The time of day to run daily server tasks, in HH:MM format. Use the server's local time, not UTC
* Starting in v1.4.0 this was changed to default to false as part of a security review of the application.
Security
Variables
Default
Description
SECURITY_MAX_LOGIN_ATTEMPTS
5
Maximum times a user can provide an invalid password before their account is locked
SECURITY_USER_LOCKOUT_TIME
24
Time in hours for how long a users account is locked
Database
Variables
Default
Description
DB_ENGINE
sqlite
Optional: 'sqlite', 'postgres'
POSTGRES_USER
mealie
Postgres database user
POSTGRES_PASSWORD
mealie
Postgres database password
POSTGRES_SERVER
postgres
Postgres database server address
POSTGRES_PORT
5432
Postgres database port
POSTGRES_DB
mealie
Postgres database name
POSTGRES_URL_OVERRIDE
None
Optional Postgres URL override to use instead of POSTGRES_* variables
Email
Variables
Default
Description
SMTP_HOST
None
Required For email
SMTP_PORT
587
Required For email
SMTP_FROM_NAME
Mealie
Required For email
SMTP_AUTH_STRATEGY
TLS
Required For email, Options: 'TLS', 'SSL', 'NONE'
SMTP_FROM_EMAIL
None
Required For email
SMTP_USER
None
Required if SMTP_AUTH_STRATEGY is 'TLS' or 'SSL'
SMTP_PASSWORD
None
Required if SMTP_AUTH_STRATEGY is 'TLS' or 'SSL'
Webworker
Changing the webworker settings may cause unforeseen memory leak issues with Mealie. It's best to leave these at the defaults unless you begin to experience issues with multiple users. Exercise caution when changing these settings
Variables
Default
Description
UVICORN_WORKERS
1
Sets the number of workers for the web server. More info here
LDAP
Variables
Default
Description
LDAP_AUTH_ENABLED
False
Authenticate via an external LDAP server in addidion to built-in Mealie auth
LDAP_SERVER_URL
None
LDAP server URL (e.g. ldap://ldap.example.com)
LDAP_TLS_INSECURE
False
Do not verify server certificate when using secure LDAP
LDAP_TLS_CACERTFILE
None
File path to Certificate Authority used to verify server certificate (e.g. /path/to/ca.crt)
LDAP_ENABLE_STARTTLS
False
Optional. Use STARTTLS to connect to the server
LDAP_BASE_DN
None
Starting point when searching for users authentication (e.g. CN=Users,DC=xx,DC=yy,DC=de)
LDAP_QUERY_BIND
None
Optional bind user for LDAP search queries (e.g. cn=admin,cn=users,dc=example,dc=com). If None then anonymous bind will be used
LDAP_QUERY_PASSWORD
None
Optional password for the bind user used in LDAP_QUERY_BIND
LDAP_USER_FILTER
None
Optional LDAP filter to narrow down eligible users (e.g. (memberOf=cn=mealie_user,dc=example,dc=com))
LDAP_ADMIN_FILTER
None
Optional LDAP filter, which tells Mealie the LDAP user is an admin (e.g. (memberOf=cn=admins,dc=example,dc=com))
Enables new users to be created when signing in for the first time with OIDC
OIDC_CONFIGURATION_URL
None
The URL to the OIDC configuration of your provider. This is usually something like https://auth.example.com/.well-known/openid-configuration
OIDC_CLIENT_ID
None
The client id of your configured client in your provider
OIDC_USER_GROUP
None
If specified, only users belonging to this group will be able to successfully authenticate, regardless of the OIDC_ADMIN_GROUP. For more information see this page
OIDC_ADMIN_GROUP
None
If specified, users belonging to this group will be made an admin. For more information see this page
OIDC_AUTO_REDIRECT
False
If True, then the login page will be bypassed an you will be sent directly to your Identity Provider. You can still get to the login page by adding ?direct=1 to the login URL
OIDC_PROVIDER_NAME
OAuth
The provider name is shown in SSO login button. "Login with <OIDC_PROVIDER_NAME>"
