable integer
    The port on which the Pegboard service listens.
- rivet.provision
  nullable object
  - rivet.provision.container_runner_binary_url
    string
    The URL for the container runner binary.
  - rivet.provision.isolate_runner_binary_url
    string
    The URL for the isolate runner binary.
  - rivet.provision.manager_binary_url
    string
    The URL for the manager binary.
  - rivet.provision.pools
    object
    rivet.provision.pools.ats
    object
    rivet.provision.pools.ats.firewall_rules
    nullable array of objects
    rivet.provision.pools.ats.firewall_rules[].inbound_ipv4_cidr
    array of strings
    rivet.provision.pools.ats.firewall_rules[].inbound_ipv6_cidr
    array of strings
    rivet.provision.pools.ats.firewall_rules[].label
    string
    rivet.provision.pools.ats.firewall_rules[].ports
    string
    rivet.provision.pools.ats.firewall_rules[].protocol
    string
    rivet.provision.pools.ats.vlan_ip_net
    nullable string
    rivet.provision.pools.fdb
    object
    rivet.provision.pools.fdb.firewall_rules
    nullable array of objects
    rivet.provision.pools.fdb.firewall_rules[].inbound_ipv4_cidr
    array of strings
    rivet.provision.pools.fdb.firewall_rules[].inbound_ipv6_cidr
    array of strings
    rivet.provision.pools.fdb.firewall_rules[].label
    string
    rivet.provision.pools.fdb.firewall_rules[].ports
    string
    rivet.provision.pools.fdb.firewall_rules[].protocol
    string
    rivet.provision.pools.fdb.vlan_ip_net
    nullable string
    rivet.provision.pools.gg
    object
    rivet.provision.pools.gg.firewall_rules
    nullable array of objects
    rivet.provision.pools.gg.firewall_rules[].inbound_ipv4_cidr
    array of strings
    rivet.provision.pools.gg.firewall_rules[].inbound_ipv6_cidr
    array of strings
    rivet.provision.pools.gg.firewall_rules[].label
    string
    rivet.provision.pools.gg.firewall_rules[].ports
    string
    rivet.provision.pools.gg.firewall_rules[].protocol
    string
    rivet.provision.pools.gg.vlan_ip_net
    nullable string
    rivet.provision.pools.job
    object
    rivet.provision.pools.job.provision_margin
    integer
    rivet.provision.pools.pegboard
    object
    These port range values will be pass to the Rivet Clients to choose ports & are used to provision firewalls.
    rivet.provision.pools.pegboard.firewall_rules
    nullable array of objects
    rivet.provision.pools.pegboard.firewall_rules[].inbound_ipv4_cidr
    array of strings
    rivet.provision.pools.pegboard.firewall_rules[].inbound_ipv6_cidr
    array of strings
    rivet.provision.pools.pegboard.firewall_rules[].label
    string
    rivet.provision.pools.pegboard.firewall_rules[].ports
    string
    rivet.provision.pools.pegboard.firewall_rules[].protocol
    string
    rivet.provision.pools.pegboard.max_lan_port
    nullable integer
    rivet.provision.pools.pegboard.max_wan_port
    nullable integer
    rivet.provision.pools.pegboard.min_lan_port
    nullable integer
    rivet.provision.pools.pegboard.min_wan_port
    nullable integer
    rivet.provision.pools.pegboard.provision_margin
    integer
    rivet.provision.pools.pegboard.vlan_addr_range_max
    nullable string
    rivet.provision.pools.pegboard.vlan_addr_range_min
    nullable string
  - rivet.provision.vlan_ip_net
    nullable string
- rivet.status
  nullable object
  Configure the status check API.
  
  These are different than the health check API since they check the internals of the Rivet system.
  - rivet.status.system_test_isolate_environment
    nullable string
  - rivet.status.system_test_isolate_project
    nullable string
  - rivet.status.token
    string
- rivet.telemetry
  nullable object
  Configuration for telemetry collection.
  - rivet.telemetry.enable
    boolean
    Flag to enable or disable telemetry collection.
- rivet.test_builds
  nullable map
  Configuration for test builds.
  - rivet.test_builds[key].key
    string
    S3 key.
  - rivet.test_builds[key].tag
    string
    Image tag.
- rivet.tunnel
  nullable object
  Configuration for the tunnel service.
  - rivet.tunnel.public_host
    string
- rivet.ui
  nullable object
  Configuration for the UI service.
  - rivet.ui.enable
    nullable boolean
    Enables serving the UI automatically.
    
    If disabled, the UI can be hosted separately.
  - rivet.ui.public_origin
    nullable string
    The origin URL for the UI.
  - rivet.ui.public_origin_regex
    nullable string
    Regular expression to match valid UI origins.
s3
nullable object
- s3.access_key_id
  string
- s3.endpoint_edge_internal
  nullable string
  If not defined, will default to endpoint_external.
- s3.endpoint_external
  string
- s3.endpoint_internal
  string
- s3.region
  string
- s3.secret_access_key
  string
sendgrid
nullable object
- sendgrid.key
  string
ssh
nullable object
- ssh.server
  object
  - ssh.server.private_key_openssh
    string
stripe
nullable object
- stripe.secret_key
  string
- stripe.webhook_secret
  string
tls
nullable object
- tls.acme
  object
  - tls.acme.account_private_key_pem
    string
  - tls.acme.directory
    nullable string
    lets_encrypt
    lets_encrypt_staging
- tls.cert_locally_signed_job_cert_pem
  string
- tls.cert_locally_signed_job_key_pem
  string
- tls.root_ca_cert_pem
  string
turnstile
nullable object
- turnstile.cdn_secret_key
  nullable string
- turnstile.cdn_site_key
  nullable string
- turnstile.main_secret_key
  nullable string
- turnstile.main_site_key
  nullable string

Overriding

Config properties can be overridden with environment variables:

RIVET__SERVER__JWT__PRIVATE=value overrides jwt.private.