Refactor .env.example and Add dotenv.md (#1258)

2025-09-22 08:12:00 +02:00 · 2023-12-03 09:52:13 -05:00 · 2023-12-03 09:52:13 -05:00 · 9d21d1c5b9
commit 9d21d1c5b9
parent 25f460f454
4 changed files with 870 additions and 382 deletions
--- a/.env.example
+++ b/.env.example
@ -1,302 +1,130 @@
-##########################
+#=============================================================#
-# Server configuration:
+#                   LibreChat Configuration                   #
-##########################
+#=============================================================#
 # Please refer to the reference documentation for assistance  #
 # with configuring your LibreChat environment. The guide is   #
 # available both online and within your local LibreChat       #
 # directory:                                                  #
 # Online: https://docs.librechat.ai/install/dotenv.html       #
 # Locally: ./docs/install/dotenv.md                           #
 #=============================================================#
 #==================================================#
 #               Server Configuration               #
 #==================================================#
 APP_TITLE=LibreChat
 # Uncomment to add a custom footer.
 # Uncomment and make empty "" to remove the footer.
 # CUSTOM_FOOTER="My custom footer"
 # Uncomment the `ENDPOINTS` variable to determine which endpoints are available.
 # Listed here are the only accepted values, which are all enabled if an authentication
 # option is provided, whether user provided or admin provided in this .env file.
 # Note: the first value is considered the default value.
 # ENDPOINTS=openAI,azureOpenAI,bingAI,chatGPTBrowser,google,gptPlugins,anthropic
 # The server will listen to localhost:3080 by default. You can change the target IP as you want.
 # If you want to make this server available externally, for example to share the server with others
 # or expose this from a Docker container, set host to 0.0.0.0 or your external IP interface.
 # Tips: Setting host to 0.0.0.0 means listening on all interfaces. It's not a real IP.
 # Use localhost:port rather than 0.0.0.0:port to access the server.
 # Set Node env to development if running in dev mode.
 HOST=localhost
 PORT=3080
-# Note: the following enables user balances, which you can add manually
+MONGO_URI=mongodb://127.0.0.1:27017/LibreChat
 # or you will need to build out a balance accruing system for users.
 # For more info, see https://docs.librechat.ai/features/token_usage.html
-# To manually add balances, run the following command:
+DOMAIN_CLIENT=http://localhost:3080
-# `npm run add-balance`
+DOMAIN_SERVER=http://localhost:3080
-# You can also specify the email and token credit amount to add, e.g.:
+#=============#
-# `npm run add-balance example@example.com 1000`
+# Permissions #
 #=============#
 # This works well to track your own usage for personal use; 1000 credits = $0.001 (1 mill USD)
 # Set to true to enable token credit balances for the OpenAI/Plugins endpoints
 CHECK_BALANCE=false
 # Automated Moderation System
 # The Automated Moderation System uses a scoring mechanism to track user violations. As users commit actions
 # like excessive logins, registrations, or messaging, they accumulate violation scores. Upon reaching
 # a set threshold, the user and their IP are temporarily banned. This system ensures platform security
 # by monitoring and penalizing rapid or suspicious activities.
 BAN_VIOLATIONS=true # Whether or not to enable banning users for violations (they will still be logged)
 BAN_DURATION=1000 * 60 * 60 * 2 # how long the user and associated IP are banned for
 BAN_INTERVAL=20 # a user will be banned everytime their score reaches/crosses over the interval threshold
 # The score for each violation
 LOGIN_VIOLATION_SCORE=1
 REGISTRATION_VIOLATION_SCORE=1
 CONCURRENT_VIOLATION_SCORE=1
 MESSAGE_VIOLATION_SCORE=1
 NON_BROWSER_VIOLATION_SCORE=20
 # Login and registration rate limiting.
 LOGIN_MAX=7 # The max amount of logins allowed per IP per LOGIN_WINDOW
 LOGIN_WINDOW=5 # in minutes, determines the window of time for LOGIN_MAX logins
 REGISTER_MAX=5 # The max amount of registrations allowed per IP per REGISTER_WINDOW
 REGISTER_WINDOW=60 # in minutes, determines the window of time for REGISTER_MAX registrations
 # Message rate limiting (per user & IP)
 LIMIT_CONCURRENT_MESSAGES=true # Whether to limit the amount of messages a user can send per request
 CONCURRENT_MESSAGE_MAX=2 # The max amount of messages a user can send per request
 LIMIT_MESSAGE_IP=true # Whether to limit the amount of messages an IP can send per MESSAGE_IP_WINDOW
 MESSAGE_IP_MAX=40 # The max amount of messages an IP can send per MESSAGE_IP_WINDOW
 MESSAGE_IP_WINDOW=1 # in minutes, determines the window of time for MESSAGE_IP_MAX messages
 # Note: You can utilize both limiters, but default is to limit by IP only.
 LIMIT_MESSAGE_USER=false # Whether to limit the amount of messages an IP can send per MESSAGE_USER_WINDOW
 MESSAGE_USER_MAX=40 # The max amount of messages an IP can send per MESSAGE_USER_WINDOW
 MESSAGE_USER_WINDOW=1 # in minutes, determines the window of time for MESSAGE_USER_MAX messages
 # If you have permission problems, set here the UID and GID of the user running
 # the docker compose command. The applications in the container will run with these uid/gid.
 # UID=1000
 # GID=1000
-# Change this to proxy any API request.
+#===================================================#
-# It's useful if your machine has difficulty calling the original API server.
+#                     Endpoints                     #
-# PROXY=
+#===================================================#
-# Change this to your MongoDB URI if different. I recommend appending LibreChat.
+# ENDPOINTS=openAI,azureOpenAI,bingAI,chatGPTBrowser,google,gptPlugins,anthropic
 MONGO_URI=mongodb://127.0.0.1:27018/LibreChat
-##########################
+PROXY=
 # OpenAI Endpoint:
 ##########################
-# Access key from OpenAI platform.
+#============#
-# Leave it blank to disable this feature.
+# Anthropic  #
-# Set to "user_provided" to allow the user to provide their API key from the UI.
+#============#
 OPENAI_API_KEY=user_provided
-DEBUG_OPENAI=false # Set to true to enable debug mode for the OpenAI endpoint
+ANTHROPIC_API_KEY=user_provided
 ANTHROPIC_MODELS=claude-1,claude-instant-1,claude-2
 # ANTHROPIC_REVERSE_PROXY=
-# Identify the available models, separated by commas *without spaces*.
+#============#
-# The first will be default.
+# Azure      #
-# Leave it blank to use internal settings.
