Environment Variables

RosFit services are configured through environment variables, making it straightforward to deploy across Docker Compose, Kubernetes, and bare-metal environments. All variables can be set in a .env file at the repository root.

Overview

Each service reads its configuration from environment variables at startup. The .env file at the repository root is loaded by Docker Compose and passed to all containers. For Kubernetes deployments, map these to ConfigMaps and Secrets.

Application

VariableDefaultServiceDescription
ROSFIT_PORT3000DashboardPort for the React dashboard
ROSFIT_API_PORT4000APIPort for the FastAPI backend (internal; proxied through 8000)
ROSFIT_LOG_LEVELinfoAllGlobal log level (debug, info, warn, error)

MQTT

VariableDefaultServiceDescription
ROSFIT_MQTT_URLmqtt://localhost:1883API, HandlerFull MQTT broker URL
ROSFIT_MQTT_USERAPI, HandlerMQTT username for service connections
ROSFIT_MQTT_PASSAPI, HandlerMQTT password for service connections
ROSFIT_MQTT_CA_PATHAPI, HandlerPath to CA certificate for TLS
MQTT_BROKER_HOSTemqxDocker internalBroker hostname on the Docker network
MQTT_BROKER_PORT1883Docker internalBroker port on the Docker network

Database

VariableDefaultServiceDescription
ROSFIT_DB_URLpostgresql://rosfit:rosfit@timescaledb:5432/rosfitAPI, HandlerFull database connection string
DATABASE_URLsame as ROSFIT_DB_URLAPIAlias used by some ORMs and migration tools

The database should be a PostgreSQL instance with the TimescaleDB extension. Telemetry data is stored in hypertables for efficient time-range queries.

Cache

VariableDefaultServiceDescription
REDIS_URLredis://redis:6379/0API, HandlerRedis connection URL

Redis is used for device shadow state, session caching, real-time pub/sub for WebSocket events, and rate limiting.

Object storage

VariableDefaultServiceDescription
MINIO_ENDPOINTminio:9000API, OTA ServiceMinIO S3-compatible endpoint
MINIO_ACCESS_KEYminioadminAPI, OTA ServiceMinIO access key
MINIO_SECRET_KEYminioadminAPI, OTA ServiceMinIO secret key

MinIO stores firmware binaries, device certificates, and any large blob data. For production, replace the default credentials and enable TLS.

Security

VariableDefaultServiceDescription
ROSFIT_JWT_SECRETAPISecret key for signing JWT access and refresh tokens (required, no default)

Generate a strong secret with:

openssl rand -base64 64

Never commit this value to version control. In production, use a secrets manager (AWS Secrets Manager, Vault, Kubernetes Secrets).

AWS IoT Core

These variables are only required if you are using AWS IoT Core as your MQTT broker instead of the self-hosted EMQX.

VariableDefaultServiceDescription
ROSFIT_AWS_IOT_ENDPOINTAPI, HandlerAWS IoT Core endpoint (e.g. a1b2c3-ats.iot.us-east-1.amazonaws.com)
ROSFIT_AWS_REGIONus-east-1API, HandlerAWS region for IoT Core

When using AWS IoT Core, device authentication is handled via X.509 certificates managed through AWS. The ROSFIT_MQTT_* variables are ignored.

.env.example

Copy this file to .env and fill in your values:

# ── Application ──────────────────────────────────────────
ROSFIT_PORT=3000
ROSFIT_API_PORT=4000
ROSFIT_LOG_LEVEL=info

# ── MQTT Broker ──────────────────────────────────────────
ROSFIT_MQTT_URL=mqtt://emqx:1883
ROSFIT_MQTT_USER=rosfit_service
ROSFIT_MQTT_PASS=change_me_in_production
ROSFIT_MQTT_CA_PATH=
MQTT_BROKER_HOST=emqx
MQTT_BROKER_PORT=1883

# ── Database (TimescaleDB) ───────────────────────────────
ROSFIT_DB_URL=postgresql://rosfit:rosfit@timescaledb:5432/rosfit
DATABASE_URL=postgresql://rosfit:rosfit@timescaledb:5432/rosfit

# ── Redis ────────────────────────────────────────────────
REDIS_URL=redis://redis:6379/0

# ── MinIO (Object Storage) ──────────────────────────────
MINIO_ENDPOINT=minio:9000
MINIO_ACCESS_KEY=minioadmin
MINIO_SECRET_KEY=minioadmin

# ── Security ─────────────────────────────────────────────
ROSFIT_JWT_SECRET=replace_with_a_strong_random_secret

# ── AWS IoT Core (optional) ─────────────────────────────
# ROSFIT_AWS_IOT_ENDPOINT=a1b2c3-ats.iot.us-east-1.amazonaws.com
# ROSFIT_AWS_REGION=us-east-1