Configuration

All products are configured via environment variables. The installer generates a .env file with secure defaults.

Environment Variables

LLM Settings

Variable	Default	Description
LLM_PROVIDER	claude	LLM provider: claude, openai, or ollama
LLM_MODEL	claude-sonnet-4-20250514	Model name
LLM_FALLBACK_PROVIDER	openai	Automatic fallback if primary fails
LLM_FALLBACK_MODEL	gpt-4o	Fallback model
ANTHROPIC_API_KEY	—	Anthropic API key (required for Claude)
OPENAI_API_KEY	—	OpenAI API key (required for OpenAI)
OLLAMA_BASE_URL	http://host.docker.internal:11434	Ollama server URL

Security

Variable	Default	Description
JWT_SECRET	—	Required. Minimum 32 characters. Auto-generated by installer.
ENCRYPTION_KEY	—	Required. Base64-encoded 256-bit key for AES-256-GCM. Auto-generated by installer.

Never commit .env to version control

The .env file contains secrets. It is already in .gitignore. Never share it via email, Slack, or any unencrypted channel.

Operational

Variable	Default	Description
HAAGSMAN_RATE_LIMIT	60/minute	API rate limit per user/key
HAAGSMAN_MAX_UPLOAD_SIZE_MB	50	Maximum file upload size
HAAGSMAN_DATA_RETENTION_DAYS	365	Days before data auto-deletion (GDPR)
HAAGSMAN_LOG_LEVEL	INFO	Logging verbosity: DEBUG, INFO, WARNING, ERROR
HAAGSMAN_CORS_ORIGINS	["http://localhost:3000"]	Allowed CORS origins (JSON array)
HAAGSMAN_ENVIRONMENT	production	Environment: development, staging, production

Per-Product

Variable	Product	Description
HAAGSMAN_CHATBOT_PERSONA	FAQ Chatbot	Chatbot personality description
HAAGSMAN_CHROMA_PATH	Document Search, FAQ Chatbot	Vector database storage path

Changing configuration

# Edit the .env file
nano .env

# Restart affected products
docker compose restart document-search

# Or restart everything
docker compose restart

Generating new secrets

If you need to rotate secrets:

# New JWT secret
python3 -c "import secrets; print(secrets.token_urlsafe(48))"

# New encryption key
python3 -c "import secrets,base64; print(base64.b64encode(secrets.token_bytes(32)).decode())"

Rotating the encryption key

Changing the encryption key will make previously encrypted data unreadable. Export data first, rotate the key, then re-import.

Provider-specific configuration

Claude (Anthropic)OpenAIOllama (air-gapped)

LLM_PROVIDER=claude
LLM_MODEL=claude-sonnet-4-20250514
ANTHROPIC_API_KEY=sk-ant-your-key-here

LLM_PROVIDER=openai
LLM_MODEL=gpt-4o
OPENAI_API_KEY=sk-your-key-here

LLM_PROVIDER=ollama
LLM_MODEL=llama3
OLLAMA_BASE_URL=http://host.docker.internal:11434
# No API keys needed — everything runs locally