Matrix
Forgejo

    Environment Variables

    Continuwuity can be configured entirely through environment variables, making it ideal for containerised deployments and infrastructure-as-code scenarios.

    This is a convenience reference and may not be exhaustive. The Configuration Reference is the primary source for all configuration options.

    Prefix System

    Continuwuity supports three environment variable prefixes for backwards compatibility:

    • CONTINUWUITY_* (current, recommended)
    • CONDUWUIT_* (compatibility)
    • CONDUIT_* (legacy)

    All three prefixes work identically. Use double underscores (__) to represent nested configuration sections from the TOML config.

    Examples:

    # Simple top-level config
CONTINUWUITY_SERVER_NAME="matrix.example.com"
CONTINUWUITY_PORT="8008"

# Nested config sections use double underscores
# This maps to [database] section in TOML
CONTINUWUITY_DATABASE__PATH="/var/lib/continuwuity"

# This maps to [tls] section in TOML
CONTINUWUITY_TLS__CERTS="/path/to/cert.pem"

    Configuration File Override

    You can specify a custom configuration file path:

    • CONTINUWUITY_CONFIG - Path to continuwuity.toml (current)
    • CONDUWUIT_CONFIG - Path to config file (compatibility)
    • CONDUIT_CONFIG - Path to config file (legacy)

    Essential Variables

    These are the minimum variables needed for a working deployment:

    VariableDescriptionDefault
    CONTINUWUITY_SERVER_NAMEYour Matrix server's domain nameRequired
    CONTINUWUITY_DATABASE_PATHPath to RocksDB database directory/var/lib/conduwuit
    CONTINUWUITY_ADDRESSIP address to bind to["127.0.0.1", "::1"]
    CONTINUWUITY_PORTPort to listen on8008

    Network Configuration

    VariableDescriptionDefault
    CONTINUWUITY_ADDRESSBind address (use 0.0.0.0 for all interfaces)["127.0.0.1", "::1"]
    CONTINUWUITY_PORTHTTP port8008
    CONTINUWUITY_UNIX_SOCKET_PATHUNIX socket path (alternative to TCP)-
    CONTINUWUITY_UNIX_SOCKET_PERMSSocket permissions (octal)660

    Database Configuration

    VariableDescriptionDefault
    CONTINUWUITY_DATABASE_PATHRocksDB data directory/var/lib/conduwuit
    CONTINUWUITY_DATABASE_BACKUP_PATHBackup directory-
    CONTINUWUITY_DATABASE_BACKUPS_TO_KEEPNumber of backups to retain1
    CONTINUWUITY_DB_CACHE_CAPACITY_MBDatabase read cache (MB)-
    CONTINUWUITY_DB_WRITE_BUFFER_CAPACITY_MBWrite cache (MB)-

    Cache Configuration

    VariableDescription
    CONTINUWUITY_CACHE_CAPACITY_MODIFIERLRU cache multiplier
    CONTINUWUITY_PDU_CACHE_CAPACITYPDU cache entries
    CONTINUWUITY_AUTH_CHAIN_CACHE_CAPACITYAuth chain cache entries

    DNS Configuration

    Configure DNS resolution behaviour for federation and external requests.

    VariableDescriptionDefault
    CONTINUWUITY_DNS_CACHE_ENTRIESMax DNS cache entries32768
    CONTINUWUITY_DNS_MIN_TTLMinimum cache TTL (seconds)10800
    CONTINUWUITY_DNS_MIN_TTL_NXDOMAINNXDOMAIN cache TTL (seconds)259200
    CONTINUWUITY_DNS_ATTEMPTSRetry attempts-
    CONTINUWUITY_DNS_TIMEOUTQuery timeout (seconds)-
    CONTINUWUITY_DNS_TCP_FALLBACKAllow TCP fallback-
    CONTINUWUITY_QUERY_ALL_NAMESERVERSQuery all nameservers-
    CONTINUWUITY_QUERY_OVER_TCP_ONLYTCP-only queries-

    Request Configuration

    VariableDescription
    CONTINUWUITY_MAX_REQUEST_SIZEMax HTTP request size (bytes)
    CONTINUWUITY_REQUEST_CONN_TIMEOUTConnection timeout (seconds)
    CONTINUWUITY_REQUEST_TIMEOUTOverall request timeout
    CONTINUWUITY_REQUEST_TOTAL_TIMEOUTTotal timeout
    CONTINUWUITY_REQUEST_IDLE_TIMEOUTIdle timeout
    CONTINUWUITY_REQUEST_IDLE_PER_HOSTIdle connections per host

    Federation Configuration

    Control how your server federates with other Matrix servers.