+#============#
 # OPENAI_MODELS=gpt-3.5-turbo-1106,gpt-4-1106-preview,gpt-3.5-turbo,gpt-3.5-turbo-16k,gpt-3.5-turbo-0301,text-davinci-003,gpt-4,gpt-4-0314,gpt-4-0613
 # Titling is enabled by default when initiating a conversation.
 # Uncomment the following variable to disable this feature.
 # TITLE_CONVO=false
 # (Optional) The default model used for titling by is gpt-3.5-turbo-0613
 # You can change it by uncommenting the following and setting the desired model
 # Must be compatible with the OpenAI Endpoint.
 # OPENAI_TITLE_MODEL=gpt-3.5-turbo
 # (Optional/Experimental) Enable message summarization by uncommenting the following:
 # Note: this may affect response time when a summary is being generated.
 # OPENAI_SUMMARIZE=true
 # Not yet implemented: this will be a conversation option enabled by default to save users on tokens
 # We are using the ConversationSummaryBufferMemory method to summarize messages.
 # To learn more about this, see this article:
 # https://www.pinecone.io/learn/series/langchain/langchain-conversational-memory/
 # (Optional) The default model used for summarizing is gpt-3.5-turbo
 # You can change it by uncommenting the following and setting the desired model
 # Must be compatible with the OpenAI Endpoint.
 # OPENAI_SUMMARY_MODEL=gpt-3.5-turbo
 # Reverse proxy settings for OpenAI:
 # https://github.com/waylaidwanderer/node-chatgpt-api#using-a-reverse-proxy
 # The URL must match the "url/v1," pattern, the "openai" suffix is also allowed.
 # Examples:
 #   - https://open.ai/v1
 #   - https://open.ai/v1/ACCOUNT/GATEWAY/openai
 #   - https://open.ai/v1/hi/openai
 # OPENAI_REVERSE_PROXY=
 # (Advanced) Sometimes when using Local LLM APIs, you may need to force the API
 # to be called with a `prompt` payload instead of a `messages` payload; to mimic the
 # a `/v1/completions` request instead of `/v1/chat/completions`
 # This may be the case for LocalAI with some models. To do so, uncomment the following:
 # OPENAI_FORCE_PROMPT=true
 # (Advanced) For customization of the DALL-E-3 System prompt,
 # uncomment the following, and provide your own prompt:
 # See official prompt for reference:
 # https://github.com/spdustin/ChatGPT-AutoExpert/blob/main/_system-prompts/dall-e.md
 # DALLE3_SYSTEM_PROMPT="Your System Prompt here"
 # OpenAI API key for DALL-E / DALL-E-3. Set to user_provided to have the user provide their own key when installing the pluigin.
 # DALLE_API_KEY=user_provided
 # (Advanced) DALL-E Proxy settings
 # This is separate from its OpenAI counterpart for customization purposes
 # Reverse proxy settings, changes the baseURL for the DALL-E-3 API Calls
 # The URL must match the "url/v1," pattern, the "openai" suffix is also allowed.
 # Examples:
 #   - https://open.ai/v1
 #   - https://open.ai/v1/ACCOUNT/GATEWAY/openai
 #   - https://open.ai/v1/hi/openai
 # DALLE_REVERSE_PROXY=
 # Note: if you have PROXY set, it will be used for DALLE calls also, which is universal for the app
 ##########################
 # OpenRouter (overrides OpenAI and Plugins Endpoints):
 ##########################
 # OpenRouter is a legitimate proxy service to a multitude of LLMs, both closed and open source, including:
 # OpenAI models, Anthropic models, Meta's Llama models, pygmalionai/mythalion-13b
 # and many more open source models. Newer integrations are usually discounted, too!
 # Note: this overrides the OpenAI and Plugins Endpoints.
 # See ./docs/install/free_ai_apis.md for more info.
 # OPENROUTER_API_KEY=
 ##########################
 # AZURE Endpoint:
 ##########################
 # To use Azure with this project, set the following variables. These will be used to build the API URL.
 # Chat completion:
 # `https://{AZURE_OPENAI_API_INSTANCE_NAME}.openai.azure.com/openai/deployments/{AZURE_OPENAI_API_DEPLOYMENT_NAME}/chat/completions?api-version={AZURE_OPENAI_API_VERSION}`;
 # You should also consider changing the `OPENAI_MODELS` variable above to the models available in your instance/deployment.
 # Note: I've noticed that the Azure API is much faster than the OpenAI API, so the streaming looks almost instantaneous.
 # Note "AZURE_OPENAI_API_COMPLETIONS_DEPLOYMENT_NAME" and "AZURE_OPENAI_API_EMBEDDINGS_DEPLOYMENT_NAME" are optional but might be used in the future
 # AZURE_API_KEY=
 AZURE_OPENAI_MODELS=gpt-3.5-turbo,gpt-4
 # AZURE_OPENAI_DEFAULT_MODEL=gpt-3.5-turbo
 # PLUGINS_USE_AZURE="true"
 AZURE_USE_MODEL_AS_DEPLOYMENT_NAME=TRUE
 # AZURE_OPENAI_API_INSTANCE_NAME=
 # AZURE_OPENAI_API_DEPLOYMENT_NAME=
 # AZURE_OPENAI_API_VERSION=
 # AZURE_OPENAI_API_COMPLETIONS_DEPLOYMENT_NAME=
 # AZURE_OPENAI_API_EMBEDDINGS_DEPLOYMENT_NAME=
-# NOTE: As of 2023-11-10, the Azure API only allows one model per deployment,
+#============#
-# It's recommended to name your deployments after the model name, e.g. "gpt-35-turbo,"
+# BingAI     #
-# which allows for fast deployment switching and AZURE_USE_MODEL_AS_DEPLOYMENT_NAME enabled.
+#============#
 # However, you can use non-model deployment names and setting the AZURE_OPENAI_DEFAULT_MODEL to ensure it works as expected.
 # Identify the available models, separated by commas *without spaces*.
 # The first will be default. Leave it blank or as is to use internal settings.
 # NOTE: as deployment names can't have periods, they will be removed when the endpoint is generated.
 AZURE_OPENAI_MODELS=gpt-3.5-turbo,gpt-4
 # (Advanced) this enables the use of the model name as the deployment name, e.g. "gpt-3.5-turbo" as the deployment name
 AZURE_USE_MODEL_AS_DEPLOYMENT_NAME=TRUE
 # (Advanced) this overrides the model setting for Azure, in case you want to use your custom deployment names
 # as the values for AZURE_OPENAI_MODELS
 # AZURE_OPENAI_DEFAULT_MODEL=gpt-3.5-turbo
 # To use Azure with the Plugins endpoint, you need the variables above, and uncomment the following variable:
 # NOTE: This may not work as expected and Azure OpenAI may not support OpenAI Functions yet
 # Omit/leave it commented to use the default OpenAI API
 # PLUGINS_USE_AZURE="true"
 ##########################
 # ChatGPT Endpoint:
 ##########################
 # ChatGPT Browser Client (free but use at your own risk)
 # Access token from https://chat.openai.com/api/auth/session
 # Exposes your access token to `CHATGPT_REVERSE_PROXY`
 # Set to "user_provided" to allow the user to provide its token from the UI.
 # Leave it blank to disable this endpoint
 CHATGPT_TOKEN=user_provided
 # Identify the available models, separated by commas. The first will be default.
 # Leave it blank to use internal settings.
 CHATGPT_MODELS=text-davinci-002-render-sha,gpt-4
 # NOTE: you can add gpt-4-plugins, gpt-4-code-interpreter, and gpt-4-browsing to the list above and use the models for these features;
 # however, the view/display portion of these features are not supported, but you can use the underlying models, which have higher token context
