Configuration Options
Windshift is configured through CLI flags and environment variables. Flags take precedence over environment variables.
Server
| Flag |
Env Var |
Default |
Description |
--port, -p |
PORT |
8080 |
HTTP server port |
--use-proxy |
USE_PROXY |
false |
Trust X-Forwarded-Proto headers |
--allowed-hosts |
ALLOWED_HOSTS |
- |
Comma-separated allowed hostnames |
--base-url |
BASE_URL |
- |
Public URL for generating links in emails, SSO redirects, and calendar feeds |
--allowed-port |
- |
- |
Port for CORS and WebAuthn origin |
--additional-proxies |
ADDITIONAL_PROXIES |
- |
Additional trusted proxy IP addresses |
--no-csrf |
- |
false |
Disable CSRF protection (development only) |
Database
| Flag |
Env Var |
Default |
Description |
--db |
DB_PATH |
windshift.db |
SQLite database file path |
--postgres-connection-string |
POSTGRES_CONNECTION_STRING |
- |
PostgreSQL connection string |
--pg-conn |
- |
- |
Short alias for --postgres-connection-string |
| - |
DB_TYPE |
- |
Database type override |
--max-read-conns |
MAX_READ_CONNS |
120 |
Max SQLite read connections |
--max-write-conns |
MAX_WRITE_CONNS |
1 |
Max SQLite write connections |
Files & Attachments
| Flag |
Env Var |
Default |
Description |
--attachment-path |
ATTACHMENT_PATH |
- |
Path for file attachments storage |
TLS
| Flag |
Env Var |
Default |
Description |
--tls-cert |
- |
- |
Path to TLS certificate file |
--tls-key |
- |
- |
Path to TLS private key file |
SSH / TUI
| Flag |
Env Var |
Default |
Description |
--ssh |
SSH_ENABLED |
false |
Enable SSH TUI server |
--ssh-port |
SSH_PORT |
23234 |
SSH server port |
--ssh-host |
SSH_HOST |
localhost |
SSH server bind address |
--ssh-key |
- |
- |
Path to SSH host key file |
Logging
| Flag |
Env Var |
Default |
Description |
--log-level |
LOG_LEVEL |
info |
Log level: debug, info, warn, error |
--log-format |
LOG_FORMAT |
text |
Log format: text, json, logfmt |
Plugins
| Flag |
Env Var |
Default |
Description |
--disable-plugins |
DISABLE_PLUGINS |
false |
Disable the plugin system |
Authentication
| Flag |
Env Var |
Default |
Description |
--enable-fallback |
ENABLE_ADMIN_FALLBACK |
false |
Enable admin password fallback for restrictive auth setups |
AI / LLM
| Flag |
Env Var |
Default |
Description |
--llm-providers |
LLM_PROVIDERS_FILE |
- |
Path to custom LLM providers JSON file |
--ai-prompts-dir |
AI_PROMPTS_DIR |
- |
Directory containing custom AI prompt override files |
| - |
LLM_ENDPOINT |
- |
LLM inference service endpoint |
| - |
LOGBOOK_ENDPOINT |
- |
Logbook (knowledge management) service endpoint |
Examples
Minimal (SQLite)
./windshift --port 3000 --db /data/windshift.db
Production (PostgreSQL + Proxy)
./windshift \
--port 8080 \
--postgres-connection-string "postgres://windshift:secret@db:5432/windshift?sslmode=require" \
--use-proxy \
--allowed-hosts windshift.example.com \
--base-url https://windshift.example.com \
--attachment-path /data/attachments \
--log-level info \
--log-format json
Development
./windshift \
--port 8080 \
--db dev.db \
--log-level debug \
--no-csrf