Skip to main contentSkip to navigationSkip to footer
B2ALABS® - Smart API Gateway Platform
®
Documentation/Configuration

Configuration Guide

Complete reference for configuring B2ALABS AI Gateway using environment variables and configuration files. All settings documented from the actual codebase.

Quick Navigation

OverviewDatabase ConfigurationAuthentication & SecurityGateway FeaturesObservabilityProduction Setup

Configuration Overview

Two Configuration Methods

B2ALABS supports both environment variables and YAML configuration files

1. Environment Variables (Recommended)

Set environment variables in your .env file or container environment:

# Create .env file
cp .env.example .env

# Edit with your values
DB_HOST=postgres
DB_PORT=5432
DB_USER=b2alabs
DB_PASSWORD=your_secure_password_here
JWT_SECRET=your_32_character_secret_here

2. YAML Configuration File

Edit packages/gateway-core/configs/config.yaml:

server:
  port: 8080
  environment: production
  host: 0.0.0.0

database:
  host: postgres
  port: 5432
  user: b2alabs
  # password: use DB_PASSWORD env var
  database: b2alabs
  ssl_mode: disable

Important: Configuration Precedence

Values in config.yaml OVERRIDE environment variables. For production, use environment variables only and keep sensitive values out of config.yaml.

Database Configuration

PostgreSQL Settings

Configure PostgreSQL database connection (all settings from internal/config/config.go)

DB_HOSTRequired
Default: localhost

PostgreSQL database host address

Example:

DB_HOST=postgres
DB_PORTRequired
Default: 5432

PostgreSQL database port

Example:

DB_PORT=5432
DB_USERRequired
Default: b2alabs

PostgreSQL username

Example:

DB_USER=b2alabs
DB_PASSWORDRequired
Default: b2alabs_dev_password

PostgreSQL password - MUST be changed in production

Example:

DB_PASSWORD=secure_random_password_32_chars
DB_NAMERequired
Default: b2alabs_prod

PostgreSQL database name

Example:

DB_NAME=b2alabs
DB_SSL_MODE
Default: disable

PostgreSQL SSL mode (disable, require, verify-ca, verify-full)

Example:

DB_SSL_MODE=require

Complete Connection String

postgresql://b2alabs:your_password@postgres:5432/b2alabs?sslmode=disable

Authentication & Security

JWT and Session Security

Configure authentication tokens and security settings

JWT_SECRETRequired
Default: dev-only-change-me-in-production

JWT signing secret - MUST be at least 32 characters in production

Example:

JWT_SECRET=FVrcDQITrfeehf3gTu1BlSCGlrj9Bys8
JWT_EXPIRATION_MINUTES
Default: 60

JWT token expiration time in minutes

Example:

JWT_EXPIRATION_MINUTES=60
REFRESH_TOKEN_DAYS
Default: 30

Refresh token expiration time in days

Example:

REFRESH_TOKEN_DAYS=30
NEXTAUTH_SECRETRequired
Default: -

NextAuth.js secret for session encryption

Example:

NEXTAUTH_SECRET=PNMpGSmYu9Fd7BcNTgrTxvPVFuaGId6d

Security Validation (from config.go:327-356)

  • JWT_SECRET MUST be at least 32 characters in production
  • Cannot use default development values in staging/production
  • CircleStackIcon password MUST be set in production

Generate Secure Secrets

# Linux/macOS
openssl rand -base64 32

# Docker (any OS)
docker run --rm alpine sh -c "head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32"

# Windows PowerShell
-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 32 | % {[char]$_})

Gateway Features

Gateway Core Settings

Configure server, rate limiting, and caching

GATEWAY_PORTDefault: 8080

HTTP server port for the gateway

Example:

GATEWAY_PORT=8080
GATEWAY_ENVDefault: development

Environment mode (development, staging, production)

Example:

GATEWAY_ENV=production
GATEWAY_HOSTDefault: 0.0.0.0

HTTP server bind address

Example:

GATEWAY_HOST=0.0.0.0
RATE_LIMIT_ENABLEDDefault: false

Enable rate limiting globally

Example:

RATE_LIMIT_ENABLED=true
RATE_LIMIT_RPMDefault: 100

Rate limit requests per minute

Example:

RATE_LIMIT_RPM=100
CACHE_TYPEDefault: memory

Cache backend type (memory, redis, layered)

Example:

CACHE_TYPE=redis

Redis Configuration

Configure Redis for caching and rate limiting

REDIS_HOSTDefault: localhost

Redis server host address

Example:

REDIS_HOST=redis
REDIS_PORTDefault: 6379

Redis server port

Example:

REDIS_PORT=6379
REDIS_PASSWORDDefault: ""

Redis authentication password (optional)

Example:

REDIS_PASSWORD=redis_password
REDIS_DBDefault: 0

Redis database number (0-15)

Example:

REDIS_DB=0

AI Provider API Keys

Configure API keys for OpenAI, Anthropic, Google, and Azure

OPENAI_API_KEY

OpenAI API key for GPT models

Example:

OPENAI_API_KEY=sk-proj-...
ANTHROPIC_API_KEY

Anthropic API key for Claude models

Example:

ANTHROPIC_API_KEY=sk-ant-...
GOOGLE_API_KEY

Google API key for Gemini models

Example:

GOOGLE_API_KEY=AIza...
AZURE_OPENAI_API_KEY

Azure OpenAI API key

Example:

AZURE_OPENAI_API_KEY=azure-key...
AZURE_OPENAI_ENDPOINT

Azure OpenAI endpoint URL

Example:

AZURE_OPENAI_ENDPOINT=https://your-resource.openai.azure.com

Observability

Monitoring and Tracing

Configure OpenTelemetry, Prometheus, and logging

OTEL_SERVICE_NAMEDefault: b2alabs-gateway

OpenTelemetry service name for tracing

Example:

OTEL_SERVICE_NAME=b2alabs-gateway
OTEL_EXPORTER_OTLP_ENDPOINTDefault: http://localhost:4318

OpenTelemetry collector endpoint

Example:

OTEL_EXPORTER_OTLP_ENDPOINT=http://jaeger:4318
PROMETHEUS_PORTDefault: 9090

Prometheus metrics export port

Example:

PROMETHEUS_PORT=9090
LOG_LEVELDefault: INFO

Logging level (DEBUG, INFO, WARN, ERROR)

Example:

LOG_LEVEL=INFO

Cerbos Authorization (Optional)

Fine-Grained Access Control

Configure Cerbos for policy-based authorization

CERBOS_ENABLEDDefault: false

Enable Cerbos authorization

Example:

CERBOS_ENABLED=true
CERBOS_ADDRDefault: http://cerbos:3592

Cerbos HTTP API address

Example:

CERBOS_ADDR=http://cerbos:3592
CERBOS_GRPC_ADDRDefault: cerbos:3593

Cerbos gRPC API address

Example:

CERBOS_GRPC_ADDR=cerbos:3593

Production Setup

Production Best Practices

Essential security and performance recommendations

Security Checklist

  • Set GATEWAY_ENV=production to enable security validations
  • Generate strong 32+ character secrets for JWT_SECRET and NEXTAUTH_SECRET
  • Use strong database passwords (minimum 32 characters)
  • Enable DB_SSL_MODE=require for database connections
  • Set LOG_LEVEL=INFO or WARN (not DEBUG) in production
  • Enable RATE_LIMIT_ENABLED=true to prevent abuse
  • Use Redis for caching (CACHE_TYPE=redis) for better performance

Environment-Specific .env Files

# Structure
.env.development    # Local development
.env.staging        # Staging environment
.env.production     # Production (NEVER commit!)

# Docker Compose usage
docker-compose --env-file .env.production up -d

Common Configuration Mistakes

  • Using default passwords: Always generate new secure passwords
  • Hardcoding in config.yaml: Config file values override environment variables
  • Committing .env files: Always add .env to .gitignore
  • Short JWT secrets: Minimum 32 characters required in production

Next Steps

Getting Started

Follow the quick start guide to deploy with your new configuration

Troubleshooting

Common configuration issues and how to resolve them

Need Help with Configuration?

CheckIcon our troubleshooting guide or reach out to our support team for assistance.

Was this page helpful?