    VariableDescriptionDefault
    CONTINUWUITY_ALLOW_FEDERATIONEnable federationtrue
    CONTINUWUITY_FEDERATION_LOOPBACKAllow loopback federation-
    CONTINUWUITY_FEDERATION_CONN_TIMEOUTConnection timeout-
    CONTINUWUITY_FEDERATION_TIMEOUTRequest timeout-
    CONTINUWUITY_FEDERATION_IDLE_TIMEOUTIdle timeout-
    CONTINUWUITY_FEDERATION_IDLE_PER_HOSTIdle connections per host-
    CONTINUWUITY_TRUSTED_SERVERSJSON array of trusted servers-
    CONTINUWUITY_QUERY_TRUSTED_KEY_SERVERS_FIRSTQuery trusted first-
    CONTINUWUITY_ONLY_QUERY_TRUSTED_KEY_SERVERSOnly query trusted-

    Example:

    # Trust matrix.org for key verification
CONTINUWUITY_TRUSTED_SERVERS='["matrix.org"]'

    Registration & User Configuration

    Control user registration and account creation behaviour.

    VariableDescriptionDefault
    CONTINUWUITY_ALLOW_REGISTRATIONEnable registrationtrue
    CONTINUWUITY_REGISTRATION_TOKENToken requirement-
    CONTINUWUITY_SUSPEND_ON_REGISTERSuspend new accounts-
    CONTINUWUITY_NEW_USER_DISPLAYNAME_SUFFIXDisplay name suffix🏳️‍⚧️
    CONTINUWUITY_RECAPTCHA_SITE_KEYreCAPTCHA site key-
    CONTINUWUITY_RECAPTCHA_PRIVATE_SITE_KEYreCAPTCHA private key-

    Example:

    # Disable open registration
CONTINUWUITY_ALLOW_REGISTRATION="false"

# Require a registration token
CONTINUWUITY_REGISTRATION_TOKEN="your_secret_token_here"

    Feature Configuration

    VariableDescriptionDefault
    CONTINUWUITY_ALLOW_ENCRYPTIONEnable E2EEtrue
    CONTINUWUITY_ALLOW_ROOM_CREATIONEnable room creation-
    CONTINUWUITY_ALLOW_UNSTABLE_ROOM_VERSIONSAllow unstable versions-
    CONTINUWUITY_DEFAULT_ROOM_VERSIONDefault room versionv11
    CONTINUWUITY_REQUIRE_AUTH_FOR_PROFILE_REQUESTSAuth for profiles-
    CONTINUWUITY_ALLOW_PUBLIC_ROOM_DIRECTORY_OVER_FEDERATIONFederate directory-
    CONTINUWUITY_ALLOW_PUBLIC_ROOM_DIRECTORY_WITHOUT_AUTHUnauth directory-
    CONTINUWUITY_ALLOW_DEVICE_NAME_FEDERATIONDevice names in federation-

    TLS Configuration

    Built-in TLS support is primarily for testing. For production deployments, especially when federating on the internet, use a reverse proxy (Traefik, Caddy, nginx) to handle TLS termination.

    VariableDescription
    CONTINUWUITY_TLS__CERTSTLS certificate file path
    CONTINUWUITY_TLS__KEYTLS private key path
    CONTINUWUITY_TLS__DUAL_PROTOCOLSupport TLS 1.2 + 1.3

    Example (testing only):

    CONTINUWUITY_TLS__CERTS="/etc/letsencrypt/live/matrix.example.com/fullchain.pem"
CONTINUWUITY_TLS__KEY="/etc/letsencrypt/live/matrix.example.com/privkey.pem"

    Logging Configuration

    Control log output format and verbosity.