 # Also: text-davinci-002-render-paid is deprecated as of May 2023
 # Reverse proxy setting for OpenAI
 # https://github.com/waylaidwanderer/node-chatgpt-api#using-a-reverse-proxy
 # By default it will use the node-chatgpt-api recommended proxy, (it's a third party server)
 # CHATGPT_REVERSE_PROXY=<YOUR REVERSE PROXY>
 ##########################
 # BingAI Endpoint:
 ##########################
 # Also used for Sydney and jailbreak
 # To get your Access token for Bing, login to https://www.bing.com
 # Use dev tools or an extension while logged into the site to copy the content of the _U cookie.
 # If this fails, follow these instructions https://github.com/danny-avila/LibreChat/issues/370#issuecomment-1560382302 to provide the full cookie strings
 # or check out our discord https://discord.com/channels/1086345563026489514/1143941308684177429
 # Set to "user_provided" to allow the user to provide its token from the UI.
 # Leave it blank to disable this endpoint.
 BINGAI_TOKEN=user_provided
 # BingAI Host:
 # Necessary for some people in different countries, e.g. China (https://cn.bing.com)
 # Leave it blank to use default server.
 # BINGAI_HOST=https://cn.bing.com
-#############################
+#============#
-# Plugins:
+# ChatGPT    #
-#############################
+#============#
 CHATGPT_TOKEN=
 CHATGPT_MODELS=text-davinci-002-render-sha,gpt-4
 # CHATGPT_REVERSE_PROXY=<YOUR REVERSE PROXY>
 #============#
 # OpenAI     #
 #============#
 OPENAI_API_KEY=user_provided
 # OPENAI_MODELS=gpt-3.5-turbo-1106,gpt-4-1106-preview,gpt-3.5-turbo,gpt-3.5-turbo-16k,gpt-3.5-turbo-0301,text-davinci-003,gpt-4,gpt-4-0314,gpt-4-0613
 DEBUG_OPENAI=false
 # TITLE_CONVO=false
 # OPENAI_TITLE_MODEL=gpt-3.5-turbo
 # OPENAI_SUMMARIZE=true
 # OPENAI_SUMMARY_MODEL=gpt-3.5-turbo
 # OPENAI_FORCE_PROMPT=true
 # OPENAI_REVERSE_PROXY=
 #============#
 # OpenRouter #
 #============#
 # OPENROUTER_API_KEY=
 #============#
 # PaLM       #
 #============#
 PALM_KEY=user_provided
 # GOOGLE_REVERSE_PROXY=
 #============#
 # Plugins    #
 #============#
 # Identify the available models, separated by commas *without spaces*.
 # The first will be default.
 # Leave it blank to use internal settings.
 # PLUGIN_MODELS=gpt-3.5-turbo,gpt-3.5-turbo-16k,gpt-3.5-turbo-0301,gpt-4,gpt-4-0314,gpt-4-0613
-DEBUG_PLUGINS=true # Set to false or comment out to disable debug mode for plugins
+DEBUG_PLUGINS=true
 # For securely storing credentials, you need a fixed key and IV. You can set them here for prod and dev environments
 # If you don't set them, the app will crash on startup.
 # You need a 32-byte key (64 characters in hex) and 16-byte IV (32 characters in hex)
 # Use this replit to generate some quickly: https://replit.com/@daavila/crypto#index.js
 # Here are some examples (THESE ARE NOT SECURE!)
 CREDS_KEY=f34be427ebb29de8d88c107a71546019685ed8b241d8f2ed00c3df97ad2566f0
 CREDS_IV=e2341419ec3dd3d19b13a1a87fafcbfb
 # AI-Assisted Google Search
 # This bot supports searching google for answers to your questions with assistance from GPT!
 # See detailed instructions here: https://github.com/danny-avila/LibreChat/blob/main/docs/features/plugins/google_search.md
 GOOGLE_API_KEY=
 GOOGLE_CSE_ID=
 # StableDiffusion WebUI
 # This bot supports StableDiffusion WebUI, using it's API to generated requested images.
 # See detailed instructions here: https://github.com/danny-avila/LibreChat/blob/main/docs/features/plugins/stable_diffusion.md
 # Use "http://127.0.0.1:7860" with local install and "http://host.docker.internal:7860" for docker
 SD_WEBUI_URL=http://host.docker.internal:7860
 # Azure AI Search
-# This plugin supports searching Azure AI Search for answers to your questions.
+#-----------------
 # See detailed instructions here: https://github.com/danny-avila/LibreChat/blob/main/docs/features/plugins/azure_ai_search.md
 AZURE_AI_SEARCH_SERVICE_ENDPOINT=
 AZURE_AI_SEARCH_INDEX_NAME=
 AZURE_AI_SEARCH_API_KEY=
@ -306,164 +134,152 @@ AZURE_AI_SEARCH_SEARCH_OPTION_QUERY_TYPE=
 AZURE_AI_SEARCH_SEARCH_OPTION_TOP=
 AZURE_AI_SEARCH_SEARCH_OPTION_SELECT=
-##########################
+# DALL·E 3
-# PaLM (Google) Endpoint:
+#----------------
-##########################
+DALLE_API_KEY=user_provided
 # DALLE3_SYSTEM_PROMPT="Your System Prompt here"
 # DALLE_REVERSE_PROXY=
-# Follow the instruction here to setup:
+# Google
-# https://github.com/danny-avila/LibreChat/blob/main/docs/install/apis_and_tokens.md
+#-----------------
 GOOGLE_API_KEY=
 GOOGLE_CSE_ID=
-PALM_KEY=user_provided
+# SerpAPI
 #-----------------
 SERPAPI_API_KEY=
-# In case you need a reverse proxy for this endpoint:
+# Stable Diffusion
-# GOOGLE_REVERSE_PROXY=
+#-----------------
 SD_WEBUI_URL=http://host.docker.internal:7860
-##########################
+# WolframAlpha
-# Anthropic Endpoint:
+#-----------------
-##########################
+WOLFRAM_APP_ID=
 # Access key from https://console.anthropic.com/
 # Leave it blank to disable this feature.
 # Set to "user_provided" to allow the user to provide their API key from the UI.
 # Note that access to claude-1 may potentially become unavailable with the release of claude-2.
 ANTHROPIC_API_KEY=user_provided
 ANTHROPIC_MODELS=claude-1,claude-instant-1,claude-2
-# In case if you have reverse proxy for ANTHROPIC_REVERSE_PROXY you can add it here
