Configuring the Server
When it starts up, Actual looks for an optional config.json
file in the same directory as its package.json
. If present, any keys you define there will override the default values. All values can also be specified as environment variables, which will override the values in the config.json
file.
Running into issues with your configuration not being interpreted correctly? Check out our documentation for troubleshooting the server for information on how to enable debug logging to track down the issue.
ACTUAL_DATA_DIR
This is where the server stores the budget data files (and configurations unless ACTUAL_CONFIG_PATH
is set).
The default value is /data
.
See also sections on userFiles
and serverFiles
.
ACTUAL_CONFIG_PATH
This is the path to the config file. If not specified, the server will look for a config.json
file either in the
/data
folder if it is present or in the same directory as the package.json
if /data
is absent.
See the ACTUAL_DATA_DIR
section above to override the data folder location.
You can’t specify this option in config.json
since it needs to be used to find the config.json
in the first place.
https
If you want to Actual to serve over HTTPS, you can set this key to an object with the following keys:
key
: The path to the private key file. (environment variable:ACTUAL_HTTPS_KEY
)cert
: The path to the certificate file. (environment variable:ACTUAL_HTTPS_CERT
)- any other options from Node’s
tls.createServer()
,tls.createSecureContext()
, orhttp.createServer()
functions (optional, most people won’t need to set any of these).
See Activating HTTPS for more information on how to get HTTPS working.
port
The port
key is used to specify the port that the server should listen on. If not specified, the server will listen on port 5006. (environment variable: ACTUAL_PORT
)
hostname
The hostname
key is used to specify the hostname that the server should listen on. If not specified, the server will listen on ::
(which, on most operating systems, will include both IPv4 and IPv6). (environment variable: ACTUAL_HOSTNAME
)
serverFiles
The server will put an account.sqlite
file in this directory, which will contain the (hashed) server password, a list of all the budget files the server knows about, and the active session token (along with anything else the server may want to store in the future). If not specified, the server will use either /data/server-files
(if /data
exists) or the server-files
directory in the same directory as the package.json
. (environment variable: ACTUAL_SERVER_FILES
)
See the ACTUAL_DATA_DIR
section above to override the data folder location.
userFiles
The server will put all the budget files in this directory as binary blobs. If not specified, the server will use either /data/user-files
(if /data
exists) or the user-files
directory in the same directory as the package.json
. (environment variable: ACTUAL_USER_FILES
)
See the ACTUAL_DATA_DIR
section above to override the data folder location.
webRoot
(Advanced, most people will not need to configure this.) The server will serve the frontend from this directory. If not specified, the server will use the files in the @actual-app/web
package that it has installed. (environment variable: ACTUAL_WEB_ROOT
)
If you’re providing a custom frontend, make sure you provide an index.html
in the top level of the webRoot
directory, which will be served from the /
route.
loginMethod
Change the default authentication method for Actual (environment variable: ACTUAL_LOGIN_METHOD
). The valid values are:
"password"
(default) - This is standard password authentication"header"
- Use the HTTP headerx-actual-password
to automatically login. This is for advanced use and if not done correctly could have security implications."openid"
- OpenId auth (in preview)
allowedLoginMethods
The list of login methods that are permitted for auth. This defaults to ['password','header','openid']
(environment variable: ACTUAL_ALLOWED_LOGIN_METHODS
, comma separated string).
If you wish to restrict the server from accepting certain login methods, you should update this setting.
trustedProxies
Updates the servers request forwarding trust to remove known proxy IPs from the client IP list. This helps identify the client IP for things like rate limiting. This defaults to known internal IP ranges: [10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, fc00::/7, ::1/128]
(environment variable: ACTUAL_TRUSTED_PROXIES
, comma separated string).
trustedAuthProxies
Configure the clients that are allowed to authentic with HTTP headers. This defaults to what is set in trustedProxies
, but can be overridden independently. (environment variable: ACTUAL_TRUSTED_AUTH_PROXIES
, comma separated string).