You can configure Umami with the use of environment variables. They go into the same .env file as your DATABASE_URL.
Runtime variables are recognized when Umami is running. You can set your environment variables prior to starting the application.
Disables users, teams, and websites settings page.
How many seconds a CORS preflight should last. Default is 24 hours.
By default bots are excluded from statistics. This disables checking for bots.
Disables the login page.
Enables the internal test page, {host}/console. Admin access is required. Users can manually fire pageviews and events to their websites.
A random string used to generate unique values.
HTTP header to check for the client's IP address. This is useful when you're behind a proxy that uses non-standard headers.
Allows you to send metrics to a location different than the default /api/send. This is to help you avoid some ad-blockers.
Connection string for your database. This is the only required variable.
Console logging for specific areas of the application. Values include umami:auth, umami:clickhouse, umami:kafka, umami:middleware, and umami:prisma.
Disables the check for new versions of Umami.
Disables the login page for the application.
Umami collects completely anonymous telemetry data in order help improve the application. You can choose to disable this if you don't want to participate.
If you are running on an environment which requires you to bind to a specific hostname or port, such as Heroku, you can add
these variables and start your app with npm run start-env instead of npm start.
You can provide a comma-delimited list of IP address to exclude from data collection.
This will do a DNS lookup on a hostname and the resulting IP address will be ignored. This can be a comma delimited list of hostnames.
If you are running in development mode, this will log database queries to the console for debugging.
Removes the trailing slash from all incoming urls.
Allows you to assign a custom name to the tracker script different from the default script.js. This is to help you avoid some ad-blockers.
You do not need the .js extension. It can be any path you choose, and it won't affect the correct load and execution of the script. However, be sure to use the correct path to fetch your script, to avoid 404 errors. Some examples:
TRACKER_SCRIPT_NAME= # Unset. By default, the script is fetched from: /script.js
TRACKER_SCRIPT_NAME=custom # Fetched from: /custom
TRACKER_SCRIPT_NAME=custom.js # Fetched from: /custom.js
If you are not sure about the correct URL or path to access the script, you can always check the Tracking code for your website. You have more information about that in the Collect data section in the docs.
Build time variables are only recognized during the build process. This also includes building custom Docker images. You need to set your environment variables prior to building the application.
A space-delimited list of urls allowed to host the application in an iframe.
If you want to host Umami under a subdirectory. You may need to update your reverse proxy settings to correctly handle the BASE_PATH prefix.
The type of DB to be used. This is only required for the Docker build.
This will send a HTTP Strict-Transport-Security response header with all requests. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security.
Skips the check-db step in the build process. Used for Docker builds.