+# Zapier
-# leave blank to use default base url
+#-----------------
 ZAPIER_NLA_API_KEY=
-# ANTHROPIC_REVERSE_PROXY=
+#==================================================#
 #                      Search                      #
 #==================================================#
 ##########################
 # Proxy: To be Used by all endpoints
 ##########################
 PROXY=
 ##########################
 # Search:
 ##########################
 # ENABLING SEARCH MESSAGES/CONVOS
 # Requires the installation of the free self-hosted Meilisearch or a paid Remote Plan (Remote not tested)
 # The easiest setup for this is through docker-compose, which takes care of it for you.
 SEARCH=true
 # HIGHLY RECOMMENDED: Disable anonymized telemetry analytics for MeiliSearch for absolute privacy.
 MEILI_NO_ANALYTICS=true
 # REQUIRED FOR SEARCH: MeiliSearch Host, mainly for the API server to connect to the search server.
 # Replace '0.0.0.0' with 'meilisearch' if serving MeiliSearch with docker-compose.
 MEILI_HOST=http://0.0.0.0:7700
 # REQUIRED FOR SEARCH: MeiliSearch HTTP Address, mainly for docker-compose to expose the search server.
 # Replace '0.0.0.0' with 'meilisearch' if serving MeiliSearch with docker-compose.
 MEILI_HTTP_ADDR=0.0.0.0:7700
 # REQUIRED FOR SEARCH: In production env., a secure key is needed. You can generate your own.
 # This master key must be at least 16 bytes, composed of valid UTF-8 characters.
 # MeiliSearch will throw an error and refuse to launch if no master key is provided,
 # or if it is under 16 bytes. MeiliSearch will suggest a secure autogenerated master key.
 # Using docker, it seems recognized as production so use a secure key.
 # This is a ready made secure key for docker-compose, you can replace it with your own.
 MEILI_MASTER_KEY=DrhYf7zENyR6AlUCKmnz0eYASOQdl6zxH7s7MKFSfFCt
-##########################
+#===================================================#
-# User System:
+#                    User System                    #
-##########################
+#===================================================#
 #========================#
 # Moderation             #
 #========================#
 BAN_VIOLATIONS=true
 BAN_DURATION=1000 * 60 * 60 * 2
 BAN_INTERVAL=20
 LOGIN_VIOLATION_SCORE=1
 REGISTRATION_VIOLATION_SCORE=1
 CONCURRENT_VIOLATION_SCORE=1
 MESSAGE_VIOLATION_SCORE=1
 NON_BROWSER_VIOLATION_SCORE=20
 LOGIN_MAX=7
 LOGIN_WINDOW=5
 REGISTER_MAX=5
 REGISTER_WINDOW=60
 LIMIT_CONCURRENT_MESSAGES=true
 CONCURRENT_MESSAGE_MAX=2
 LIMIT_MESSAGE_IP=true
 MESSAGE_IP_MAX=40
 MESSAGE_IP_WINDOW=1
 LIMIT_MESSAGE_USER=false
 MESSAGE_USER_MAX=40
 MESSAGE_USER_WINDOW=1
 #========================#
 # Balance                #
 #========================#
 CHECK_BALANCE=false
 #========================#
 # Registration and Login #
 #========================#
 # Allow Public Registration
 ALLOW_REGISTRATION=true
 # Allow Social Registration
 ALLOW_SOCIAL_LOGIN=false
 # Allow Social Registration (WORKS ONLY for Google, Github, Discord)
 ALLOW_SOCIAL_REGISTRATION=false
-# JWT Secrets
+SESSION_EXPIRY=1000 * 60 * 15
-# You should use secure values. The examples given are 32-byte keys (64 characters in hex)
+REFRESH_TOKEN_EXPIRY=(1000 * 60 * 60 * 24) * 7
-# Use this replit to generate some quickly: https://replit.com/@daavila/crypto#index.js
+
 JWT_SECRET=16f8c0ef4a5d391b26034086c628469d3f9f497f08163ab9b40137092f2909ef
 JWT_REFRESH_SECRET=eaa5191f2914e30b9387fd84e254e4ba6fc51b4654968a9b0803b456a54b8418
-# Google:
+# Discord
-# Add your Google Client ID and Secret here, you must register an app with Google Cloud to get these values
+DISCORD_CLIENT_ID=your_client_id
-# https://cloud.google.com/
+DISCORD_CLIENT_SECRET=your_client_secret
-GOOGLE_CLIENT_ID=
+DISCORD_CALLBACK_URL=/oauth/discord/callback
 GOOGLE_CLIENT_SECRET=
 GOOGLE_CALLBACK_URL=/oauth/google/callback
-# Facebook:
+# Facebook
 # Add your Facebook Client ID and Secret here, you must register an app with Facebook to get these values
 # https://developers.facebook.com/
 FACEBOOK_CLIENT_ID=
 FACEBOOK_CLIENT_SECRET=
 FACEBOOK_CALLBACK_URL=/oauth/facebook/callback
-# OpenID:
+# GitHub
-# See OpenID provider to get the below values
+GITHUB_CLIENT_ID=your_client_id
-# Create random string for OPENID_SESSION_SECRET
+GITHUB_CLIENT_SECRET=your_client_secret
-# For Azure AD
+GITHUB_CALLBACK_URL=/oauth/github/callback
-#   ISSUER:  https://login.microsoftonline.com/(tenant id)/v2.0/
+
-#   SCOPE:   openid profile email
+# Google
 GOOGLE_CLIENT_ID=
 GOOGLE_CLIENT_SECRET=
 GOOGLE_CALLBACK_URL=/oauth/google/callback
 # OpenID
 OPENID_CLIENT_ID=
 OPENID_CLIENT_SECRET=
 OPENID_ISSUER=
 OPENID_SESSION_SECRET=
 OPENID_SCOPE="openid profile email"
 OPENID_CALLBACK_URL=/oauth/openid/callback
-# If LABEL and URL are left empty, then the default OpenID label and logo are used.
+
 OPENID_BUTTON_LABEL=
 OPENID_IMAGE_URL=
-# Set the expiration delay for the secure cookie with the JWT token
+#========================#
-# Recommend session expiry to be 15 minutes
+# Email Password Reset   #
-# Delay is in millisecond e.g. 7 days is 1000*60*60*24*7
+#========================#
 SESSION_EXPIRY=1000 * 60 * 15
 REFRESH_TOKEN_EXPIRY=(1000 * 60 * 60 * 24) * 7
-# Github:
+EMAIL_SERVICE=                  
-# Get the Client ID and Secret from your Discord Application
+EMAIL_HOST=                     
-# Add your Discord Client ID and Client Secret here:
+EMAIL_PORT=25                   
 EMAIL_ENCRYPTION=               
 EMAIL_ENCRYPTION_HOSTNAME=      
 EMAIL_ALLOW_SELFSIGNED=         
 EMAIL_USERNAME=                 
 EMAIL_PASSWORD=                 
 EMAIL_FROM_NAME=                
 EMAIL_FROM=noreply@librechat.ai
-GITHUB_CLIENT_ID=your_client_id
+#==================================================#
-GITHUB_CLIENT_SECRET=your_client_secret
+#                      Others                      #
-GITHUB_CALLBACK_URL=/oauth/github/callback # this should be the same for everyone
+#==================================================#
 #   You should leave the following commented out   #
-# Discord:
+# NODE_ENV=
 # Get the Client ID and Secret from your Discord Application
 # Add your Github Client ID and Client Secret here:
-DISCORD_CLIENT_ID=your_client_id
+# REDIS_URI=
-DISCORD_CLIENT_SECRET=your_client_secret
+# USE_REDIS=
 DISCORD_CALLBACK_URL=/oauth/discord/callback # this should be the same for everyone
-###########################
+# E2E_USER_EMAIL=
-# Application Domains
+# E2E_USER_PASSWORD=
 ###########################
 # Note:
 # Server = Backend
 # Client = Public (the client is the url you visit)
 # For the Google login to work in dev mode, you will need to change DOMAIN_SERVER to localhost:3090 or place it in .env.development
 DOMAIN_CLIENT=http://localhost:3080
 DOMAIN_SERVER=http://localhost:3080
 ###########################
 # Email
 ###########################
 # Email is used for password reset. Note that all either service or host, username and password and the From address must be set for email to work.
 # Do NOT set the extended connection parameters (HOST, PORT, ENCRYPTION, ENCRYPTION_HOSTNAME, ALLOW_SELFSIGNED) if using EMAIL_SERVICE.
 # Failing to set valid values here will result in LibreChat using the unsecured password reset!
 EMAIL_SERVICE=                  # eg. gmail - see https://community.nodemailer.com/2-0-0-beta/setup-smtp/well-known-services/
 EMAIL_HOST=                     # eg. example.com - if EMAIL_SERVICE is not set, connect to this server.
