Configuration
Semaphore can be configured using several methods:
- Interactive setup — guided configuration when running Semaphore for the first time. It creates
config.json. - Configuration file — the primary and most flexible way to configure Semaphore.
- Environment variables — useful for containerized or cloud-native deployments.
- Snap configuration (deprecated) — legacy method used when installing via Snap packages.
Configuration options
Full list of available configuration options:
| Config file option / Environment variable | Description |
|---|---|
bolt.host SEMAPHORE_DB_HOST | Path to the BoltDB database file. |
mysql.host SEMAPHORE_DB_HOST | MySQL database host. |
mysql.name SEMAPHORE_DB_NAME | MySQL database (schema) name. |
mysql.user SEMAPHORE_DB_USER | MySQL user name. |
mysql.pass SEMAPHORE_DB_PASS | MySQL user's password. |
postgres.host SEMAPHORE_DB_HOST | Postgres database host. |
postgres.name SEMAPHORE_DB_NAME | Postgres database (schema) name. |
postgres.user SEMAPHORE_DB_USER | Postgres user name. |
postgres.pass SEMAPHORE_DB_PASS | Postgres user's password. |
dialect SEMAPHORE_DB_DIALECT | Can be mysql, postgres or bolt |
git_client SEMAPHORE_GIT_CLIENT | |
ssh_config_path SEMAPHORE_SSH_PATH | |
port SEMAPHORE_PORT | TCP port on which the web interface will be available. Default: 3000 |
interface SEMAPHORE_INTERFACE | Useful if your server has multiple network interfaces |
tmp_path SEMAPHORE_TMP_PATH | Path to directory where cloned repositories and generated files are stored. Default: /tmp/semaphore |
access_key_encryption SEMAPHORE_ACCESS_KEY_ENCRYPTION | Secret key used for encrypting access keys in database. Read more in Database encryption reference. |
web_host SEMAPHORE_WEB_ROOT | Can be useful if you want to use Semaphore by the subpath, for example: http://yourdomain.com/semaphore. Do not add a trailing /. |
tls.enabled SEMAPHORE_TLS_ENABLED | |
tls.cert_file SEMAPHORE_TLS_CERT_FILE | |
tls.key_file SEMAPHORE_TLS_KEY_FILE | |
email_sender SEMAPHORE_EMAIL_SENDER | |
email_host SEMAPHORE_EMAIL_HOST | |
email_port SEMAPHORE_EMAIL_PORT | |
email_secure SEMAPHORE_EMAIL_SECURE | |
email_tls SEMAPHORE_EMAIL_TLS | |
email_username SEMAPHORE_EMAIL_USERNAME | |
email_password SEMAPHORE_EMAIL_PASSWORD | |
email_alert SEMAPHORE_EMAIL_ALERT | |
telegram_alert SEMAPHORE_TELEGRAM_ALERT | Set to True to enable pushing alerts to Telegram. It should be used in combination with telegram_chat and telegram_token. |
telegram_chat SEMAPHORE_TELEGRAM_CHAT | Set to the Chat ID for the chat to send alerts to. Read more in Telegram Notifications Setup |
telegram_token SEMAPHORE_TELEGRAM_TOKEN | Set to the Authorization Token for the bot that will receive the alert payload. Read more in Telegram Notifications Setup |
slack_alert SEMAPHORE_SLACK_ALERT | Set to True to enable pushing alerts to slack. It should be used in combination with slack_url |
slack_url SEMAPHORE_SLACK_URL | The slack webhook url. Semaphore will used it to POST Slack formatted json alerts to the provided url. |
microsoft_teams_alert SEMAPHORE_MICROSOFT_TEAMS_ALERT | Set to True to enable pushing alerts to teams. It should be used in combination with microsoft_teams_url. |
microsoft_teams_url SEMAPHORE_MICROSOFT_TEAMS_URL | The teams webhook url. Semaphore will used it to POST alerts. |
rocketchat_alert SEMAPHORE_ROCKETCHAT_ALERT | Set to True to enable pushing alerts to Rocket.Chat. It should be used in combination with rocketchat_url. Available since v2.9.56. |
rocketchat_url SEMAPHORE_ROCKETCHAT_URL | The rocketchat webhook url. Semaphore will used it to POST Rocket.Chat formatted json alerts to the provided url. Available since v2.9.56. |
ldap_enable SEMAPHORE_LDAP_ENABLE | |
ldap_needtls SEMAPHORE_LDAP_NEEDTLS | |
ldap_binddn SEMAPHORE_LDAP_BIND_DN | |
ldap_bindpassword SEMAPHORE_LDAP_BIND_PASSWORD | |
ldap_server SEMAPHORE_LDAP_SERVER | |
ldap_searchdn SEMAPHORE_LDAP_SEARCH_DN | |
ldap_searchfilter SEMAPHORE_LDAP_SEARCH_FILTER | |
max_parallel_tasks SEMAPHORE_MAX_PARALLEL_TASKS | Max allowed parallel tasks for whole Semaphore instance. |
max_task_duration_sec SEMAPHORE_MAX_TASK_DURATION_SEC | Max allowed parallel tasks for whole Semaphore instance. |
max_tasks_per_templateSEMAPHORE_MAX_TASKS_PER_TEMPLATE | Max allowed parallel tasks for whole Semaphore instance. |
oidc_providers  | OpenID provider settings. You can provide multiple OpenID providers. More about OpenID configuration read in OpenID. |
password_login_disable SEMAPHORE_PASSWORD_LOGIN_DISABLED | Disable login with using password. Only LDAP and OpenID. |
non_admin_can_create_project SEMAPHORE_NON_ADMIN_CAN_CREATE_PROJECT | |
env_vars SEMAPHORE_ENV_VARS | |
forwarded_env_vars SEMAPHORE_FORWARDED_ENV_VARS | |
apps SEMAPHORE_APPS | |
use_remote_runner SEMAPHORE_USE_REMOTE_RUNNER | |
use_remote_runner SEMAPHORE_USE_REMOTE_RUNNER | |
runner_registration_token SEMAPHORE_RUNNER_REGISTRATION_TOKEN | |
auth.totp.enabled SEMAPHORE_TOTP_ENABLED | |
auth.totp.allow_recovery SEMAPHORE_TOTP_ALLOW_RECOVERY |
Frequently asked questions
1. How to configure a public URL for Semaphore UI
If you use nginx or other web server before Semaphore, you should provide configuration option web_host.
For example you configured NGINX on the server which proxies queries to Semaphore.
Server address https://example.com and you proxies all queries https://example.com/semaphore to Semaphore.
Your web_host will be https://example.com/semaphore.