Skip to main content

Configuration Reference

BackupX loads ./config.yaml from the working directory by default. You can override the path with --config. Every key can also be set via a BACKUPX_ prefixed environment variable.

Full config reference

config.yaml
server:
  host: "0.0.0.0"             # BACKUPX_SERVER_HOST
  port: 8340                  # BACKUPX_SERVER_PORT
  mode: "release"             # release | debug
  external_url: ""            # BACKUPX_SERVER_EXTERNAL_URL — public Master URL for Agent install scripts

database:
  path: "./data/backupx.db"   # BACKUPX_DATABASE_PATH — embedded SQLite

security:
  jwt_secret: ""              # BACKUPX_SECURITY_JWT_SECRET — auto-generated if empty
  jwt_expire: "24h"           # BACKUPX_SECURITY_JWT_EXPIRE
  encryption_key: ""          # AES-256-GCM key for storage config encryption

backup:
  temp_dir: "/tmp/backupx"    # BACKUPX_BACKUP_TEMP_DIR
  max_concurrent: 2           # BACKUPX_BACKUP_MAX_CONCURRENT
  retries: 3                  # Per-upload rclone low-level retries
  bandwidth_limit: ""         # e.g. "10M" to cap transfers at 10 MB/s

log:
  level: "info"               # debug | info | warn | error
  file: "./data/backupx.log"

Secret generation

If jwt_secret or encryption_key is empty on first start, BackupX generates a random value and persists it to the system_configs table. Keep a backup of data/backupx.db — losing it invalidates all existing encrypted storage configurations.

Environment variables

The environment wins when both file and env are set. All dot-paths become underscores and uppercase:

Config keyEnv variable
server.portBACKUPX_SERVER_PORT
server.external_urlBACKUPX_SERVER_EXTERNAL_URL
security.jwt_expireBACKUPX_SECURITY_JWT_EXPIRE
log.levelBACKUPX_LOG_LEVEL
backup.max_concurrentBACKUPX_BACKUP_MAX_CONCURRENT
backup.temp_dirBACKUPX_BACKUP_TEMP_DIR
backup.bandwidth_limitBACKUPX_BACKUP_BANDWIDTH_LIMIT

Master external URL

Set server.external_url when BackupX is behind Docker, Nginx, a load balancer, or any reverse proxy whose internal Host is not reachable by remote Agents:

server:
  external_url: "https://backup.example.com"

This value is used when BackupX renders one-click Agent install scripts and docker-compose snippets. It must be reachable from every Agent host. Leave it empty only when X-Forwarded-Proto / X-Forwarded-Host are reliable and point to the same URL that Agents can access.