AnythingLLM is configured entirely through environment variables, making it straightforward to deploy and manage in any environment — Docker, bare-metal, or cloud. The canonical template lives atDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Mintplex-Labs/anything-llm/llms.txt
Use this file to discover all available pages before exploring further.
docker/.env.example in the repository. Copy it to docker/.env, uncomment the variables you need, and restart the container to apply changes. Most variables are optional and fall back to sensible defaults; only the ones relevant to your chosen LLM provider, embedding engine, and vector database are required.
Changes to environment variables require a container (or process) restart before they take effect. The
.env file is read once at startup.Core Server
Server & Storage
Server & Storage
The port the AnythingLLM API server listens on inside the container.
Absolute path to the persistent storage directory where workspaces, uploaded documents, and the built-in vector database are written. Mount this path as a Docker volume to persist data across container restarts.
Unix user ID that the container process runs as. Adjust to match the owner of your mounted storage volume.
Unix group ID that the container process runs as.
Port that the document collector micro-service listens on. Only change this if the default conflicts with another service.
Set to
"true" to allow the collector to scrape content from private / local IP addresses (e.g., 192.168.x.x). Disabled by default for security.Session Security (JWT / Signatures)
Session Security (JWT / Signatures)
A random string (≥ 12 chars) used to sign session tokens. Required when
AUTH_TOKEN is set. Generate with openssl rand -hex 32.How long a login session token remains valid. Accepts the ms format — e.g.,
"30d", "12h", "7d".Passphrase used to sign sensitive payloads. Generate a random string of at least 32 characters.
Salt combined with
SIG_KEY for payload signing. Generate a random string of at least 32 characters.Authentication
Single-password Auth
Single-password Auth
A global password that protects the entire AnythingLLM instance. When set, every API request and UI login requires this value. Recommended for any internet-facing deployment.
Simple SSO Passthrough
Simple SSO Passthrough
Set to
1 to enable the Simple SSO passthrough, which lets a trusted upstream service pre-authenticate users and inject a signed token into the AnythingLLM session.Set to
1 to skip the AnythingLLM login screen entirely, relying on the upstream SSO provider for authentication.Optional URL to redirect unauthenticated users to when
SIMPLE_SSO_NO_LOGIN is enabled — e.g., https://your-custom-login-url.com.Password Complexity Rules
Password Complexity Rules
These variables enforce a password policy for multi-user mode. All are optional; the default is an 8-character minimum.
| Variable | Purpose |
|---|---|
PASSWORDMINCHAR | Minimum password length (default 8) |
PASSWORDMAXCHAR | Maximum password length (default 250) |
PASSWORDLOWERCASE | Minimum number of lowercase letters |
PASSWORDUPPERCASE | Minimum number of uppercase letters |
PASSWORDNUMERIC | Minimum number of digits |
PASSWORDSYMBOL | Minimum number of symbols |
PASSWORDREQUIREMENTS | Minimum number of the above rules that must be satisfied |
LLM Selection
LLM_PROVIDER and provider keys
LLM_PROVIDER and provider keys
Selects which LLM backend AnythingLLM uses. Must match one of the supported provider identifiers. See LLM Providers for the full list.Common values:
openai, anthropic, gemini, azure, ollama, lmstudio, localai, mistral, groq, cohere, bedrock, togetherai, openrouter, perplexity, fireworksai, deepseek, xai, novita, sambanova, nvidia-nim, litellm, generic-openai, and more.LLM_PROVIDER:| Provider | Required keys |
|---|---|
openai | OPEN_AI_KEY, OPEN_MODEL_PREF |
anthropic | ANTHROPIC_API_KEY, ANTHROPIC_MODEL_PREF |
gemini | GEMINI_API_KEY, GEMINI_LLM_MODEL_PREF |
ollama | OLLAMA_BASE_PATH, OLLAMA_MODEL_PREF |
azure | AZURE_OPENAI_ENDPOINT, AZURE_OPENAI_KEY, AZURE_OPENAI_MODEL_PREF |
groq | GROQ_API_KEY, GROQ_MODEL_PREF |
mistral | MISTRAL_API_KEY, MISTRAL_MODEL_PREF |
bedrock | AWS_BEDROCK_LLM_REGION, AWS_BEDROCK_API_KEY, AWS_BEDROCK_LLM_MODEL_PREFERENCE |
Embedding
Embedding engine variables
Embedding engine variables
Selects the embedding engine. Valid values include
native, openai, azure, ollama, lmstudio, localai, cohere, voyageai, gemini, mistral, openrouter, lemonade, litellm, generic-openai.The specific model to use for embeddings. Defaults vary by engine — e.g.,
Xenova/all-MiniLM-L6-v2 for native, text-embedding-ada-002 for OpenAI.Maximum character length of a single text chunk passed to the embedding model. Tune this to match the model’s token limit. For example,
8192 is typical for Ollama embedding models.Base URL for self-hosted embedding engines such as Ollama, LM Studio, LocalAI, Lemonade, or Generic OpenAI. Example:
http://host.docker.internal:11434.Vector Database
Vector DB selection and connection
Vector DB selection and connection
Selects the vector database backend. Valid values:
lancedb, chroma, chromacloud, pinecone, weaviate, qdrant, milvus, zilliz, pgvector, astra.| Provider | Key variables |
|---|---|
lancedb | (none — built-in) |
chroma | CHROMA_ENDPOINT, CHROMA_API_HEADER, CHROMA_API_KEY |
pinecone | PINECONE_API_KEY, PINECONE_INDEX |
qdrant | QDRANT_ENDPOINT, QDRANT_API_KEY |
weaviate | WEAVIATE_ENDPOINT, WEAVIATE_API_KEY |
pgvector | PGVECTOR_CONNECTION_STRING |
milvus | MILVUS_ADDRESS, MILVUS_USERNAME, MILVUS_PASSWORD |
Agent Service Keys
Search engine integrations
Search engine integrations
Agents can be equipped with web-search tools. Set the relevant API key for the search engine you want to use.