 EMAIL_PORT=25                   # eg. 25 - mail server port to connect to with EMAIL_HOST (usually 25, 465, 587)
 EMAIL_ENCRYPTION=               # eg. starttls - valid values: starttls (force STARTTLS), tls (obligatory TLS), anything else (use STARTTLS if available)
 EMAIL_ENCRYPTION_HOSTNAME=      # eg. example.com - check the name in the certificate against this instead of EMAIL_HOST
 EMAIL_ALLOW_SELFSIGNED=         # eg. true - valid values: true (allow self-signed), anything else (disallow self-signed)
 EMAIL_USERNAME=                 # eg. me@gmail.com - the username used for authentication. For consumer services, this MUST usually match EMAIL_FROM.
 EMAIL_PASSWORD=                 # eg. password - the password used for authentication
 EMAIL_FROM_NAME=                # eg. LibreChat - the human-readable address in the From is constructed as "EMAIL_FROM_NAME <EMAIL_FROM>". Defaults to APP_TITLE.
 EMAIL_FROM=noreply@librechat.ai # eg. noreply@librechat.ai - mail address for from field. It is REQUIRED to set a value here even in if it's not porperly working!
--- a/README.md
+++ b/README.md
@ -69,6 +69,7 @@ Keep up with the latest updates by visiting the releases page - [Releases](https
    * [Mac Install🍎](docs/install/mac_install.md)
    * [Windows Install💙](docs/install/windows_install.md)
  * Configuration
    * [.env Configuration](./docs/install/dotenv.md)
    * [APIs and Tokens](docs/install/apis_and_tokens.md)
    * [User Auth System](docs/install/user_auth_system.md)
    * [Online MongoDB Database](docs/install/mongodb.md)
--- a/docs/install/dotenv.md
+++ b/docs/install/dotenv.md
@ -0,0 +1,670 @@
 # .env File Configuration
 Welcome to the comprehensive guide for configuring your application's environment with the `.env` file. This document is your one-stop resource for understanding and customizing the environment variables that will shape your application's behavior in different contexts.
 While the default settings provide a solid foundation for a standard `docker` installation, delving into this guide will unveil the full potential of LibreChat. This guide empowers you to tailor LibreChat to your precise needs. Discover how to adjust language model availability, integrate social logins, manage the automatic moderation system, and much more. It's all about giving you the control to fine-tune LibreChat for an optimal user experience.
 ## Server Configuration
 ### Customization
 - Here you can change the app title and footer
 - Uncomment to add a custom footer.
    - Uncomment and make empty "" to remove the footer.
 ```bash
 APP_TITLE=LibreChat
 CUSTOM_FOOTER="My custom footer"
 ```
 ### Port
 - The server will listen to localhost:3080 by default. You can change the target IP as you want. If you want to make this server available externally, for example to share the server with others or expose this from a Docker container, set host to 0.0.0.0 or your external IP interface. 
 > Tips: Setting host to 0.0.0.0 means listening on all interfaces. It's not a real IP.
 - Use localhost:port rather than 0.0.0.0:port to access the server.
 ```bash
 HOST=localhost
 PORT=3080
 ```
 ### MongoDB Database
 - Change this to your MongoDB URI if different. It is recommend to append LibreChat.
 - Instruction on how to create an online MongoDB database (useful for use without docker):
    - [Online MongoDB](./mongodb.md)
 - Securely access your docker MongoDB database:
    - [Manage your database](../features/manage_your_database.md)
 ```bash
 MONGO_URI=mongodb://127.0.0.1:27018/LibreChat
 ```
 ### Application Domains
 - To use LibreChat locally, set `DOMAIN_CLIENT` and `DOMAIN_SERVER` to `http://localhost:3080` (3080 being the port previously configured)
 - When deploying LibreChat to a custom domain, set `DOMAIN_CLIENT` and `DOMAIN_SERVER` to your deployed URL, e.g. `https://librechat.example.com` 
 ```bash
 DOMAIN_CLIENT=http://localhost:3080
 DOMAIN_SERVER=http://localhost:3080
 ```
 ### Permission
 > UID and GID are numbers assigned by Linux to each user and group on the system. If you have permission problems, set here the UID and GID of the user running the docker compose command. The applications in the container will run with these uid/gid.
 ```bash
 UID=1000
 GID=1000
 ```
 ## Endpoints
 In this section you can configure the endpoints and models selection, their API keys, and the proxy and reverse proxy settings for the endpoints that support it. 
 ### General Config
 - Uncomment `ENDPOINTS` to customize the available endpoints in LibreChat
 - `PROXY` is to be used by all endpoints (leave blank by default)
 ```bash
 ENDPOINTS=openAI,azureOpenAI,bingAI,chatGPTBrowser,google,gptPlugins,anthropic
 PROXY=
 ```
 ### Anthropic
 see: [Anthropic Endpoint](./apis_and_tokens.md#anthropic-endpoint-claude)
 - You can request an access key from https://console.anthropic.com/
 - Leave `ANTHROPIC_API_KEY=` blank to disable this endpoint
 - Set `ANTHROPIC_API_KEY=` to "user_provided" to allow users to provide their own API key from the WebUI
 - If you have access to a reverse proxy for `Anthropic`, you can set it with `ANTHROPIC_REVERSE_PROXY=`
    - leave blank or comment it out to use default base url
 ```bash
 ANTHROPIC_API_KEY=user_provided
 ANTHROPIC_MODELS=claude-1,claude-instant-1,claude-2
 ANTHROPIC_REVERSE_PROXY=
 ```
 ### Azure
 see: [Azure OpenAI](./apis_and_tokens.md#azure-openai)
 - To use Azure with this project, set the following variables. These will be used to build the API URL.
 ```bash
 AZURE_API_KEY=
 AZURE_OPENAI_API_INSTANCE_NAME=
 AZURE_OPENAI_API_DEPLOYMENT_NAME=
 AZURE_OPENAI_API_VERSION=
 AZURE_OPENAI_API_COMPLETIONS_DEPLOYMENT_NAME=
 AZURE_OPENAI_API_EMBEDDINGS_DEPLOYMENT_NAME=
 ```
 > Note: As of 2023-11-10, the Azure API only allows one model per deployment,
 - Chat completion: `https://{AZURE_OPENAI_API_INSTANCE_NAME}.openai.azure.com/openai/deployments/{AZURE_OPENAI_API_DEPLOYMENT_NAME}/chat/completions?api-version={AZURE_OPENAI_API_VERSION}`
 - You should also consider changing the `OPENAI_MODELS` variable to the models available in your instance/deployment.
 > Note: `AZURE_OPENAI_API_COMPLETIONS_DEPLOYMENT_NAME` and `AZURE_OPENAI_API_EMBEDDINGS_DEPLOYMENT_NAME` are optional but might be used in the future
 - It's recommended to name your deployments after the model name, e.g. `gpt-35-turbo,` which allows for fast deployment switching and `AZURE_USE_MODEL_AS_DEPLOYMENT_NAME` **enabled**. However, you can use non-model deployment names and setting the `AZURE_OPENAI_DEFAULT_MODEL` to ensure it works as expected.
 - Identify the available models, separated by commas *without spaces*. The first will be default. Leave it blank or as is to use internal settings.
 > Note: as deployment names can't have periods, they will be removed when the endpoint is generated.
