Skip to content
Presswerk Docs

Configuration

Presswerk is configured via environment variables in the .env file.

Core

Section titled “Core”
VariableRequiredDefaultDescription
APP_DOMAINYesPublic domain for the application
APP_VERSIONNolatestDocker image tag
APP_PORTNo8080Host port for the application
DOCKER_REGISTRYNoghcr.io/fs2-softwareDocker image registry (for private mirrors)

Database

Section titled “Database”
VariableRequiredDefaultDescription
DB_PASSWORDYesPostgreSQL password
DB_USERNopresswerkPostgreSQL username
DB_NAMENopresswerkPostgreSQL database name

Keycloak

Section titled “Keycloak”
VariableRequiredDefaultDescription
KEYCLOAK_HOSTNAMEYesPublic domain for Keycloak (e.g. auth-reports.acme.com)
KEYCLOAK_PUBLIC_URLYesFull public URL (e.g. https://auth-reports.acme.com)
KEYCLOAK_ADMIN_PASSWORDYesKeycloak admin console password
KEYCLOAK_ADMIN_USERNoadminKeycloak admin username
KEYCLOAK_PORTNo8081Host port for Keycloak

Initial Admin

Section titled “Initial Admin”

The installer sets these automatically. They are only used on first startup to create the initial admin user.

VariableRequiredDefaultDescription
INITIAL_ADMIN_EMAILNoEmail for the auto-provisioned admin user
INITIAL_ADMIN_PASSWORDNoTemporary password (user must change on first login)

SMTP

Section titled “SMTP”

Email is required for scheduled report delivery.

VariableRequiredDefaultDescription
SMTP_HOSTNoSMTP server hostname
SMTP_PORTNo587SMTP port (587 for STARTTLS)
SMTP_USERNAMENoSMTP authentication username
SMTP_PASSWORDNoSMTP authentication password
SMTP_FROMNonoreply@presswerk.appSender email address

Tested Providers

Section titled “Tested Providers”
ProviderHostPortNotes
Resendsmtp.resend.com587API key as password
Microsoft 365smtp.office365.com587Requires app password or OAuth
Google Workspacesmtp.gmail.com587Requires app password
Customany587Any server supporting STARTTLS

Corporate Proxy

Section titled “Corporate Proxy”

If Presswerk runs behind a corporate proxy and your data sources need to reach external APIs through it, configure the JVM proxy settings via JAVA_OPTS in your .env or docker-compose.yml:

app:
  environment:
    JAVA_OPTS: >-
      -Dhttps.proxyHost=proxy.corp.com
      -Dhttps.proxyPort=8080
      -Dhttp.proxyHost=proxy.corp.com
      -Dhttp.proxyPort=8080
      -Dhttp.nonProxyHosts=localhost|keycloak|postgres

This applies to all outbound HTTP connections: REST and GraphQL data sources, Keycloak admin calls, and health checks. Use http.nonProxyHosts to exclude internal services.

For authenticated proxies, add -Dhttps.proxyUser=user -Dhttps.proxyPassword=pass.

License

Section titled “License”

Without a license, Presswerk runs in the Free tier (1 user, 5 reports, 1 data source, no schedules).

Activation Methods

Section titled “Activation Methods”

Via UI: Log in as admin → License in the sidebar → paste license key → Activate

Via API:

Terminal window
curl -X POST https://your-domain.com/api/license/activate \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"licenseKey":"<your-license-key>"}'

The license key is stored in the database and persists across container restarts.

License Tiers

Section titled “License Tiers”

Without a license, Presswerk runs in the Free tier:

LimitFree Tier
Users1
Reports5
Data Sources1
SchedulesNo
GroupsNo
EnvironmentsNo

Paid licenses unlock higher limits and additional features. The exact limits are defined in the license key and depend on your Self-Hosted plan. After activation, the current limits and features are shown in Settings → License.

Keycloak Roles

Section titled “Keycloak Roles”
RoleDescription
adminTenant administrator — manages users, environments, permissions
(none)Regular user — access controlled by folder permissions