diff --git a/app/constants.php b/app/constants.php
index 326ff4019..5db67aa62 100644
--- a/app/constants.php
+++ b/app/constants.php
@@ -7,154 +7,154 @@ define('ROOT_DIR', __DIR__.DIRECTORY_SEPARATOR.'..');
 define('APP_DIR', __DIR__);
 
 // Data directory location
-defined('DATA_DIR') or define('DATA_DIR', ROOT_DIR.DIRECTORY_SEPARATOR.'data');
+defined('DATA_DIR') or define('DATA_DIR', getenv('DATA_DIR') ?: ROOT_DIR.DIRECTORY_SEPARATOR.'data');
 
 // Files directory (attachments)
-defined('FILES_DIR') or define('FILES_DIR', DATA_DIR.DIRECTORY_SEPARATOR.'files');
+defined('FILES_DIR') or define('FILES_DIR', getenv('FILES_DIR') ?: DATA_DIR.DIRECTORY_SEPARATOR.'files');
 
 // Available cache drivers are "file" and "memory"
-defined('CACHE_DRIVER') or define('CACHE_DRIVER', 'memory');
+defined('CACHE_DRIVER') or define('CACHE_DRIVER', getenv('CACHE_DRIVER') ?: 'memory');
 
 // Cache folder (file driver)
-defined('CACHE_DIR') or define('CACHE_DIR', DATA_DIR.DIRECTORY_SEPARATOR.'cache');
+defined('CACHE_DIR') or define('CACHE_DIR', getenv('CACHE_DIR') ?: DATA_DIR.DIRECTORY_SEPARATOR.'cache');
 
 // Plugins settings
-defined('PLUGINS_DIR') or define('PLUGINS_DIR', ROOT_DIR.DIRECTORY_SEPARATOR.'plugins');
-defined('PLUGIN_API_URL') or define('PLUGIN_API_URL', 'https://kanboard.org/plugins.json');
-defined('PLUGIN_INSTALLER') or define('PLUGIN_INSTALLER', false); // Disabled by default for security reasons
+defined('PLUGINS_DIR') or define('PLUGINS_DIR', getenv('PLUGINS_DIR') ?: ROOT_DIR.DIRECTORY_SEPARATOR.'plugins');
+defined('PLUGIN_API_URL') or define('PLUGIN_API_URL', getenv('PLUGIN_API_URL') ?: 'https://kanboard.org/plugins.json');
+defined('PLUGIN_INSTALLER') or define('PLUGIN_INSTALLER', strtolower(getenv('PLUGIN_INSTALLER')) === 'true'); // Disabled by default for security reasons
 
 // Enable/disable debug
 defined('DEBUG') or define('DEBUG', strtolower(getenv('DEBUG')) === 'true');
 
 // Logging drivers: syslog, stdout, stderr, system or file
-defined('LOG_DRIVER') or define('LOG_DRIVER', 'system');
+defined('LOG_DRIVER') or define('LOG_DRIVER', getenv('LOG_DRIVER') ?: 'system');
 
 // Logging file
-defined('LOG_FILE') or define('LOG_FILE', DATA_DIR.DIRECTORY_SEPARATOR.'debug.log');
+defined('LOG_FILE') or define('LOG_FILE', getenv('LOG_FILE') ?: DATA_DIR.DIRECTORY_SEPARATOR.'debug.log');
 
 // Application version
-defined('APP_VERSION') or define('APP_VERSION', build_app_version('$Format:%d$', '$Format:%H$'));
+defined('APP_VERSION') or define('APP_VERSION', getenv('APP_VERSION') ?: build_app_version('$Format:%d$', '$Format:%H$'));
 
 // Run automatically database migrations
-defined('DB_RUN_MIGRATIONS') or define('DB_RUN_MIGRATIONS', true);
+defined('DB_RUN_MIGRATIONS') or define('DB_RUN_MIGRATIONS', getenv('DB_RUN_MIGRATIONS') ? strtolower(getenv('DB_RUN_MIGRATIONS')) === 'true' : true);
 
 // Database driver: sqlite, mysql or postgres
-defined('DB_DRIVER') or define('DB_DRIVER', 'sqlite');
+defined('DB_DRIVER') or define('DB_DRIVER', getenv('DB_DRIVER') ?: 'sqlite');
 
