Self-Hosting

Configure

Custom Configurations

These variables are present inside your machine’s docker-compose file. Restart the docker containers if you change any variables for them to take effect.

VariableDescriptionRequiredDefault
WEBAPP_URLBase URL of the site.requiredhttp://localhost:3000
NEXTAUTH_URLLocation of the auth server. This should normally be the same as WEBAPP_URLrequiredhttp://localhost:3000
DATABASE_URLDatabase URL with credentials.required
NEXTAUTH_SECRETSecret for NextAuth, used for session signing and encryption.required(Generated by the user, must not exceed 32 bytes, openssl rand -hex 32)
ENCRYPTION_KEYSecret for used by Formbricks for data encryptionrequired(Generated by the user, must not exceed 32 bytes, openssl rand -hex 32)
CRON_SECRETAPI Secret for running cron jobs.required(Generated by the user, must not exceed 32 bytes, openssl rand -hex 32)
UPLOADS_DIRLocal directory for storing uploads.optional./uploads
S3_ACCESS_KEYAccess key for S3.optional(resolved by the AWS SDK)
S3_SECRET_KEYSecret key for S3.optional(resolved by the AWS SDK)
S3_REGIONRegion for S3.optional(resolved by the AWS SDK)
S3_BUCKET_NAMES3 bucket name for data storage. Formbricks enables S3 storage when this is set.optional (required if S3 is enabled)
S3_ENDPOINT_URLEndpoint for S3.optional(resolved by the AWS SDK)
PRIVACY_URLURL for privacy policy.optional
TERMS_URLURL for terms of service.optional
IMPRINT_URLURL for imprint.optional
EMAIL_AUTH_DISABLEDDisables the ability for users to signup or login via email and password if set to 1.optional
PASSWORD_RESET_DISABLEDDisables password reset functionality if set to 1.optional
EMAIL_VERIFICATION_DISABLEDDisables email verification if set to 1.optional
RATE_LIMITING_DISABLEDDisables rate limiting if set to 1.optional
INVITE_DISABLEDDisables the ability for invited users to create an account if set to 1.optional
MAIL_FROMEmail address to send emails from.optional (required if email services are to be enabled)
SMTP_HOSTHost URL of your SMTP server.optional (required if email services are to be enabled)
SMTP_PORTHost Port of your SMTP server.optional (required if email services are to be enabled)
SMTP_USERUsername for your SMTP Server.optional (required if email services are to be enabled)
SMTP_PASSWORDPassword for your SMTP Server.optional (required if email services are to be enabled)
SMTP_SECURE_ENABLEDSMTP secure connection. For using TLS, set to 1 else to 0.optional (required if email services are to be enabled)
SMTP_REJECT_UNAUTHORIZED_TLSIf set to 0, the server will accept connections without requiring authorization from the list of supplied CAs.optional1
GITHUB_IDClient ID for GitHub.optional (required if GitHub auth is enabled)
GITHUB_SECRETSecret for GitHub.optional (required if GitHub auth is enabled)
GOOGLE_CLIENT_IDClient ID for Google.optional (required if Google auth is enabled)
GOOGLE_CLIENT_SECRETSecret for Google.optional (required if Google auth is enabled)
STRIPE_SECRET_KEYSecret key for Stripe integration.optional
STRIPE_WEBHOOK_SECRETWebhook secret for Stripe integration.optional
TELEMETRY_DISABLEDDisables telemetry if set to 1.optional
DEFAULT_BRAND_COLORDefault brand color for your app (Can be overwritten from the UI as well).optional#64748b
DEFAULT_ORGANIZATION_IDAutomatically assign new users to a specific organization when joiningoptional
DEFAULT_ORGANIZATION_ROLERole of the user in the default organization.optionalowner
OIDC_DISPLAY_NAMEDisplay name for Custom OpenID Connect Provideroptional
OIDC_CLIENT_IDClient ID for Custom OpenID Connect Provideroptional (required if OIDC auth is enabled)
OIDC_CLIENT_SECRETSecret for Custom OpenID Connect Provideroptional (required if OIDC auth is enabled)
OIDC_ISSUERIssuer URL for Custom OpenID Connect Provider (should have .well-known configured at this)optional (required if OIDC auth is enabled)
OIDC_SIGNING_ALGORITHMSigning Algorithm for Custom OpenID Connect ProvideroptionalRS256
OPENTELEMETRY_LISTENER_URLURL for OpenTelemetry listener inside Formbricks.optional
CUSTOM_CACHE_DISABLEDDisables custom cache handler if set to 1 (required for deployment on Vercel)optional

Note: If you want to configure something that is not possible via above, please open an issue on our GitHub repo here or reach out to us on Github Discussions and we’ll try our best to work out a solution with you.

OAuth Configuration

Google OAuth

Integrating Google OAuth with your Formbricks instance allows users to log in using their Google credentials, ensuring a secure and streamlined user experience. This guide will walk you through the process of setting up Google OAuth for your Formbricks instance.

Requirements:

  • A Google Cloud Platform (GCP) account.
  • A Formbricks instance running and accessible.

