Appearance
Environment Variables
All configuration is managed through the .env file at the root of your HELIX installation. This page documents every available variable.
Organization & Admin
| Variable | Required | Default | Description |
|---|---|---|---|
ORG_NAME | No | "" | Organization display name |
ADMIN_EMAIL | Yes | — | First admin user's email |
ADMIN_PASSWORD | Yes | — | First admin user's password |
AI Model Configuration
| Variable | Required | Default | Description |
|---|---|---|---|
MODEL_PROVIDER | Yes | — | AI provider: moonshot, openai, anthropic, nvidia, kimi-coding, custom |
MODEL_NAME | No | — | Model identifier (e.g., kimi-k2.5, gpt-4o) |
MODEL_API_KEY | Yes | — | Your AI provider API key |
MODEL_BASE_URL | No | Auto-detected | Custom API endpoint URL |
MODEL_DISPLAY_NAME | No | Same as MODEL_NAME | Friendly display name in the UI |
MODEL_CONTEXT_WINDOW | No | 256000 | Maximum context tokens |
MODEL_MAX_TOKENS | No | 8192 | Maximum output tokens per request |
Provider Base URLs
If MODEL_BASE_URL is left blank, HELIX uses the default for each provider:
| Provider | Default Base URL |
|---|---|
moonshot | https://api.moonshot.cn/v1 |
openai | https://api.openai.com/v1 |
anthropic | https://api.anthropic.com/v1 |
nvidia | NVIDIA NIM endpoint |
custom | Must be provided |
Gateway (OpenClaw)
| Variable | Required | Default | Description |
|---|---|---|---|
GATEWAY_PORT | No | 18789 | WebSocket port for the gateway |
GATEWAY_TOKEN | Auto | Auto-generated | Authentication token for gateway communication |
GATEWAY_URL | No | ws://gateway:18789 | Internal Docker URL for the gateway |
INFO
GATEWAY_TOKEN is auto-generated during installation. You should not need to change it unless reconfiguring the gateway manually.
Telegram Integration
| Variable | Required | Default | Description |
|---|---|---|---|
TELEGRAM_BOT_TOKEN | No | — | Bot token from @BotFather |
TELEGRAM_ALLOWED_USER_IDS | No | — | Comma-separated Telegram user IDs allowed to interact with the bot |
Domain & SSL
| Variable | Required | Default | Description |
|---|---|---|---|
DOMAIN | No | — | Your domain or IP address |
ENABLE_SSL | No | false | Enable SSL/TLS via Caddy |
SSL_EMAIL | No | — | Email for Let's Encrypt certificate |
SKIP_PROXY | No | false | Skip Caddy reverse proxy setup |
Database
| Variable | Required | Default | Description |
|---|---|---|---|
POSTGRES_USER | No | helix | PostgreSQL username |
POSTGRES_PASSWORD | Auto | Auto-generated | PostgreSQL password |
POSTGRES_DB | No | helix_mc | Database name |
DATABASE_URL | Auto | Constructed | Full connection string (auto-built from above) |
WARNING
POSTGRES_PASSWORD is auto-generated during installation. Changing it requires updating both the .env and the running PostgreSQL container.
Redis
| Variable | Required | Default | Description |
|---|---|---|---|
REDIS_URL | No | redis://redis:6379/0 | Redis connection URL |
Authentication
| Variable | Required | Default | Description |
|---|---|---|---|
AUTH_MODE | No | local | Authentication mode |
JWT_SECRET | Auto | Auto-generated | Secret key for JWT token signing |
SERVICE_TOKEN | Auto | Auto-generated | Service-to-service authentication token |
Frontend
| Variable | Required | Default | Description |
|---|---|---|---|
NEXT_PUBLIC_API_URL | No | auto | API URL for browser requests. auto = auto-detect from current domain. Set explicitly for custom setups. |
TIP
NEXT_PUBLIC_API_URL is baked into the frontend at build time. If you change it, rebuild the frontend container: docker compose up -d --build frontend
CORS
| Variable | Required | Default | Description |
|---|---|---|---|
CORS_ORIGINS | No | http://localhost:3000 | Comma-separated allowed origins |
Licensing
| Variable | Required | Default | Description |
|---|---|---|---|
LICENSE_SERVER_URL | No | https://api.helixnode.tech | License validation server |
LICENSE_KEY | No | — | Your HELIX license key (HLX-XXXX-XXXX-XXXX-XXXX) |
Analytics (Optional)
| Variable | Required | Default | Description |
|---|---|---|---|
GA4_PROPERTY_ID | No | — | Google Analytics 4 property ID |
GSC_SITE_URL | No | — | Google Search Console site URL |
GOOGLE_APPLICATION_CREDENTIALS | No | — | Path to Google credentials JSON file |
Advanced
| Variable | Required | Default | Description |
|---|---|---|---|
LOG_LEVEL | No | info | Logging level: debug, info, warning, error |
MAX_AGENTS | No | 50 | Maximum agents per organization |
GENERATE_CONFIG | No | true | Auto-generate OpenClaw configuration file |
Example .env File
bash
# Organization
ORG_NAME=My Company
ADMIN_EMAIL=admin@mycompany.com
ADMIN_PASSWORD=secure-password-here
# AI Model
MODEL_PROVIDER=moonshot
MODEL_NAME=kimi-k2.5
MODEL_API_KEY=sk-your-api-key-here
MODEL_DISPLAY_NAME=Kimi K2.5
# Domain (optional)
DOMAIN=helix.mycompany.com
ENABLE_SSL=true
SSL_EMAIL=admin@mycompany.com
# Telegram (optional)
TELEGRAM_BOT_TOKEN=123456789:ABCdef...
TELEGRAM_ALLOWED_USER_IDS=12345678
# License
LICENSE_KEY=HLX-XXXX-XXXX-XXXX-XXXX
# Auto-generated (do not edit manually)
POSTGRES_PASSWORD=auto-generated-password
JWT_SECRET=auto-generated-secret
GATEWAY_TOKEN=auto-generated-token
SERVICE_TOKEN=auto-generated-token
DATABASE_URL=postgresql+asyncpg://helix:password@db:5432/helix_mc