The .env file is read by Docker Compose and controls host-level behaviour. Copy .env.example to .env and edit before starting the stack.UPDATER_HTTP_PORT
string
default:"127.0.0.1:9000"
The address and port the updater binds to on the host machine. The value is passed directly to Docker Compose’s ports directive as the host side of the mapping. Set to 0.0.0.0:9000 to listen on all interfaces, or keep the default to restrict access to localhost when using a reverse proxy.
RIPE_TEMPLATE_DIR
string
default:"./ripe-templates/example"
Path to the template directory on the host. Docker Compose mounts this directory into the container at /opt/ripeupdater/templates as a read-only volume. Point this at your own template directory once you have created one — for example ./ripe-templates/custom.
Minio administrator username. This value is passed to the Minio container as MINIO_ROOT_USER and must match S3_ACCESS_KEY in .env.updater when using the bundled Minio instance.
Minio administrator password. Must match S3_SECRET_ACCESS_KEY in .env.updater when using the bundled Minio instance.
The .env.updater file is loaded by the ripe-updater container as its application configuration. Copy .env.updater.example to .env.updater and fill in real values before starting the stack.Authentication
Username for HTTP Basic Auth protecting the /backups UI. There is no default — the UI is inaccessible until both UI_USER and UI_PASSWORD are set.
Password for HTTP Basic Auth protecting the /backups UI.
When set, every incoming webhook request from NetBox must include this value in an Authorisation header (e.g. Authorisation: Token 123456abcdef). Requests without a matching header are rejected. Leave unset to disable token validation.
NetBox connection
Base URL of your NetBox instance, for example https://netbox.example.com. The updater uses this to query prefixes, aggregates, regions, and sites via the NetBox REST API.
NetBox API token. The token must have read access to prefixes, aggregates, regions, and sites.
RIPE database
Fallback ISO 3166-1 alpha-2 country code used when the country cannot be determined from the site’s region hierarchy (e.g. GB, DE, NL). If not set and no country can be resolved, the update will fail.
RIPE DB API username with write permissions to your INET(6)NUM objects.
RIPE DB API password corresponding to RIPE_API_USER.
Which RIPE database to target. Accepted values are RIPE (production) and TEST (RIPE test database). Defaults to TEST so that misconfigured deployments do not accidentally modify live objects.
With RIPE_DB=TEST, all changes are sent to rest-test.db.ripe.net and will not affect your live RIPE objects. Switch to RIPE_DB=RIPE only when you are confident your templates and NetBox data are correct.
IPv4 prefixes with a prefix length greater than this value are silently skipped. For example, with the default of 31, a /32 host route will not be processed. Accepted range: 0–32.
IPv6 prefixes with a prefix length greater than this value are silently skipped. Accepted range: 0–128.
S3 backup storage
Enable or disable S3 backups. Accepted values: yes / no. When enabled, a JSON snapshot of each RIPE object is saved to S3 before it is overwritten or deleted. These snapshots are browsable at /backups.
S3_ENDPOINT_URL
url
default:"http://minio:9000"
URL of the S3-compatible endpoint. Defaults to the bundled Minio container. Override with a real S3 endpoint (e.g. https://s3.eu-west-1.amazonaws.com) if you prefer external storage.
Access key for the S3 storage. When using the bundled Minio instance, this must match MINIO_ROOT_USER in .env.
Secret access key for the S3 storage. When using the bundled Minio instance, this must match MINIO_ROOT_PASSWORD in .env.
S3_BUCKET
string
default:"ripe-backups"
Name of the S3 bucket in which backups are stored. The Docker Compose file configures Minio to create this bucket automatically on first start.
Object field control
Whether the org attribute should be written to INETNUM and INET6NUM objects. Accepted values: yes / no.
Whether the descr attribute should be written to INETNUM and INET6NUM objects. Accepted values: yes / no.
Logging
Enable verbose logging. Accepted values: yes / no. Useful when diagnosing template rendering or RIPE API errors.
Email reporting
Enable email reporting of RIPE DB operations. Accepted values: yes / no. Requires SMTP, SENDER_MAIL, and RECIPIENT_MAIL to be configured.
SMTP
string
default:"127.0.0.1"
Hostname or IP address of the SMTP server used for email reports.
Whether to use STARTTLS when connecting to the SMTP server. Accepted values: yes / no.
From address for email reports. No default — required if MAIL_REPORT=yes.
Recipient address for email reports. No default — required if MAIL_REPORT=yes.