 ```bash
 AZURE_OPENAI_MODELS=gpt-3.5-turbo,gpt-4
 ```
 - This enables the use of the model name as the deployment name, e.g. "gpt-3.5-turbo" as the deployment name **(Advanced)**
 ```bash
 AZURE_USE_MODEL_AS_DEPLOYMENT_NAME=TRUE
 ```
 - To use Azure with the Plugins endpoint, you need the variables above, and uncomment the following variable:
 > Note: This may not work as expected and Azure OpenAI may not support OpenAI Functions yet
 > Omit/leave it commented to use the default OpenAI API
 ```bash 
 PLUGINS_USE_AZURE="true"
 ```
 ### BingAI
 Bing, also used for Sydney, jailbreak, and Bing Image Creator, see: [Bing Access token](./apis_and_tokens.md#bing-access-token) and [Bing Jailbreak](../features/bing_jailbreak.md)
 - Follow these instructions to get your bing access token (it's best to use the full cookie string for that purpose): [Bing Access Token](https://github.com/danny-avila/LibreChat/issues/370#issuecomment-1560382302)  
 - Leave `BINGAI_TOKEN=` blank to disable this endpoint
 - Set `BINGAI_TOKEN=` to "user_provided" to allow users to provide their own API key from the WebUI
 > Note: It is recommended to leave it as "user_provided" and provide the token from the WebUI.
 - `BINGAI_HOST` can be necessary for some people in different countries, e.g. China (https://cn.bing.com). Leave it blank or commented out to use default server.
 ```bash
 BINGAI_TOKEN=user_provided
 BINGAI_HOST=
 ```
 ### ChatGPT
 see: [ChatGPT Free Access token](./apis_and_tokens.md#chatgpt-free-access-token)
 > **Warning**: The default reverse proxy (based on [PandoraNext](https://github.com/pandora-next/deploy)) needs to be updated and is not working anymore. To use this endpoint you'll have to set up your own.
 > For more information: [https://github.com/waylaidwanderer/node-chatgpt-api#using-a-reverse-proxy](https://github.com/waylaidwanderer/node-chatgpt-api#using-a-reverse-proxy)
 ```bash
 CHATGPT_REVERSE_PROXY=<YOUR-REVERSE-PROXY>
 ```
 > Note: If you're a GPT plus user you can add gpt-4-plugins, gpt-4-code-interpreter, and gpt-4-browsing to the list above and use the models for these features; however, the view/display portion of these features are not supported, but you can use the underlying models, which have higher token context
 - Leave `CHATGPT_TOKEN=` blank to disable this endpoint
 - Set `CHATGPT_TOKEN=` to "user_provided" to allow users to provide their own API key from the WebUI
 ```bash
 CHATGPT_TOKEN=
 CHATGPT_MODELS=text-davinci-002-render-sha,gpt-4
 ```
 ### OpenAI
 - To get your OpenAI API key, you need to:
    - Go to https://platform.openai.com/account/api-keys
    - Create an account or log in with your existing one
    - Add a payment method to your account (this is not free, sorry 😬)
    - Copy your secret key (sk-...) to `OPENAI_API_KEY`
 - Leave `OPENAI_API_KEY=` blank to disable this endpoint
 - Set `OPENAI_API_KEY=` to "user_provided" to allow users to provide their own API key from the WebUI
 ```bash
 OPENAI_API_KEY=user_provided
 ```
 - Set to true to enable debug mode for the OpenAI endpoint
 ```bash
 DEBUG_OPENAI=false
 ```
 - Customize the available models, separated by commas, **without spaces**.
    - The first will be default.
    - Leave it blank or commented out to use internal settings.
 ```bash
 OPENAI_MODELS=gpt-3.5-turbo-1106,gpt-4-1106-preview,gpt-3.5-turbo,gpt-3.5-turbo-16k,gpt-3.5-turbo-0301,text-davinci-003,gpt-4,gpt-4-0314,gpt-4-0613
 ```
 - Titling is enabled by default when initiating a conversation.
    - Set to false to disable this feature.
 ```bash
 TITLE_CONVO=true
 ```
 - The default model used for titling by is gpt-3.5-turbo. You can change it by uncommenting the following and setting the desired model. **(Optional)** 
 > **Note:** Must be compatible with the OpenAI Endpoint.
 ```bash
 OPENAI_TITLE_MODEL=gpt-3.5-turbo
 ```
 - Enable message summarization by uncommenting the following **(Optional/Experimental)** 
 > **Note:** this may affect response time when a summary is being generated.
 ```bash
 OPENAI_SUMMARIZE=true
 ```
 > **Not yet implemented**: this will be a conversation option enabled by default to save users on tokens. We are using the ConversationSummaryBufferMemory method to summarize messages. To learn more about this, see this article: [https://www.pinecone.io/learn/series/langchain/langchain-conversational-memory/](https://www.pinecone.io/learn/series/langchain/langchain-conversational-memory/)
 - Reverse proxy settings for OpenAI:
    - see: [LiteLLM](./litellm.md) 
    - see also: [Free AI APIs](./free_ai_apis.md#nagaai)
 ```bash
 OPENAI_REVERSE_PROXY=
 ```
 - Sometimes when using Local LLM APIs, you may need to force the API to be called with a `prompt` payload instead of a `messages` payload; to mimic the `/v1/completions` request instead of `/v1/chat/completions`. This may be the case for LocalAI with some models. To do so, uncomment the following **(Advanced)** 
 ```bash
 OPENAI_FORCE_PROMPT=true
 ```
 ### OpenRouter
 See [OpenRouter](./free_ai_apis.md#openrouter-preferred) for more info.
 - OpenRouter is a legitimate proxy service to a multitude of LLMs, both closed and open source, including: OpenAI models, Anthropic models, Meta's Llama models, pygmalionai/mythalion-13b and many more open source models. Newer integrations are usually discounted, too!
 > Note: this overrides the OpenAI and Plugins Endpoints.
 ```bash
 OPENROUTER_API_KEY=
 ```
 ### PaLM
 Follow these instruction to setup: [Google PaLM 2](./apis_and_tokens.md#googles-palm-2)
 ```bash
 PALM_KEY=user_provided
 GOOGLE_REVERSE_PROXY=
 ```
 ### Plugins
 Here are some useful documentation about plugins:
 - [Introduction](../features/plugins/introduction.md)
 - [Make Your Own](../features/plugins/make_your_own.md)
 - [Using official ChatGPT Plugins](../features/plugins/chatgpt_plugins_openapi.md)
 #### General Configuration:
 - Identify the available models, separated by commas **without spaces**. The first model in the list will be set as default. Leave it blank or commented out to use internal settings.
 ```bash
 PLUGIN_MODELS=gpt-3.5-turbo,gpt-3.5-turbo-16k,gpt-3.5-turbo-0301,gpt-4,gpt-4-0314,gpt-4-0613
 ```
 - Set to false or comment out to disable debug mode for plugins
 ```bash
 DEBUG_PLUGINS=true
 ```
 - For securely storing credentials, you need a fixed key and IV. You can set them here for prod and dev environments.
    - You need a 32-byte key (64 characters in hex) and 16-byte IV (32 characters in hex) You can use this replit to generate some quickly: [Key Generator](https://replit.com/@daavila/crypto#index.js)
 > Warning: If you don't set them, the app will crash on startup.