Steps:

  1. Create a GCP Project:

    • Navigate to the GCP Console.
    • From the projects list, select a project or create a new one.
  2. Setting up OAuth 2.0:

    • If the APIs & services page isn't already open, open the console left side menu and select APIs & services.
    • On the left, click Credentials.
    • Click Create Credentials, then select OAuth client ID.
  3. Configure OAuth Consent Screen:

    • If this is your first time creating a client ID, configure your consent screen by clicking Consent Screen.
    • Fill in the necessary details and under Authorized domains, add the domain where your Formbricks instance is hosted.
  4. Create OAuth 2.0 Client IDs:

    • Select the application type Web application for your project and enter any additional information required.
    • Ensure to specify authorized JavaScript origins and authorized redirect URIs.

Configuration URLs

Authorized JavaScript origins: {WEBAPP_URL}
Authorized redirect URIs: {WEBAPP_URL}/api/auth/callback/google
  1. Update Environment Variables in Docker:
    • To integrate the Google OAuth, you have two options: either update the environment variables in the docker-compose file or directly add them to the running container.
    • In your Docker setup directory, open the .env file, and add or update the following lines with the Client ID and Client Secret obtained from Google Cloud Platform:
    • Alternatively, you can add the environment variables directly to the running container using the following commands (replace container_id with your actual Docker container ID):

Set env vars

docker exec -it container_id /bin/bash
export GOOGLE_CLIENT_ID=your-client-id-here
export GOOGLE_CLIENT_SECRET=your-client-secret-here
exit
  1. Restart Your Formbricks Instance:
    • Note: Restarting your Docker containers may cause a brief period of downtime. Plan accordingly.
    • Once the environment variables have been updated, it's crucial to restart your Docker containers to apply the changes. This ensures that your Formbricks instance can utilize the new Google OAuth configuration for user authentication. Here's how you can do it:
    • Navigate to your Docker setup directory where your docker-compose.yml file is located.
    • Run the following command to bring down your current Docker containers and then bring them back up with the updated environment configuration:

Microsoft Entra ID (Azure Active Directory) SSO OAuth

Do you have a Microsoft Entra ID Tenant? Integrate it with your Formbricks instance to allow users to log in using their existing Microsoft credentials. This guide will walk you through the process of setting up an Application Registration for your Formbricks instance.

Requirements

Creating an App Registration

  1. Login to the Microsoft Entra admin center.
  2. Go to Applications > App registrations in the left menu.
App Registration Name Field
  1. Click the New registration button at the top.
App Registration Name Field
  1. Name your application something descriptive, such as Formbricks SSO.
App Registration Name Field
  1. If you have multiple tenants/organizations, choose the appropriate Supported account types option. Otherwise, leave the default option for Single Tenant.
Supported Account Types List
  1. Under Redirect URI, select Web for the platform and paste your Formbricks callback URI (see Requirements above).
Redirect URI Field
  1. Click Register to create the App registration. You will be redirected to your new app's Overview page after it is created.

  2. On the Overview page, under Essentials:

  • Copy the entry for Application (client) ID to populate the AZUREAD_CLIENT_ID variable.
  • Copy the entry for Directory (tenant) ID to populate the AZUREAD_TENANT_ID variable.
Client and Tenant ID Fields
  1. From your App registration's Overview page, go to Manage > Certificates & secrets.
Certificates & secrets link
  1. Make sure you have the Client secrets tab active, and click New client secret.
New Client Secret Tab & Button
  1. Enter a Description, set an Expires period, then click Add.
Description & Expires Fields
  1. Copy the entry under Value to populate the AZUREAD_CLIENT_SECRET variable.
Client Secret Value Field
  1. Update these environment variables in your docker-compose.yml or pass it like your other environment variables to the Formbricks container.

An example .env for Microsoft Entra ID in Formbricks would look like:

Formbricks Env for Microsoft Entra ID SSO

AZUREAD_CLIENT_ID=a25cadbd-f049-4690-ada3-56a163a72f4c
AZUREAD_TENANT_ID=2746c29a-a3a6-4ea1-8762-37816d4b7885
AZUREAD_CLIENT_SECRET="THis~iS4faKe.53CreTvALu3"
  1. Restart your Formbricks instance.
  2. You're all set! Users can now sign up & log in using their Microsoft credentials associated with your Entra ID Tenant.

OpenID Configuration

Integrating your own OIDC (OpenID Connect) instance with your Formbricks instance allows users to log in using their OIDC credentials, ensuring a secure and streamlined user experience. Please follow the steps below to set up OIDC for your Formbricks instance.

  1. Configure your OIDC provider & get the following variables:
    • OIDC_CLIENT_ID
    • OIDC_CLIENT_SECRET
    • OIDC_ISSUER
    • OIDC_SIGNING_ALGORITHM
  1. Update these environment variables in your docker-compose.yml or pass it directly to the running container.

An example configuration for a FusionAuth OpenID Connect in Formbricks would look like:

Formbricks Env for FusionAuth OIDC

OIDC_CLIENT_ID=59cada54-56d4-4aa8-a5e7-5823bbe0e5b7
OIDC_CLIENT_SECRET=4f4dwP0ZoOAqMW8fM9290A7uIS3E8Xg29xe1umhlB_s
OIDC_ISSUER=http://localhost:9011
OIDC_DISPLAY_NAME=FusionAuth OIDC_SIGNING_ALGORITHM=HS256
  1. Set an environment variable OIDC_DISPLAY_NAME to the display name of your OIDC provider.

  2. Restart your Formbricks instance.

  3. You're all set! Users can now signup & log in using their OIDC credentials.

Was this page helpful?