Configuration
PondPilot Proxy is configured through YAML files and environment variables. Environment variables take precedence over YAML configuration.
Configuration Precedence
Section titled “Configuration Precedence”Environment Variables (highest priority) │ ▼ YAML Config File │ ▼ Default Values (lowest priority)Complete Configuration Reference
Section titled “Complete Configuration Reference”# Server configurationserver: port: 8080 # HTTP server port grpc_port: 8081 # gRPC (Flight SQL) port host: "0.0.0.0" # Listen address
# Container orchestrationcontainers: image: "ghcr.io/pondpilot/sqlflite:latest" # SQLFlite container image idle_timeout: 5m # Stop containers after this idle period memory_limit: "512m" # Memory limit per container cpu_limit: 0.5 # CPU limit per container (0.5 = half a core) max_per_host: 100 # Maximum containers per host network: "pondpilot" # Docker network name
# DuckDB configurationduckdb: extensions: # Extensions to load in containers - arrow - postgres - mysql attached_databases: # Pre-attached databases (see below) - alias: "mydb" type: "postgres" connection_string: "${DATABASE_URL}"
# Security configurationsecurity: rate_limit: requests_per_minute: 100 # Rate limit per user burst_size: 200 # Burst allowance
# AI integrationai: claude_api_key: "${CLAUDE_API_KEY}" openai_api_key: "${OPENAI_API_KEY}" default_model: "claude-sonnet-4-20250514"Environment Variables
Section titled “Environment Variables”Required Variables
Section titled “Required Variables”| Variable | Description |
|---|---|
JWT_SECRET | JWT signing secret (minimum 32 characters) |
Server Configuration
Section titled “Server Configuration”| Variable | Description | Default |
|---|---|---|
PORT | HTTP server port | 8080 |
GRPC_PORT | gRPC server port | 8081 |
HOST | Listen address | 0.0.0.0 |
Container Configuration
Section titled “Container Configuration”| Variable | Description | Default |
|---|---|---|
CONTAINER_IMAGE | SQLFlite container image | ghcr.io/pondpilot/sqlflite:latest |
CONTAINER_IDLE_TIMEOUT | Idle timeout in milliseconds | 300000 (5 min) |
CONTAINER_MEMORY_LIMIT | Memory limit per container | 512m |
CONTAINER_CPU_LIMIT | CPU limit per container | 0.5 |
CONTAINER_MAX_PER_HOST | Maximum containers | 100 |
CONTAINER_NETWORK | Docker network name | bridge |
AI Configuration
Section titled “AI Configuration”| Variable | Description | Default |
|---|---|---|
CLAUDE_API_KEY | Anthropic API key | — |
OPENAI_API_KEY | OpenAI API key | — |
AI_DEFAULT_MODEL | Default AI model | claude-sonnet-4-20250514 |
Pre-Attached Databases
Section titled “Pre-Attached Databases”Configure databases to attach automatically when user containers start.
duckdb: attached_databases: # PostgreSQL - alias: "analytics" type: "postgres" connection_string: "postgresql://user:pass@host:5432/analytics"
# MySQL - alias: "customers" type: "mysql" connection_string: "mysql://user:pass@host:3306/customers"
# SQLite - alias: "local" type: "sqlite" connection_string: "/data/local.db"Database Types
Section titled “Database Types”| Type | Aliases | Notes |
|---|---|---|
postgres | postgresql | PostgreSQL and compatible databases |
mysql | — | MySQL and MariaDB |
sqlite | — | SQLite files |
Connection String Formats
Section titled “Connection String Formats”PostgreSQL:
postgresql://user:password@host:port/databasepostgresql://user:password@host:port/database?sslmode=requireMySQL:
mysql://user:password@host:port/databaseSQLite:
/absolute/path/to/database.dbEnvironment Variable Substitution
Section titled “Environment Variable Substitution”Connection strings support environment variable substitution:
attached_databases: - alias: "prod" type: "postgres" connection_string: "${DATABASE_URL}"JWT Authentication
Section titled “JWT Authentication”All requests require JWT authentication. The JWT must include a sub claim identifying the user.
JWT Requirements
Section titled “JWT Requirements”| Claim | Required | Description |
|---|---|---|
sub | Yes | User identifier (used for container isolation) |
exp | Yes | Expiration timestamp |
iat | No | Issued-at timestamp |
JWT Secret
Section titled “JWT Secret”The JWT_SECRET must be at least 32 characters:
# Generate a secure secretopenssl rand -base64 32Demo Tokens
Section titled “Demo Tokens”For testing, the proxy can issue demo tokens:
curl -X POST http://localhost:8080/auth/demo-tokenDemo tokens have:
- Short expiration (1 hour)
- Stricter rate limits
- Restricted features
Rate Limiting
Section titled “Rate Limiting”Configure per-user rate limits:
security: rate_limit: requests_per_minute: 100 # Sustained rate burst_size: 200 # Temporary burst allowanceRate limits apply per-user (identified by JWT sub claim).
Container Resource Limits
Section titled “Container Resource Limits”Control resource usage per container:
containers: memory_limit: "512m" # Memory limit cpu_limit: 0.5 # CPU cores (0.5 = half core)Memory Limit Format
Section titled “Memory Limit Format”256m— 256 megabytes1g— 1 gigabyte2g— 2 gigabytes
CPU Limit
Section titled “CPU Limit”Fractional values allowed:
0.5— Half a CPU core1.0— One full core2.0— Two cores
Container Security
Section titled “Container Security”Containers run with hardened security settings:
| Setting | Value | Purpose |
|---|---|---|
| User | UID 1000 | Non-root execution |
| Capabilities | All dropped | Minimal privileges |
| no-new-privileges | Enabled | Prevent privilege escalation |
Idle Container Management
Section titled “Idle Container Management”The proxy automatically manages container lifecycle:
containers: idle_timeout: 5m # Stop after 5 minutes idle max_per_host: 100 # Maximum concurrent containersHow Idle Reaping Works
Section titled “How Idle Reaping Works”- Background reaper runs every minute
- Checks each container’s last-used timestamp
- Stops containers idle longer than
idle_timeout - Containers respawn on next request
Performance Impact
Section titled “Performance Impact”| Scenario | Latency |
|---|---|
| Container cached | ~10-50ms |
| Container respawn | ~2-5 seconds |
Set longer idle timeouts for frequently-used systems to avoid respawn latency.
Health Endpoints
Section titled “Health Endpoints”| Endpoint | Purpose |
|---|---|
GET /health | Basic health check |
GET /ready | Readiness probe (for k8s) |
GET /health/detailed | Detailed component status |
Example Configurations
Section titled “Example Configurations”Development
Section titled “Development”server: port: 8080 grpc_port: 8081
containers: idle_timeout: 30m # Longer timeout for dev memory_limit: "1g"
duckdb: attached_databases: - alias: "dev" type: "postgres" connection_string: "postgresql://postgres:postgres@localhost:5432/dev"Production
Section titled “Production”server: port: 8080 grpc_port: 8081
containers: image: "ghcr.io/pondpilot/sqlflite:v1.2.3" # Pin version idle_timeout: 5m memory_limit: "512m" cpu_limit: 0.5 max_per_host: 50
security: rate_limit: requests_per_minute: 60 burst_size: 100
duckdb: attached_databases: - alias: "prod" type: "postgres" connection_string: "${DATABASE_URL}"