Environment Variables
RosFit services are configured through environment variables, making it straightforward to deploy across Docker Compose, Kubernetes, and bare-metal environments. All variables can be set in a .env file at the repository root.
Overview
Each service reads its configuration from environment variables at startup. The .env file at the repository root is loaded by Docker Compose and passed to all containers. For Kubernetes deployments, map these to ConfigMaps and Secrets.
Application
| Variable | Default | Service | Description |
|---|---|---|---|
ROSFIT_PORT | 3000 | Dashboard | Port for the React dashboard |
ROSFIT_API_PORT | 4000 | API | Port for the FastAPI backend (internal; proxied through 8000) |
ROSFIT_LOG_LEVEL | info | All | Global log level (debug, info, warn, error) |
MQTT
| Variable | Default | Service | Description |
|---|---|---|---|
ROSFIT_MQTT_URL | mqtt://localhost:1883 | API, Handler | Full MQTT broker URL |
ROSFIT_MQTT_USER | — | API, Handler | MQTT username for service connections |
ROSFIT_MQTT_PASS | — | API, Handler | MQTT password for service connections |
ROSFIT_MQTT_CA_PATH | — | API, Handler | Path to CA certificate for TLS |
MQTT_BROKER_HOST | emqx | Docker internal | Broker hostname on the Docker network |
MQTT_BROKER_PORT | 1883 | Docker internal | Broker port on the Docker network |
Database
| Variable | Default | Service | Description |
|---|---|---|---|
ROSFIT_DB_URL | postgresql://rosfit:rosfit@timescaledb:5432/rosfit | API, Handler | Full database connection string |
DATABASE_URL | same as ROSFIT_DB_URL | API | Alias used by some ORMs and migration tools |
The database should be a PostgreSQL instance with the TimescaleDB extension. Telemetry data is stored in hypertables for efficient time-range queries.
Cache
| Variable | Default | Service | Description |
|---|---|---|---|
REDIS_URL | redis://redis:6379/0 | API, Handler | Redis connection URL |
Redis is used for device shadow state, session caching, real-time pub/sub for WebSocket events, and rate limiting.
Object storage
| Variable | Default | Service | Description |
|---|---|---|---|
MINIO_ENDPOINT | minio:9000 | API, OTA Service | MinIO S3-compatible endpoint |
MINIO_ACCESS_KEY | minioadmin | API, OTA Service | MinIO access key |
MINIO_SECRET_KEY | minioadmin | API, OTA Service | MinIO secret key |
MinIO stores firmware binaries, device certificates, and any large blob data. For production, replace the default credentials and enable TLS.
Security
| Variable | Default | Service | Description |
|---|---|---|---|
ROSFIT_JWT_SECRET | — | API | Secret key for signing JWT access and refresh tokens (required, no default) |
Generate a strong secret with:
openssl rand -base64 64
Never commit this value to version control. In production, use a secrets manager (AWS Secrets Manager, Vault, Kubernetes Secrets).
AWS IoT Core
These variables are only required if you are using AWS IoT Core as your MQTT broker instead of the self-hosted EMQX.
| Variable | Default | Service | Description |
|---|---|---|---|
ROSFIT_AWS_IOT_ENDPOINT | — | API, Handler | AWS IoT Core endpoint (e.g. a1b2c3-ats.iot.us-east-1.amazonaws.com) |
ROSFIT_AWS_REGION | us-east-1 | API, Handler | AWS region for IoT Core |
When using AWS IoT Core, device authentication is handled via X.509 certificates managed through AWS. The ROSFIT_MQTT_* variables are ignored.
.env.example
Copy this file to .env and fill in your values:
# ── Application ──────────────────────────────────────────
ROSFIT_PORT=3000
ROSFIT_API_PORT=4000
ROSFIT_LOG_LEVEL=info
# ── MQTT Broker ──────────────────────────────────────────
ROSFIT_MQTT_URL=mqtt://emqx:1883
ROSFIT_MQTT_USER=rosfit_service
ROSFIT_MQTT_PASS=change_me_in_production
ROSFIT_MQTT_CA_PATH=
MQTT_BROKER_HOST=emqx
MQTT_BROKER_PORT=1883
# ── Database (TimescaleDB) ───────────────────────────────
ROSFIT_DB_URL=postgresql://rosfit:rosfit@timescaledb:5432/rosfit
DATABASE_URL=postgresql://rosfit:rosfit@timescaledb:5432/rosfit
# ── Redis ────────────────────────────────────────────────
REDIS_URL=redis://redis:6379/0
# ── MinIO (Object Storage) ──────────────────────────────
MINIO_ENDPOINT=minio:9000
MINIO_ACCESS_KEY=minioadmin
MINIO_SECRET_KEY=minioadmin
# ── Security ─────────────────────────────────────────────
ROSFIT_JWT_SECRET=replace_with_a_strong_random_secret
# ── AWS IoT Core (optional) ─────────────────────────────
# ROSFIT_AWS_IOT_ENDPOINT=a1b2c3-ats.iot.us-east-1.amazonaws.com
# ROSFIT_AWS_REGION=us-east-1