PasarGuard
Panel

Configuration

Configure PasarGuard Panel with environment variables and settings

Configuration Overview

PasarGuard Panel is configured through environment variables stored in the .env file located at /opt/pasarguard/.env.

Environment Variables

Admin Configuration

VariableTypeDefaultDescription
SUDO_USERNAMEstring-Superuser's username for initial admin account
SUDO_PASSWORDstring-Superuser's password for initial admin account

SUDO_USERNAME and SUDO_PASSWORD only work when DEBUG mode is enabled. For production, create admin users using the TUI: pasarguard tui

Database Configuration

VariableTypeDefaultDescription
SQLALCHEMY_DATABASE_URLstring-Database connection string (SQLite, MySQL, MariaDB, PostgreSQL, TimescaleDB)

Database URL Examples:

# TimescaleDB/PostgreSQL (default)
SQLALCHEMY_DATABASE_URL = "postgresql+asyncpg://user:password@localhost/pasarguard"

# MySQL/MariaDB
SQLALCHEMY_DATABASE_URL = "mysql+asyncmy://user:password@localhost/pasarguard"

# SQLite 
SQLALCHEMY_DATABASE_URL = "sqlite+aiosqlite:////var/lib/pasarguard/db.sqlite3"

UVICORN Web Server

VariableTypeDefaultDescription
UVICORN_HOSTstring0.0.0.0Host address to bind the web server
UVICORN_PORTint8000Port number for the web server
UVICORN_SSL_CERTFILEstring-Path to SSL certificate file
UVICORN_SSL_KEYFILEstring-Path to SSL private key file

Example:

UVICORN_HOST = "0.0.0.0"
UVICORN_PORT = 8000
UVICORN_SSL_CERTFILE = "/var/lib/pasarguard/cert.pem"
UVICORN_SSL_KEYFILE = "/var/lib/pasarguard/key.pem"

Authentication & Security

VariableTypeDefaultDescription
JWT_ACCESS_TOKEN_EXPIRE_MINUTESint1440JWT token expiration time in minutes (default: 24 hours)

Example:

# Token expires after 24 hours
JWT_ACCESS_TOKEN_EXPIRE_MINUTES = 1440

# Token expires after 7 days
JWT_ACCESS_TOKEN_EXPIRE_MINUTES = 10080

Panel Settings

VariableTypeDefaultDescription
DOCSboolfalseEnable/disable API documentation endpoint
DEBUGboolfalseEnable debug mode for verbose logging

Example:

DOCS = true
DEBUG = false

Complete Configuration Example

Production Setup

# Admin Configuration
SUDO_USERNAME = "admin"
SUDO_PASSWORD = "your-secure-password"

# Database (TimescaleDB recommended)
SQLALCHEMY_DATABASE_URL = "postgresql+asyncpg://pasarguard:password@localhost/pasarguard"

# Web Server
UVICORN_HOST = "0.0.0.0"
UVICORN_PORT = 8000
UVICORN_SSL_CERTFILE = "/var/lib/pasarguard/cert.pem"
UVICORN_SSL_KEYFILE = "/var/lib/pasarguard/key.pem"

# Security
JWT_ACCESS_TOKEN_EXPIRE_MINUTES = 1440

# Panel Settings
DOCS = false
DEBUG = false

Development/Testing Setup

# Admin Configuration
SUDO_USERNAME = "admin"
SUDO_PASSWORD = "admin123"

# Database (SQLite for testing)
SQLALCHEMY_DATABASE_URL = "sqlite+aiosqlite:////var/lib/pasarguard/db.sqlite3"

# Web Server
UVICORN_HOST = "127.0.0.1"
UVICORN_PORT = 8000

# Security
JWT_ACCESS_TOKEN_EXPIRE_MINUTES = 1440

# Panel Settings
DOCS = true
DEBUG = true

Configuration Management

View Current Configuration

cat /opt/pasarguard/.env

Edit Configuration

sudo nano /opt/pasarguard/.env

Apply Changes

After modifying configuration, restart the panel:

pasarguard restart

Verify Configuration

Check if the service is running correctly:

pasarguard status

View logs to troubleshoot issues:

pasarguard logs

Multi-Node Setup

To configure multiple nodes:

  1. Install and configure PasarGuard Node on each server (see Node Installation)

  2. Configure node API credentials on each node server

  3. Add nodes in the panel interface:

    • Navigate to the Nodes section in the dashboard
    • Click "Add Node"
    • Enter node connection details (address, port, API key, etc.)
    • Check the connection

Security Best Practices

Secure Database Credentials

Use strong passwords for database connections:

# Generate secure password
openssl rand -base64 32

Use SSL Certificates

Always use valid SSL certificates in production:

# Using Let's Encrypt
sudo certbot certonly --standalone -d your-domain.com

# Update .env
UVICORN_SSL_CERTFILE = "/etc/letsencrypt/live/your-domain.com/fullchain.pem"
UVICORN_SSL_KEYFILE = "/etc/letsencrypt/live/your-domain.com/privkey.pem"

Disable Debug Mode in Production

DEBUG = false
DOCS = false

Installation

Installation instructions for PasarGuard.

Settings Guide

Comprehensive documentation for configuring PasarGuard system settings

On this page

Configuration OverviewEnvironment VariablesAdmin ConfigurationDatabase ConfigurationUVICORN Web ServerAuthentication & SecurityPanel SettingsComplete Configuration ExampleProduction SetupDevelopment/Testing SetupConfiguration ManagementView Current ConfigurationEdit ConfigurationApply ChangesVerify ConfigurationMulti-Node SetupSecurity Best PracticesSecure Database CredentialsUse SSL CertificatesDisable Debug Mode in Production