Configuration
OtoDock's settings live in two places, and knowing which is which keeps things simple:
config.env(.envon a Docker install) — deployment settings and secrets. Set once, rarely touched.- The dashboard — everything you tune day to day, under the Setup pages.
config.env: deployment and secrets
This is the file you created at install time — .env next to your compose file on a
Docker install, config.env in the repository root on a source install. On first boot
OtoDock appends its own generated secrets to it, and existing values are never
overwritten, so it's safe across upgrades.
It holds the things that belong with the deployment, not the UI:
Secrets — generated for you
On first run, OtoDock generates and stores its own secrets in this file (signing keys, push-notification keys — the database password is the one you set yourself at install). Don't change or share these — regenerating them logs everyone out, and they should never end up in version control.
Settings you may set
| Setting | What it's for |
|---|---|
DASHBOARD_PUBLIC_URL | The public address users reach OtoDock at (e.g. https://otodock.example.com). Drives login cookies, sign-in redirects, and links in notifications. |
PROXY_PORT | The port OtoDock listens on (default 8400). |
TZ | The server's timezone — used for schedules and timestamps. Also changeable later in the dashboard. |
| Subnet overrides | If OtoDock's internal Docker ranges (10.200.0.0/24 and 10.201.0.0/16) clash with your LAN or VPN, override them with OTODOCK_NETWORK_SUBNET / OTODOCK_MCP_ADDRESS_POOL. |
OTODOCK_PROXY_MEM_LIMIT | Caps the server container's memory. OtoDock plans how many agent sessions can run at once from the memory available to it — set this if the host shares its RAM with other workloads. |
OIDC_* | Single sign-on with an identity provider — see below. |
The database connection is handled for you: on a Docker install the compose file wires OtoDock to the bundled PostgreSQL, and on a source install the setup script configures a local one.
Single sign-on (OIDC)
SSO takes a handful of OIDC_* settings in the same file: set OIDC_ENABLED=true, your
provider's OIDC_DISCOVERY_URL, OIDC_CLIENT_ID, and OIDC_CLIENT_SECRET, and — to map
provider groups to OtoDock roles — OIDC_ROLE_ADMIN_GROUP / OIDC_ROLE_CREATOR_GROUP /
OIDC_ROLE_MEMBER_GROUP. The redirect URI derives from DASHBOARD_PUBLIC_URL
automatically (…/auth/callback). See
Users & Access for how roles work.
The dashboard: everything else
Most settings live in the web interface under Setup, take effect immediately, and need no restart:
- General — company name and platform-wide agent instructions.
- AI Engines — connect subscriptions, keys, and models (see Connecting your AI).
- OtoDock — your license.
- Audio — the speech-to-text and text-to-speech providers behind Voice.
- Security — password policy, email (SMTP), and bot protection.
- System Settings — timezone, session timeouts, memory, storage, and retention.
Where your data lives
OtoDock keeps your data on the machine you run it on. On a Docker Compose install, it lives in named volumes — the database, the agent files, and session state — so stopping and restarting the stack keeps everything intact. Back these up (see Upgrading & Backups).
Next steps
- Upgrading & Backups → — keep current and keep your data safe.
- Users & Access → — SSO, roles, and login security.
- Installation → — where
config.envis first created.