 ```bash
 CREDS_KEY=f34be427ebb29de8d88c107a71546019685ed8b241d8f2ed00c3df97ad2566f0
 CREDS_IV=e2341419ec3dd3d19b13a1a87fafcbfb
 ```
 #### Azure AI Search
 This plugin supports searching Azure AI Search for answers to your questions. See: [Azure AI Search](../features/plugins/azure_ai_search.md)
 ```bash
 AZURE_AI_SEARCH_SERVICE_ENDPOINT=
 AZURE_AI_SEARCH_INDEX_NAME=
 AZURE_AI_SEARCH_API_KEY=
 AZURE_AI_SEARCH_API_VERSION=
 AZURE_AI_SEARCH_SEARCH_OPTION_QUERY_TYPE=
 AZURE_AI_SEARCH_SEARCH_OPTION_TOP=
 AZURE_AI_SEARCH_SEARCH_OPTION_SELECT=
 ```
 #### DALL-E 3:
 - OpenAI API key for DALL-E / DALL-E-3. Set to user_provided to have the user provide their own key when installing the plugin.
 ```bash
 DALLE_API_KEY=user_provided
 ```
 - For customization of the DALL-E-3 System prompt, uncomment the following, and provide your own prompt. **(Advanced)** 
    - See official prompt for reference: [DALL-E System Prompt](https://github.com/spdustin/ChatGPT-AutoExpert/blob/main/_system-prompts/dall-e.md)
 ```bash
 DALLE3_SYSTEM_PROMPT="Your System Prompt here"
 ```
 - DALL-E Proxy settings. This is separate from its OpenAI counterpart for customization purposes **(Advanced)** 
 > Reverse proxy settings, changes the baseURL for the DALL-E-3 API Calls
 > The URL must match the "url/v1," pattern, the "openai" suffix is also allowed.
 > ```
 > Examples:
 >   - https://open.ai/v1
 >   - https://open.ai/v1/ACCOUNT/GATEWAY/openai
 >   - https://open.ai/v1/hi/openai
 > ```
 ```bash
 DALLE_REVERSE_PROXY=
 ```
 > Note: if you have PROXY set, it will be used for DALL-E calls also, which is universal for the app
 #### Google Search
 See detailed instructions here: [Google Search](../features/plugins/google_search.md)
 ```bash
 GOOGLE_API_KEY=
 GOOGLE_CSE_ID=
 ```
 #### SerpAPI
 SerpApi is a real-time API to access Google search results (not as performant)
 ```bash
 SERPAPI_API_KEY=
 ```
 #### Stable Diffusion (Automatic1111)
 See detailed instructions here: [Stable Diffusion](../features/plugins/stable_diffusion.md)
 - Use "http://127.0.0.1:7860" with local install and "http://host.docker.internal:7860" for docker
 ```bash
 SD_WEBUI_URL=http://host.docker.internal:7860
 ```
 #### WolframAlpha
 See detailed instructions here: [Wolfram Alpha](../features/plugins/wolfram.md)
 ```bash
 WOLFRAM_APP_ID=
 ```
 #### Zapier
 - You need a Zapier account. Get your API key from here: [Zapier](https://nla.zapier.com/credentials/)
 - Create allowed actions - Follow step 3 in this getting start guide from Zapier
 > Note: zapier is known to be finicky with certain actions. Writing email drafts is probably the best use of it.
 ```bash
 ZAPIER_NLA_API_KEY=
 ```
 ## Search (Meilisearch)
 Enables search in messages and conversations:
 ```bash
 SEARCH=true
 ```
 > Note: If you're not using docker, it requires the installation of the free self-hosted Meilisearch or a paid remote plan
 To disable anonymized telemetry analytics for MeiliSearch for absolute privacy, set to true:
 ```bash
 MEILI_NO_ANALYTICS=true
 ```
 For the API server to connect to the search server. Replace '0.0.0.0' with 'meilisearch' if serving MeiliSearch with docker-compose.
 ```bash
 MEILI_HOST=http://0.0.0.0:7700
 ```
 MeiliSearch HTTP Address, mainly for docker-compose to expose the search server. Replace '0.0.0.0' with 'meilisearch' if serving MeiliSearch with docker-compose.
 ```bash
 MEILI_HTTP_ADDR=0.0.0.0:7700
 ```
 This master key must be at least 16 bytes, composed of valid UTF-8 characters. MeiliSearch will throw an error and refuse to launch if no master key is provided or if it is under 16 bytes. MeiliSearch will suggest a secure autogenerated master key. This is a ready made secure key for docker-compose, you can replace it with your own.
 ```bash
 MEILI_MASTER_KEY=DrhYf7zENyR6AlUCKmnz0eYASOQdl6zxH7s7MKFSfFCt
 ```
 ## User System
 This section contains the configuration for:
  - [Automated Moderation](#moderation)
  - [Balance/Token Usage](#balance)
  - [Registration and Social Logins](#registration-and-login)
  - [Email Password Reset](#email-password-reset)
 ### Moderation
 The Automated Moderation System uses a scoring mechanism to track user violations. As users commit actions like excessive logins, registrations, or messaging, they accumulate violation scores. Upon reaching a set threshold, the user and their IP are temporarily banned. This system ensures platform security by monitoring and penalizing rapid or suspicious activities.
 see: [Automated Moderation](../features/mod_system.md)
 #### Basic Moderation Settings
 - `BAN_VIOLATIONS`: Whether or not to enable banning users for violations (they will still be logged)
 - `BAN_DURATION`: How long the user and associated IP are banned for (in milliseconds)
 - `BAN_INTERVAL` The user will be banned everytime their score reaches/crosses over the interval threshold
 ```bash
 BAN_VIOLATIONS=true
 BAN_DURATION=1000 * 60 * 60 * 2
 BAN_INTERVAL=20 
 ```
 #### Score for each violation
 ```bash
 LOGIN_VIOLATION_SCORE=1
 REGISTRATION_VIOLATION_SCORE=1
 CONCURRENT_VIOLATION_SCORE=1
 MESSAGE_VIOLATION_SCORE=1
 NON_BROWSER_VIOLATION_SCORE=20
 ```
 #### Login and registration rate limiting.
 - `LOGIN_MAX`: The max amount of logins allowed per IP per `LOGIN_WINDOW`
 - `LOGIN_WINDOW`: In minutes, determines the window of time for `LOGIN_MAX` logins
 - `REGISTER_MAX`: The max amount of registrations allowed per IP per `REGISTER_WINDOW`
 - `REGISTER_WINDOW`: In minutes, determines the window of time for `REGISTER_MAX` registrations
 ```bash
 LOGIN_MAX=7
 LOGIN_WINDOW=5
 REGISTER_MAX=5
 REGISTER_WINDOW=60
 ```
 #### Message rate limiting (per user & IP)
 - `LIMIT_CONCURRENT_MESSAGES`: Whether to limit the amount of messages a user can send per request
 - `CONCURRENT_MESSAGE_MAX`: The max amount of messages a user can send per request
 ```bash
 LIMIT_CONCURRENT_MESSAGES=true
 CONCURRENT_MESSAGE_MAX=2
 ```
 #### Limiters
 > Note: You can utilize both limiters, but default is to limit by IP only.
