# Unraid MCP Server Configuration # ================================= # Core API Configuration (Required) # --------------------------------- UNRAID_API_URL=https://your-unraid-server-url/graphql UNRAID_API_KEY=your_unraid_api_key # MCP Server Settings # ------------------- UNRAID_MCP_TRANSPORT=streamable-http # Options: streamable-http (recommended), sse (deprecated), stdio UNRAID_MCP_HOST=0.0.0.0 UNRAID_MCP_PORT=6970 # Logging Configuration # --------------------- UNRAID_MCP_LOG_LEVEL=INFO # Options: DEBUG, INFO, WARNING, ERROR UNRAID_MCP_LOG_FILE=unraid-mcp.log # Log file name (saved to logs/ directory) # SSL/TLS Configuration # -------------------- # Set to 'false' or '0' to disable SSL verification (e.g., for self-signed certificates) # Set to 'true' or '1' to enable SSL verification (default) # Set to a file path to use a custom CA bundle UNRAID_VERIFY_SSL=true # Real-time Subscription Configuration # ------------------------------------ # Enable automatic subscription startup (true/false) UNRAID_AUTO_START_SUBSCRIPTIONS=true # Maximum WebSocket reconnection attempts (numeric) UNRAID_MAX_RECONNECT_ATTEMPTS=10 # Optional: Custom log file path for subscription auto-start diagnostics # Defaults to standard log if not specified # UNRAID_AUTOSTART_LOG_PATH=/custom/path/to/autostart.log # Google OAuth Protection (Optional) # ----------------------------------- # Protects the MCP HTTP server — clients must authenticate with Google before calling tools. # Requires streamable-http or sse transport (not stdio). # # Setup: # 1. Google Cloud Console → APIs & Services → Credentials # 2. Create OAuth 2.0 Client ID (Web application) # 3. Authorized redirect URIs: /auth/callback # 4. Copy Client ID and Client Secret below # # UNRAID_MCP_BASE_URL: Public URL clients use to reach THIS server (for redirect URIs). # Examples: # http://10.1.0.2:6970 (LAN) # http://100.x.x.x:6970 (Tailscale) # https://mcp.yourdomain.com (reverse proxy) # # UNRAID_MCP_JWT_SIGNING_KEY: Stable secret for signing FastMCP JWT tokens. # Generate once: python3 -c "import secrets; print(secrets.token_hex(32))" # NEVER change after first use — all client sessions will be invalidated. # # Leave GOOGLE_CLIENT_ID empty to disable OAuth (server runs unprotected). # GOOGLE_CLIENT_ID= # GOOGLE_CLIENT_SECRET= # UNRAID_MCP_BASE_URL=http://10.1.0.2:6970 # UNRAID_MCP_JWT_SIGNING_KEY= # API Key Authentication (Optional) # ----------------------------------- # Alternative to Google OAuth — clients present this key as a bearer token: # Authorization: Bearer # # Can be the same value as UNRAID_API_KEY (reuse your Unraid key), or a # separate dedicated secret. Set both GOOGLE_CLIENT_ID and UNRAID_MCP_API_KEY # to accept either auth method (MultiAuth). # # Leave empty to disable API key auth. # UNRAID_MCP_API_KEY=