Home
Submit a Request
Check on a Request
Knowledge Books
Getting StartedHome → Admin Manual → System Administration → .env Configuration Options
4.10. .env Configuration Options
Updated: Jun 2 2026, 03:24 PM
The .env file on self hosted installations controls much of how HelpSpot runs at a global level. The standard settings are setup during installation but there are additional settings that can be configured if needed. All environment variables are entered into the .env file in this format: env_var_name="value"
- APP_DEBUG - Enables the display of detailed errors and stack traces in the browser when an error is encountered. This is useful while troubleshooting, but it can expose sensitive application details, so it should never be left enabled on a production system. For full details see the Turn On Debugging and Logging In HelpSpot 5 article.
- Default: false
- Values: true, false
- LOG_LEVEL - Sets the minimum severity of messages written to the helpspot.log file (located in helpspot/storage/logs/helpspot.log). Lowering it to debug produces much more verbose output, which is helpful when troubleshooting mail retrieval, queue jobs, folder permissions, and configuration errors. Because debug logging can grow the log file quickly, remove this directive once troubleshooting is complete. This setting is not included in the .env file by default. For full details see the Turn On Debugging and Logging In HelpSpot 5 article.
- Default: warning
- Values: debug, info, notice, warning, error, critical, alert, emergency
- SECURITY_FRAME_OPTIONS - Controls the x-frame-options http header.
- Default: SAMEORIGIN.
- Values: SAMEORIGIN, DENY, ""
- CUSTOM_CSP - inserts custom CSP domains to be allowed in the admin area.
- Default: null
- Values: "yoururl.com"
- PORTAL_CUSTOM_CSP - inserts custom CSP domains to be allowed in the customer portal.
- Default: null
- Values: "yoururl.com"
- FORCE_HTTPS - This setting is used when SSL is offloaded to a reverse proxy or load balencer and traffic between the proxy and the HelpSpot server if unencrypted. If SSL is provided by the HelpSpot web server only the APP_URL needs to be changed to reflect the https protocol. In most cases when enabling SSL on a web server the only change needed is to update the APP_URL.
- Default: false
- Values: true, false
- DISABLE_CSRF - Disable CSRF protection to certain routes, comma separated list of routes.
- Default: null
- example .env setting: DISABLE_CSRF_FOR="https://example.org/my-route,https://example.org/index.php?pg=login"\
- MAIL_CRON_INTERVAL - Set custom timing for how often email mailboxes are checked for mail. Wrap expression in double quotes.
- Default: "* * * * *"
- Values: Valid CRON format schedule.
- Example: "*/3 * * * *" (Checks mail every three minutes.)
- MAINTENANCE_CRON_INTERVAL - Set custom timing when daily db maintenance tasks are run. Wrap expression in double quotes.
- Default: "0 0 * * *"
- Values: Valid CRON format schedule.
- AUTO_COLLECT_MAIL - Enable (default) or Disable mail collection
- Default: true
- Values: true, false
- SEND_MAIL_DELAY - Add a delay between mail sends to help with services that throttle sends over time
- Default: 1
- Values: Time in seconds
- SEND_MAIL_BACKOFF - The number of seconds to wait before re-trying an email that failed to send
- Default: 30
- Values: Time in seconds
- SEND_MAIL_RETRIES - The maximum number of times HelpSpot will attempt to resend an email.
- Default: 5
- Values: An integer of reties
- MAINTENANCE_MODE - Put HelpSpot into maintenance mode
- Default: false
- Values: true, false
- SECURITY_CONTENT_TYPE_OPTIONS - Sets the X-Content-Type-Options
- Default: nosniff
- Values: nosniff or empty
- RESIZE_IMAGES - Performs a legacy image resize. Generally suggested to be turned off.
- Default: false
- Values: true, false
This page was: Helpful |
Not Helpful