Calendars Environment Variables
.env File
# Django
DJANGO_CONFIGURATION=Production
DJANGO_SECRET_KEY=<generate-50-char-random>
DJANGO_ALLOWED_HOSTS=calendars.<domain>,api.calendars.<domain>,backend,caldav,172.29.0.30,localhost,127.0.0.1
DJANGO_SETTINGS_MODULE=calendars.settings
PYTHONPATH=/app
APP_URL=https://calendars.<domain>
# Database (shared Messages PostgreSQL)
DB_HOST=postgresql
DB_NAME=calendars
DB_USER=messages
DB_PASSWORD=<db-password>
DB_PORT=5432
# Redis (shared Messages Redis)
REDIS_URL=redis://redis:6379
CELERY_BROKER_URL=redis://redis:6379
# OIDC (Messages Keycloak — calendars realm)
OIDC_OP_JWKS_ENDPOINT=https://auth.messages.<domain>/realms/calendars/protocol/openid-connect/certs
OIDC_OP_AUTHORIZATION_ENDPOINT=https://auth.messages.<domain>/realms/calendars/protocol/openid-connect/auth
OIDC_OP_TOKEN_ENDPOINT=https://auth.messages.<domain>/realms/calendars/protocol/openid-connect/token
OIDC_OP_USER_ENDPOINT=https://auth.messages.<domain>/realms/calendars/protocol/openid-connect/userinfo
OIDC_OP_LOGOUT_ENDPOINT=https://auth.messages.<domain>/realms/calendars/protocol/openid-connect/logout
OIDC_RP_CLIENT_ID=calendars
OIDC_RP_CLIENT_SECRET=<oidc-client-secret>
OIDC_RP_SIGN_ALGO=RS256
OIDC_RP_SCOPES=openid email
OIDC_CREATE_USER=True
OIDC_REDIRECT_ALLOWED_HOSTS=["https://auth.messages.<domain>","https://calendars.<domain>"]
OIDC_AUTH_REQUEST_EXTRA_PARAMS={}
OIDC_STORE_ID_TOKEN=True
OIDC_FALLBACK_TO_EMAIL_FOR_IDENTIFICATION=True
OIDC_REDIRECT_REQUIRE_HTTPS=True
# Login redirects
LOGIN_REDIRECT_URL=https://calendars.<domain>
LOGIN_REDIRECT_URL_FAILURE=https://calendars.<domain>
LOGOUT_REDIRECT_URL=https://calendars.<domain>
ALLOW_LOGOUT_GET_METHOD=True
# Security
CSRF_TRUSTED_ORIGINS=["https://calendars.<domain>","https://api.calendars.<domain>"]
CORS_ALLOW_ALL_ORIGINS=False
CORS_ALLOWED_ORIGINS=["https://calendars.<domain>"]
# CalDAV Server
CALDAV_URL=http://caldav:80
CALDAV_OUTBOUND_API_KEY=<caldav-api-key>
CALDAV_INBOUND_API_KEY=<caldav-api-key>
CALDAV_INTERNAL_API_KEY=<caldav-api-key>
# Email (Brevo relay)
EMAIL_HOST=smtp-relay.brevo.com
EMAIL_PORT=587
EMAIL_HOST_USER=<brevo-username>
EMAIL_HOST_PASSWORD=<brevo-password>
EMAIL_USE_TLS=True
CALENDAR_INVITATION_FROM_EMAIL=noreply@<domain>
DEFAULT_FROM_EMAIL=noreply@<domain>
# Messages Integration
FEATURE_MESSAGES_INTEGRATION=True
MESSAGES_API_URL=https://api.messages.<domain>
MESSAGES_API_KEY=<server-to-server-token>
MESSAGES_CHANNEL_ID=<messages-channel-uuid>
# Frontend
NEXT_PUBLIC_API_ORIGIN=https://api.calendars.<domain>
NEXT_TELEMETRY_DISABLED=1
FRONTEND_THEME=default
FRONTEND_SILENT_LOGIN_ENABLED=False
MESSAGES_FRONTEND_BACKEND_SERVER=172.29.0.30:8000
# Static files
STORAGES_STATICFILES_BACKEND=django.contrib.staticfiles.storage.StaticFilesStorage
# Logging
LOGGING_LEVEL_HANDLERS_CONSOLE=INFO
LOGGING_LEVEL_LOGGERS_ROOT=INFO
LOGGING_LEVEL_LOGGERS_APP=INFO
Critical Settings
| Variable |
Why it matters |
DJANGO_ALLOWED_HOSTS |
Must include calendars.<domain>, 172.29.0.30, caldav |
APP_URL |
Used to generate RSVP links in invitation emails |
CALDAV_CALLBACK_BASE_URL |
Uses static IP to avoid DNS conflict with Messages backend |
FEATURE_MESSAGES_INTEGRATION |
Enables Messages mailbox integration in calendar creation |
MESSAGES_API_URL |
Without trailing /api/v1.0/ — the service appends it |
FRONTEND_SILENT_LOGIN_ENABLED=False |
Calendars frontend doesn't use this — leave off (causes redirect loops) |