Skip to content

Full Configuration Example

Production configuration should pin only the values you own: secrets, database, Redis, domains, reverse proxy settings, storage paths, and enabled features. Do not copy the full default template into production.

GoalUse
Single-node Docker Compose deploymentUse Compose env, without synctv.yaml
Bare-metal or KubernetesStart from the minimal production skeleton
Look up field hierarchyUse the full template
Inspect the effective config for this binaryRun synctv config show --output yaml

Quick Start production Compose uses .env.postgres, .env.redis, and .env.synctv. Confirm at least:

.env.synctv
SYNCTV_BOOTSTRAP_ROOT_PASSWORD=replace-with-a-strong-password
# Use a JSON array when frontend and API use different origins.
SYNCTV_SERVER_CORS_ALLOWED_ORIGINS=["https://app.example.com"]
# init-compose-env.sh generates these long-lived secrets. Back up and reuse the same files.
SYNCTV_JWT_SECRET=...
SYNCTV_SECURITY_OPAQUE_SERVER_SETUP_SECRET=...
SYNCTV_SECURITY_CREDENTIAL_ENCRYPTION_KEY=...

Start and verify:

Terminal window
docker compose config
docker compose up -d
curl -fsS http://localhost:8080/health/ready

Use the YAML templates below for bare-metal, Kubernetes, or custom secret files.

database and redis both support full URLs and split fields. Prefer url_file in production because it minimizes credential exposure.

Database URL form:

database:
url_file: "/run/secrets/database_url"

Database split form:

database:
host: "postgres.example.com"
port: 5432
username: "synctv"
password_file: "/run/secrets/database_password"
name: "synctv"

Redis URL form:

redis:
url_file: "/run/secrets/redis_url"

Redis Sentinel form:

Sentinel cannot be combined with cluster.enabled=true. For clustered deployments, use a stable single Redis endpoint, managed Redis, or a platform that guarantees stable connection semantics.

redis:
deployment_mode: "sentinel"
sentinel_master_name: "mymaster"
sentinel_addresses:
- "redis://sentinel-0.redis:26379"
- "redis://sentinel-1.redis:26379"
- "redis://sentinel-2.redis:26379"
Terminal window
synctv config show --output yaml

With an explicit config file:

Terminal window
synctv --config /etc/synctv/synctv.yaml config show --output yaml

TOML output:

Terminal window
synctv --config /etc/synctv/synctv.yaml config show --output toml
Terminal window
synctv --config /etc/synctv/synctv.yaml config validate

Validation checks required secrets, cluster Redis requirements, TCP management authentication, CORS origins, gRPC message size, WebAuthn origins, and path resolution.