Environment Variables

All backend configuration is done via environment variables. The backend reads from a .env file in the working directory or from the system environment.

Core

Variable Default Description
APP_ENV development Environment name. Set to production in prod.
DATABASE_URL sqlite:///./xinference_saas.db SQLAlchemy database URL
DATABASE_AUTO_CREATE_SCHEMA false Auto-create DB tables on startup (dev only)

Auth & Sessions

Variable Default Description
SESSION_COOKIE_SECURE false Require HTTPS for session cookies. Must be true in production.
SESSION_COOKIE_SAMESITE lax Cookie SameSite policy: lax, strict, or none
SESSION_COOKIE_MAX_AGE 604800 Cookie TTL in seconds (default: 7 days)
SESSION_EXPIRE_MINUTES 10080 Session expiry in minutes (default: 7 days)
SESSION_COOKIE_NAME auto Override the session cookie name

Warning

SESSION_COOKIE_SAMESITE=none requires SESSION_COOKIE_SECURE=true. The backend validates this combination on startup and will refuse to start with an unsafe configuration.

CORS

Variable Default Description
CORS_ALLOW_ORIGINS `` (empty) Comma-separated list of allowed origins
XINFERENCE_FRONTEND_URL / URL of the frontend. Must be included in CORS_ALLOW_ORIGINS.

Same-site example (app.example.com + api.example.com):

CORS_ALLOW_ORIGINS=https://app.example.com
XINFERENCE_FRONTEND_URL=https://app.example.com
SESSION_COOKIE_SECURE=true
SESSION_COOKIE_SAMESITE=lax

Cross-site example (app.example.com + api.other-domain.com):

CORS_ALLOW_ORIGINS=https://app.example.com
XINFERENCE_FRONTEND_URL=https://app.example.com
SESSION_COOKIE_SECURE=true
SESSION_COOKIE_SAMESITE=none

Google SSO

Variable Description
GOOGLE_OIDC_CLIENT_ID Google OAuth client ID
GOOGLE_OIDC_CLIENT_SECRET Google OAuth client secret
GOOGLE_OIDC_REDIRECT_URI OAuth callback URL (must match Google Console)

AWS

Variable Default Description
XINFERENCE_SAAS_CLOUD_PROVIDER fake Set to aws for real provisioning
XINFERENCE_SAAS_AWS_REGION AWS region (e.g. us-east-1)
XINFERENCE_SAAS_AWS_AMI_ID AMI ID with Xinference pre-installed
XINFERENCE_SAAS_AWS_SUBNET_ID Subnet ID for EC2 instances
XINFERENCE_SAAS_AWS_SECURITY_GROUP_IDS Comma-separated security group IDs
XINFERENCE_SAAS_AWS_IAM_INSTANCE_PROFILE_NAME IAM instance profile for workers
XINFERENCE_SAAS_AWS_KEY_NAME EC2 key pair name (optional, for SSH access)
XINFERENCE_SAAS_AWS_ASSOCIATE_PUBLIC_IP false Assign public IPs (for testing outside VPC)

Xinference Worker

Variable Default Description
XINFERENCE_SAAS_XINFERENCE_CLIENT fake Set to real for real Xinference calls
XINFERENCE_SAAS_XINFERENCE_READY_TIMEOUT_SECONDS 600 Max wait for model to load
XINFERENCE_SAAS_XINFERENCE_TIMEOUT_SECONDS 30 Per-request HTTP timeout
XINFERENCE_SAAS_XINFERENCE_IMAGE xprobe/xinference:latest Docker image for Xinference
XINFERENCE_SAAS_XINFERENCE_API_KEY API key for Xinference server

Cluster Behavior

Variable Default Description
XINFERENCE_SAAS_CLUSTER_IDLE_TTL_SECONDS 900 Seconds of inactivity before auto-termination (default: 15 min)
XINFERENCE_SAAS_SUPERVISOR_ENDPOINT_HOST private Use private (VPC) or public IP for supervisor
XINFERENCE_SAAS_AWS_SUPERVISOR_INSTANCE_TYPE t3.small Instance type for cluster supervisor node
XINFERENCE_SAAS_RECONCILER_ENABLED false Enable background reconciler loop
XINFERENCE_SAAS_RECONCILER_INTERVAL_SECONDS 60 How often the reconciler runs

Billing & Stripe

Billing is backed by Stripe. Configure the following to enable subscriptions, payment methods, invoices, and webhooks.

Variable Description
STRIPE_SECRET_KEY Stripe API secret key
STRIPE_PUBLISHABLE_KEY Stripe publishable key (returned by GET /v1/billing/config)
STRIPE_WEBHOOK_SECRET Secret used to verify Stripe webhook signatures (POST /v1/billing/webhook)
STRIPE_DEFAULT_COLLECTION_METHOD Default subscription collection method (charge_automatically or send_invoice)
STRIPE_CHECKOUT_SESSION_CURRENCY Currency used for Stripe Checkout sessions
STRIPE_BILLING_PORTAL_RETURN_PATH Return path after the Stripe customer portal
STRIPE_SUBSCRIPTION_PAYMENT_BEHAVIOR Stripe subscription payment behavior
STRIPE_SUBSCRIPTION_DAYS_UNTIL_DUE Days until an invoice is due (for send_invoice)
BILLING_STRIPE_CATALOG_NAMESPACE Namespace for the Stripe billing catalog
BILLING_SEED_DEFAULT_PRICE_PLAN Seed the aws-ondemand-default price plan on startup only when no active default plan exists

Email

Variable Description
SMTP_HOST SMTP server hostname
SMTP_PORT SMTP port (typically 587 or 465)
SMTP_USERNAME SMTP username
SMTP_PASSWORD SMTP password
SMTP_USE_TLS / SMTP_USE_SSL Transport security toggles
EMAIL_FROM Sender address for transactional emails
INVITATION_EMAIL_FROM / INVITATION_EMAIL_REPLY_TO Sender and reply-to addresses for invitation emails

Leave SMTP_HOST empty to skip email delivery. Password-reset abuse controls (PASSWORD_RESET_EMAIL_COOLDOWN_SECONDS, PASSWORD_RESET_IP_WINDOW_SECONDS, PASSWORD_RESET_IP_MAX_REQUESTS) are also configurable.