Skip to main content

Configuration

OtoDock's settings live in two places, and knowing which is which keeps things simple:

  • config.env (.env on a Docker install) — deployment settings and secrets. Set once, rarely touched.
  • The dashboard — everything you tune day to day, under the Setup pages.

config.env: deployment and secrets

This is the file you created at install time — .env next to your compose file on a Docker install, config.env in the repository root on a source install. On first boot OtoDock appends its own generated secrets to it, and existing values are never overwritten, so it's safe across upgrades.

It holds the things that belong with the deployment, not the UI:

Secrets — generated for you

On first run, OtoDock generates and stores its own secrets in this file (signing keys, push-notification keys — the database password is the one you set yourself at install). Don't change or share these — regenerating them logs everyone out, and they should never end up in version control.

Settings you may set

SettingWhat it's for
DASHBOARD_PUBLIC_URLThe public address users reach OtoDock at (e.g. https://otodock.example.com). Drives login cookies, sign-in redirects, and links in notifications.
PROXY_PORTThe port OtoDock listens on (default 8400).
TZThe server's timezone — used for schedules and timestamps. Also changeable later in the dashboard.
Subnet overridesIf OtoDock's internal Docker ranges (10.200.0.0/24 and 10.201.0.0/16) clash with your LAN or VPN, override them with OTODOCK_NETWORK_SUBNET / OTODOCK_MCP_ADDRESS_POOL.
OTODOCK_PROXY_MEM_LIMITCaps the server container's memory. OtoDock plans how many agent sessions can run at once from the memory available to it — set this if the host shares its RAM with other workloads.
OIDC_*Single sign-on with an identity provider — see below.

The database connection is handled for you: on a Docker install the compose file wires OtoDock to the bundled PostgreSQL, and on a source install the setup script configures a local one.

Single sign-on (OIDC)

SSO takes a handful of OIDC_* settings in the same file: set OIDC_ENABLED=true, your provider's OIDC_DISCOVERY_URL, OIDC_CLIENT_ID, and OIDC_CLIENT_SECRET, and — to map provider groups to OtoDock roles — OIDC_ROLE_ADMIN_GROUP / OIDC_ROLE_CREATOR_GROUP / OIDC_ROLE_MEMBER_GROUP. The redirect URI derives from DASHBOARD_PUBLIC_URL automatically (…/auth/callback). See Users & Access for how roles work.

The dashboard: everything else

Most settings live in the web interface under Setup, take effect immediately, and need no restart:

  • General — company name and platform-wide agent instructions.
  • AI Engines — connect subscriptions, keys, and models (see Connecting your AI).
  • OtoDock — your license.
  • Audio — the speech-to-text and text-to-speech providers behind Voice.
  • Security — password policy, email (SMTP), and bot protection.
  • System Settings — timezone, session timeouts, memory, storage, and retention.

Where your data lives

OtoDock keeps your data on the machine you run it on. On a Docker Compose install, it lives in named volumes — the database, the agent files, and session state — so stopping and restarting the stack keeps everything intact. Back these up (see Upgrading & Backups).

Next steps