 - **IP Limiter:**
 - `LIMIT_MESSAGE_IP`: Whether to limit the amount of messages an IP can send per `MESSAGE_IP_WINDOW`
 - `MESSAGE_IP_MAX`: The max amount of messages an IP can send per `MESSAGE_IP_WINDOW`
 - `MESSAGE_IP_WINDOW`: In minutes, determines the window of time for `MESSAGE_IP_MAX` messages
 ```bash
 LIMIT_MESSAGE_IP=true
 MESSAGE_IP_MAX=40
 MESSAGE_IP_WINDOW=1
 ```
 - **User Limiter:**
 - `LIMIT_MESSAGE_USER`: Whether to limit the amount of messages an IP can send per `MESSAGE_USER_WINDOW`
 - `MESSAGE_USER_MAX`: The max amount of messages an IP can send per `MESSAGE_USER_WINDOW`
 - `MESSAGE_USER_WINDOW`: In minutes, determines the window of time for `MESSAGE_USER_MAX` messages
 ```bash
 LIMIT_MESSAGE_USER=false
 MESSAGE_USER_MAX=40
 MESSAGE_USER_WINDOW=1
 ```
 ### Balance
 The following enables user balances for the OpenAI/Plugins endpoints, which you can add manually or you will need to build out a balance accruing system for users.
 see: [Token Usage](../features/token_usage.md)
 - To manually add balances, run the following command:`npm run add-balance`
  - You can also specify the email and token credit amount to add, e.g.:`npm run add-balance example@example.com 1000`
 > **Note:** 1000 credits = $0.001 (1 mill USD)
 - Set to `true` to enable token credit balances for the OpenAI/Plugins endpoints
 ```bash
 CHECK_BALANCE=false
 ```
 ### Registration and Login
 see: [User/Auth System](../install/user_auth_system.md)
 - General Settings: 
    - `ALLOW_REGISTRATION`: Email registration of new users. Set to `true` or `false` to enable or disable Email registration.
    - `ALLOW_SOCIAL_LOGIN`: Allow users to connect to LibreChat with various social networks, see below. Set to `true` or `false` to enable or disable.
    - `ALLOW_SOCIAL_REGISTRATION`: Enable or disable registration of new user using various social network. Set to `true` or `false` to enable or disable.
 > **Quick Tip:** Even with registration disabled, add users directly to the database using `npm run create-user`.
 ```bash
 ALLOW_REGISTRATION=true       
 ALLOW_SOCIAL_LOGIN=false
 ALLOW_SOCIAL_REGISTRATION=false
 ```
 - Default values: session expiry: 15 minutes, refresh token expiry: 7 days
  - For more information: [Refresh Token](https://github.com/danny-avila/LibreChat/pull/927)
 ```bash
 SESSION_EXPIRY=1000 * 60 * 15
 REFRESH_TOKEN_EXPIRY=(1000 * 60 * 60 * 24) * 7
 ```
 - You should use new secure values. The examples given are 32-byte keys (64 characters in hex). 
  - Use this replit to generate some quickly: [JWT Keys](https://replit.com/@daavila/crypto#index.js)
 ```bash
 JWT_SECRET=16f8c0ef4a5d391b26034086c628469d3f9f497f08163ab9b40137092f2909ef
 JWT_REFRESH_SECRET=eaa5191f2914e30b9387fd84e254e4ba6fc51b4654968a9b0803b456a54b8418
 ```
 ### Social Logins
 #### [Discord](../install/user_auth_system.md#discord-authentication)
 for more information: [Discord](../install/user_auth_system.md#discord-authentication)
 ```bash
 # Discord
 DISCORD_CLIENT_ID=your_client_id
 DISCORD_CLIENT_SECRET=your_client_secret
 DISCORD_CALLBACK_URL=/oauth/discord/callback
 ```
 #### [Facebook](../install/user_auth_system.md#facebook-authentication)
 for more information: [Facebook](../install/user_auth_system.md#facebook-authentication)
 ```bash
 # Facebook
 FACEBOOK_CLIENT_ID=
 FACEBOOK_CLIENT_SECRET=
 FACEBOOK_CALLBACK_URL=/oauth/facebook/callback
 ```
 #### [GitHub](../install/user_auth_system.md#github-authentication)
 for more information: [GitHub](../install/user_auth_system.md#github-authentication)
 ```bash
 # GitHub
 GITHUB_CLIENT_ID=your_client_id
 GITHUB_CLIENT_SECRET=your_client_secret
 GITHUB_CALLBACK_URL=/oauth/github/callback
 ```
 #### [Google](../install/user_auth_system.md#google-authentication)
 for more information: [Google](../install/user_auth_system.md#google-authentication)
 ```bash
 # Google
 GOOGLE_CLIENT_ID=
 GOOGLE_CLIENT_SECRET=
 GOOGLE_CALLBACK_URL=/oauth/google/callback
 ```
 #### [OpenID](../install/user_auth_system.md#openid-authentication-with-azure-ad)
 for more information: [Azure OpenID](../install/user_auth_system.md#openid-authentication-with-azure-ad) or [AWS Cognito OpenID](../install/user_auth_system.md#openid-authentication-with-aws-cognito)
 ```bash
 # OpenID
 OPENID_CLIENT_ID=
 OPENID_CLIENT_SECRET=
 OPENID_ISSUER=
 OPENID_SESSION_SECRET=
 OPENID_SCOPE="openid profile email"
 OPENID_CALLBACK_URL=/oauth/openid/callback
 OPENID_BUTTON_LABEL=
 OPENID_IMAGE_URL=
 ```
 ### Email Password Reset
 Email is used for password reset. See: [Email Password Reset](../install/user_auth_system.md#email-and-password-reset)
 - Note that all either service or host, username and password and the From address must be set for email to work.
 > If using `EMAIL_SERVICE`, **do NOT** set the extended connection parameters:
 > 
 > `HOST`, `PORT`, `ENCRYPTION`, `ENCRYPTION_HOSTNAME`, `ALLOW_SELFSIGNED`
 > 
 > Failing to set valid values here will result in LibreChat using the unsecured password reset!
 See: [nodemailer well-known-services](https://community.nodemailer.com/2-0-0-beta/setup-smtp/well-known-services/)
 ```bash
 EMAIL_SERVICE=
 ```
 If `EMAIL_SERVICE` is not set, connect to this server:
 ```bash
 EMAIL_HOST=
 ```
 Mail server port to connect to with EMAIL_HOST (usually 25, 465, 587, 2525):
 ```bash
 EMAIL_PORT=25
 ```
 Encryption valid values: `starttls` (force STARTTLS), `tls` (obligatory TLS), anything else (use STARTTLS if available):
 ```bash
 EMAIL_ENCRYPTION=
 ```
 Check the name in the certificate against this instead of `EMAIL_HOST`:
 ```bash
 EMAIL_ENCRYPTION_HOSTNAME=
 ```
 Set to true to allow self-signed, anything else will disallow self-signed:
 ```bash
 EMAIL_ALLOW_SELFSIGNED=
 ```
 Username used for authentication. For consumer services, this MUST usually match EMAIL_FROM:
 ```bash
 EMAIL_USERNAME=
 ```
 Password used for authentication:
 ```bash
 EMAIL_PASSWORD=
 ```
 The human-readable address in the From is constructed as `EMAIL_FROM_NAME <EMAIL_FROM>`. Defaults to `APP_TITLE`:
 ```bash
 EMAIL_FROM_NAME=
 ```
 Mail address for from field. It is **REQUIRED** to set a value here (even if it's not porperly working):
 ```bash
 EMAIL_FROM=noreply@librechat.ai 
 ```
--- a/mkdocs.yml
+++ b/mkdocs.yml
@ -88,6 +88,7 @@ nav:
        - Mac Install: 'install/mac_install.md'
        - Windows Install: 'install/windows_install.md'
    - Configuration:
        - .env Configuration: 'install/dotenv.md'
        - Free AI APIs: 'install/free_ai_apis.md'
        - APIs and Tokens: 'install/apis_and_tokens.md'
        - User Auth System: 'install/user_auth_system.md'