    VariableDescriptionDefault
    CONTINUWUITY_LOGLog filter level-
    CONTINUWUITY_LOG_COLORSANSI colourstrue
    CONTINUWUITY_LOG_SPAN_EVENTSLog span eventsnone
    CONTINUWUITY_LOG_THREAD_IDSInclude thread IDs-

    Examples:

    # Set log level to info
CONTINUWUITY_LOG="info"

# Enable debug logging for specific modules
CONTINUWUITY_LOG="warn,continuwuity::api=debug"

# Disable colours for log aggregation
CONTINUWUITY_LOG_COLORS="false"

    Observability Configuration

    VariableDescription
    CONTINUWUITY_ALLOW_OTLPEnable OpenTelemetry
    CONTINUWUITY_OTLP_FILTEROTLP filter level
    CONTINUWUITY_OTLP_PROTOCOLProtocol (http/grpc)
    CONTINUWUITY_TRACING_FLAMEEnable flame graphs
    CONTINUWUITY_TRACING_FLAME_FILTERFlame graph filter
    CONTINUWUITY_TRACING_FLAME_OUTPUT_PATHOutput directory
    CONTINUWUITY_SENTRYEnable Sentry
    CONTINUWUITY_SENTRY_ENDPOINTSentry DSN
    CONTINUWUITY_SENTRY_SEND_SERVER_NAMEInclude server name
    CONTINUWUITY_SENTRY_TRACES_SAMPLE_RATESample rate (0.0-1.0)

    Admin Configuration

    Configure admin users and automated command execution.

    VariableDescriptionDefault
    CONTINUWUITY_ADMINS_LISTJSON array of admin user IDs-
    CONTINUWUITY_ADMINS_FROM_ROOMDerive admins from room-
    CONTINUWUITY_ADMIN_ESCAPE_COMMANDSAllow \ prefix in public rooms-
    CONTINUWUITY_ADMIN_CONSOLE_AUTOMATICAuto-activate console-
    CONTINUWUITY_ADMIN_EXECUTEJSON array of startup commands-
    CONTINUWUITY_ADMIN_EXECUTE_ERRORS_IGNOREIgnore command errors-
    CONTINUWUITY_ADMIN_SIGNAL_EXECUTECommands on SIGUSR2-
    CONTINUWUITY_ADMIN_ROOM_TAGAdmin room tagm.server_notice

    Examples:

    # Create admin user on startup
CONTINUWUITY_ADMIN_EXECUTE='["users create-user admin", "users make-user-admin admin"]'

# Specify admin users directly
CONTINUWUITY_ADMINS_LIST='["@alice:example.com", "@bob:example.com"]'

    Media & URL Preview Configuration

    VariableDescription
    CONTINUWUITY_URL_PREVIEW_BOUND_INTERFACEBind interface
    CONTINUWUITY_URL_PREVIEW_DOMAIN_CONTAINS_ALLOWLISTDomain allowlist
    CONTINUWUITY_URL_PREVIEW_DOMAIN_EXPLICIT_ALLOWLISTExplicit allowlist
    CONTINUWUITY_URL_PREVIEW_DOMAIN_EXPLICIT_DENYLISTExplicit denylist
    CONTINUWUITY_URL_PREVIEW_MAX_SPIDER_SIZEMax fetch size
    CONTINUWUITY_URL_PREVIEW_TIMEOUTFetch timeout
    CONTINUWUITY_IP_RANGE_DENYLISTIP range denylist

    Tokio Runtime Configuration

    These can be set as environment variables or CLI arguments:

    VariableDescription
    TOKIO_WORKER_THREADSWorker thread count
    TOKIO_GLOBAL_QUEUE_INTERVALGlobal queue interval
    TOKIO_EVENT_INTERVALEvent interval
    TOKIO_MAX_IO_EVENTS_PER_TICKMax I/O events per tick
    CONTINUWUITY_RUNTIME_HISTOGRAM_INTERVALHistogram bucket size (μs)
    CONTINUWUITY_RUNTIME_HISTOGRAM_BUCKETSBucket count
    CONTINUWUITY_RUNTIME_WORKER_AFFINITYEnable worker affinity

    See Also