| Variable | Search provider |
|---|---|
AGENT_GSE_KEY + AGENT_GSE_CTX | Google Programmable Search |
AGENT_SEARCHAPI_API_KEY | SearchApi.io |
AGENT_SERPAPI_API_KEY | SerpApi |
AGENT_SERPER_DEV_KEY | Serper.dev |
AGENT_BING_SEARCH_API_KEY | Bing Search (Azure) |
AGENT_BAIDU_SEARCH_API_KEY | Baidu Search |
AGENT_SERPLY_API_KEY | Serply.io |
AGENT_SEARXNG_API_URL | SearXNG (self-hosted) |
AGENT_TAVILY_API_KEY | Tavily |
AGENT_EXA_API_KEY | Exa Search |
AGENT_PERPLEXITY_API_KEY | Perplexity Search |
AGENT_CRW_API_KEY + AGENT_CRW_API_URL | fastCRW |
Agent behaviour tuning
Agent behaviour tuning
Maximum number of tool calls an agent may chain within a single response. Prevents runaway recursive calls on lower-capability models.
When
"true" (default), uses the native embedding reranker to select only the most relevant tools for each query — reducing token usage by up to 80 % when many tools or MCP servers are enabled. Set to "false" to disable.Number of top-ranked tools retained after reranking.
Comma-separated list of skill names that are auto-approved and run without user confirmation. Example:
create-pdf-file,create-word-file.Comma-separated list of provider names that should fall back to prompt-based (UnTooled) tool calling instead of native function calling. Example:
generic-openai,litellm.Audio / TTS / STT
Whisper / Speech-to-Text
Whisper / Speech-to-Text
Transcription provider.
"local" uses a bundled Whisper small model. "openai" delegates to the OpenAI hosted Whisper API (requires OPEN_AI_KEY).Server-side speech-to-text provider for the chat UI microphone input. Options:
native, openai, lemonade, deepgram, generic-openai, groq.Text-to-Speech
Text-to-Speech
Text-to-speech provider for voice responses. Options:
native, openai, generic-openai, elevenlabs, kokoro.TTS_<PROVIDER>_*. For example, TTS_OPEN_AI_KEY, TTS_OPEN_AI_VOICE_MODEL, TTS_ELEVEN_LABS_KEY, TTS_ELEVEN_LABS_VOICE_MODEL.Other Settings
UI & API behaviour
UI & API behaviour
Set to
"true" to disable the /api/docs Swagger endpoint. Recommended in production to reduce attack surface.Set to
1 to prevent users from viewing historical chat sessions in the UI and through the frontend APIs.Set to any non-empty value to block workspace deletion from the UI and APIs.
Set to
"true" so that public embed widgets with no domain allowlist configured reject all requests instead of answering from any origin.Set to
"true" to disable the built-in cooldown timer between MCP tool invocations. Use with caution — this can cause infinite recursive calls with some model/provider combinations.HTTPS / TLS
HTTPS / TLS
Set to
"true" to run the server over HTTPS using the certificate and key paths below.Relative or absolute path to the TLS certificate PEM file. Example:
sslcert/cert.pem.Relative or absolute path to the TLS private key PEM file. Example:
sslcert/key.pem.Scheduled jobs & document sync
Scheduled jobs & document sync
Maximum number of scheduled background jobs that may run concurrently. Increase when using a cloud LLM with high rate limits.
Maximum time in milliseconds a scheduled job can run before it is terminated (default 5 minutes).
How long (in milliseconds) a watched document waits before the sync worker re-processes it. Default is 7 days; minimum is 1 hour (3 600 000 ms).
How often the memory-extraction background job runs. Accepts
ms format strings such as 15m or 1h.Minimum milliseconds of chat inactivity before the memory-extraction job fires. Set to
0 to disable the idle check.OCR & Chromium
OCR & Chromium
Comma-separated Tesseract language codes used when parsing images and scanned PDFs. Example:
eng,deu,fra. See the Tesseract data-files list for valid codes.Extra Chromium launch flags for the built-in Puppeteer instance. Required on some Linux Docker hosts that cannot grant
SYS_ADMIN capability. Example: --no-sandbox,--disable-setuid-sandbox.