OIDC_REMEMBER_ME
False
Because redirects bypass the login screen, you cant extend your session by clicking the "Remember Me" checkbox. By setting this value to true, a session will be extended as if "Remember Me" was checked
OIDC_SIGNING_ALGORITHM
RS256
The algorithm used to sign the id token (examples: RS256, HS256)
OIDC_USER_CLAIM
email
This is the claim which Mealie will use to look up an existing user by (e.g. "email", "preferred_username")
OIDC_GROUPS_CLAIM
groups
Optional if not using OIDC_USER_GROUP or OIDC_ADMIN_GROUP. This is the claim Mealie will request from your IdP and will use to compare to OIDC_USER_GROUP or OIDC_ADMIN_GROUP to allow the user to log in to Mealie or is set as an admin. Your IdP must be configured to grant this claim
OIDC_TLS_CACERTFILE
None
File path to Certificate Authority used to verify server certificate (e.g. /path/to/ca.crt)
OpenAI
v1.7.0
Mealie supports various integrations using OpenAI. For more information, check out our OpenAI documentation.
Variables
Default
Description
OPENAI_BASE_URL
None
The base URL for the OpenAI API. If you're not sure, leave this empty to use the standard OpenAI platform
OPENAI_API_KEY
None
Your OpenAI API Key. Enables OpenAI-related features
OPENAI_MODEL
gpt-4o
Which OpenAI model to use. If you're not sure, leave this empty
OPENAI_ENABLE_IMAGE_SERVICES
True
Whether to enable OpenAI image services, such as creating recipes via image. Leave this enabled unless your custom model doesn't support it, or you want to reduce costs
OPENAI_WORKERS
2
Number of OpenAI workers per request. Higher values may increase processing speed, but will incur additional API costs
OPENAI_SEND_DATABASE_DATA
True
Whether to send Mealie data to OpenAI to improve request accuracy. This will incur additional API costs
OPENAI_REQUEST_TIMEOUT
60
The number of seconds to wait for an OpenAI request to complete before cancelling the request. Leave this empty unless you're running into timeout issues on slower hardware
Themeing
Setting the following environmental variables will change the theme of the frontend. Note that the themes are the same for all users. This is a break-change when migration from v0.x.x -> 1.x.x.
Variables
Default
Description
THEME_LIGHT_PRIMARY
#E58325
Light Theme Config Variable
THEME_LIGHT_ACCENT
#007A99
Light Theme Config Variable
THEME_LIGHT_SECONDARY
#973542
Light Theme Config Variable
THEME_LIGHT_SUCCESS
#43A047
Light Theme Config Variable
THEME_LIGHT_INFO
#1976D2
Light Theme Config Variable
THEME_LIGHT_WARNING
#FF6D00
Light Theme Config Variable
THEME_LIGHT_ERROR
#EF5350
Light Theme Config Variable
THEME_DARK_PRIMARY
#E58325
Dark Theme Config Variable
THEME_DARK_ACCENT
#007A99
Dark Theme Config Variable
THEME_DARK_SECONDARY
#973542
Dark Theme Config Variable
THEME_DARK_SUCCESS
#43A047
Dark Theme Config Variable
THEME_DARK_INFO
#1976D2
Dark Theme Config Variable
THEME_DARK_WARNING
#FF6D00
Dark Theme Config Variable
THEME_DARK_ERROR
#EF5350
Dark Theme Config Variable
Docker Secrets
Setting a credential can be done using secrets when running in a Docker container.
This can be used to avoid leaking passwords through compose files, environment variables, or command-line history.
For example, to configure the Postgres database password in Docker compose, create a file on the host that contains only the password, and expose that file to the Mealie service as a secret with the correct name.
Note that environment variables take priority over secrets, so any previously defined environment variables should be removed when migrating to secrets.