---
title: Environment Variables
url: https://www.tines.com/docs/admin/command-over-http/environment-variables/
updated: 2025-04-29T15:07:39+00:00
---

*[tines.com](https://www.tines.com/llms.txt) › [Docs](https://www.tines.com/llms.txt) › [Admin](https://www.tines.com/llm/docs/admin.md) › [Command-over-HTTP](https://www.tines.com/llm/docs/admin/command-over-http.md)*

# Environment Variables

*[View on tines.com](https://www.tines.com/docs/admin/command-over-http/environment-variables/)*

This application is configured via ENV variables. Configuration relates to two services: HTTP server application and cloudflared tunnel.

### HTTP server application

By default HTTP server doesn't check `x-api-key` header and doesn't force HTTPS.

<table border="1" style="border-collapse: collapse;"><tbody><tr><td><strong>ENV Variable Name</strong></td><td><strong>Default</strong></td><td><strong>Description</strong></td></tr><tr><td><code>PORT</code></td><td><span>80</span></td><td><span>Server HTTP port</span></td></tr><tr><td><code>TLS_PORT</code></td><td><span>443</span></td><td>Server HTTPS port</td></tr><tr><td><code>FORCE_SSL</code></td><td></td><td>Force usage of HTTPS protocol</td></tr><tr><td><code>API_KEY</code></td><td></td><td><code>x-api-key</code><span>&nbsp;</span>header value to check (not checked by default)</td></tr><tr><td><code>TLS_CERT</code></td><td></td><td>Raw TLS certificate</td></tr><tr><td><code>TLS_CERT_PATH</code></td><td><code>/ssl/tls.crt</code></td><td><span>Path to TLS certificate</span></td></tr><tr><td><code>TLS_KEY</code></td><td></td><td><span>Raw TLS key</span></td></tr><tr><td><span><code>TLS_KEY_PATH</code></span></td><td><code>/ssl/tls.key</code></td><td>Path to TLS key</td></tr><tr><td><span><code>EXECUTION_TIMEOUT</code></span></td><td>300</td><td><span>Timeout (seconds) for command execution</span></td></tr><tr><td><code>KERBEROS_DEFAULT_REALM</code></td><td><code>EXAMPLE.COM</code></td><td><span>The domain equivalent name of the Kerberos realm (all caps)</span></td></tr><tr><td><code>KERBEROS_KDC_DOMAIN</code></td><td><code>kdc.example.com</code></td><td><span>Full KDC domain name</span></td></tr><tr><td><code>KERBEROS_ADMIN_SERVER</code></td><td><code>admin.example.com</code></td><td><span>Full admin server domain name</span></td></tr><tr><td><code>KERBEROS_PRINCIPAL_USER_NAME</code></td><td><code>admin</code></td><td><span>Name of the principal for Kerberos auth</span></td></tr><tr><td><code>KERBEROS_PRINCIPAL_USER_PASSWORD</code></td><td><code>PASSWORD</code></td><td><span>Password of the principal for Kerberos auth</span></td></tr></tbody></table>

### Debug

You can turn on debug logs by setting the following environment variable or passing it to docker run. Example:

```
export DEBUG="*"
```

### Cloudflared

If some of these variables are not set or proper values are not provided, the `tines-tunnel` won't work.

<table border="1" style="border-collapse: collapse;"><tbody><tr><td>ENV Variable Name</td><td>Default</td><td>Description</td></tr><tr><td><code>TINES_TUNNEL_SECRET</code></td><td></td><td>Base64 encoded JSON with tines tunnel secret</td></tr><tr><td><code>TUNNEL_ORIGIN_CERT</code></td><td><code>~/.cloudflared/cert.pem</code></td><td>Cloudflared certificate</td></tr><tr><td><code>TINES_TUNNEL_TO_COH_INGRESS_PORT</code></td><td>443</td><td><span>The port that Command Over HTTP is running on. By default it is 443 and that is where Tunnel will forward the request, but if you are using a customer <code>PORT</code> or <code>TLS_PORT</code>, you should set <code>TINES_TUNNEL_TO_COH_INGRESS_PORT</code> accordingly.</span></td></tr></tbody></table>