 // Sqlite configuration
-defined('DB_FILENAME') or define('DB_FILENAME', DATA_DIR.DIRECTORY_SEPARATOR.'db.sqlite');
+defined('DB_FILENAME') or define('DB_FILENAME', getenv('DB_FILENAME') ?: DATA_DIR.DIRECTORY_SEPARATOR.'db.sqlite');
 
 // Mysql/Postgres configuration
-defined('DB_USERNAME') or define('DB_USERNAME', 'root');
-defined('DB_PASSWORD') or define('DB_PASSWORD', '');
-defined('DB_HOSTNAME') or define('DB_HOSTNAME', 'localhost');
-defined('DB_NAME') or define('DB_NAME', 'kanboard');
-defined('DB_PORT') or define('DB_PORT', null);
-defined('DB_SSL_KEY') or define('DB_SSL_KEY', null);
-defined('DB_SSL_CERT') or define('DB_SSL_CERT', null);
-defined('DB_SSL_CA') or define('DB_SSL_CA', null);
-defined('DB_VERIFY_SERVER_CERT') or define('DB_VERIFY_SERVER_CERT', null);
-defined('DB_TIMEOUT') or define('DB_TIMEOUT', null);
+defined('DB_USERNAME') or define('DB_USERNAME', getenv('DB_USERNAME') ?: 'root');
+defined('DB_PASSWORD') or define('DB_PASSWORD', getenv('DB_PASSWORD') ?: '');
+defined('DB_HOSTNAME') or define('DB_HOSTNAME', getenv('DB_HOSTNAME') ?: 'localhost');
+defined('DB_NAME') or define('DB_NAME', getenv('DB_NAME') ?: 'kanboard');
+defined('DB_PORT') or define('DB_PORT', intval(getenv('DB_PORT')) ?: null);
+defined('DB_SSL_KEY') or define('DB_SSL_KEY', getenv('DB_SSL_KEY') ?: null);
+defined('DB_SSL_CERT') or define('DB_SSL_CERT', getenv('DB_SSL_CERT') ?: null);
+defined('DB_SSL_CA') or define('DB_SSL_CA', getenv('DB_SSL_CA') ?: null);
+defined('DB_VERIFY_SERVER_CERT') or define('DB_VERIFY_SERVER_CERT', getenv('DB_VERIFY_SERVER_CERT') ?: null);
+defined('DB_TIMEOUT') or define('DB_TIMEOUT', intval(getenv('DB_TIMEOUT')) ?: null);
 
 // Database backend group provider
-defined('DB_GROUP_PROVIDER') or define('DB_GROUP_PROVIDER', true);
-defined('DB_USER_PROVIDER') or define('DB_USER_PROVIDER', true);
+defined('DB_GROUP_PROVIDER') or define('DB_GROUP_PROVIDER', getenv('DB_GROUP_PROVIDER') ? strtolower(getenv('DB_GROUP_PROVIDER')) === 'true' : true);
+defined('DB_USER_PROVIDER') or define('DB_USER_PROVIDER', getenv('DB_USER_PROVIDER') ? strtolower(getenv('DB_USER_PROVIDER')) === 'true': true);
 
 // LDAP configuration
-defined('LDAP_AUTH') or define('LDAP_AUTH', false);
-defined('LDAP_SERVER') or define('LDAP_SERVER', '');
-defined('LDAP_PORT') or define('LDAP_PORT', 389);
-defined('LDAP_SSL_VERIFY') or define('LDAP_SSL_VERIFY', true);
-defined('LDAP_START_TLS') or define('LDAP_START_TLS', false);
-defined('LDAP_USERNAME_CASE_SENSITIVE') or define('LDAP_USERNAME_CASE_SENSITIVE', false);
+defined('LDAP_AUTH') or define('LDAP_AUTH', strtolower(getenv('LDAP_AUTH')) === 'true');
+defined('LDAP_SERVER') or define('LDAP_SERVER', getenv('LDAP_SERVER') ?: '');
+defined('LDAP_PORT') or define('LDAP_PORT', intval(getenv('LDAP_PORT')) ?: 389);
+defined('LDAP_SSL_VERIFY') or define('LDAP_SSL_VERIFY', getenv('LDAP_SSL_VERIFY') ? strtolower(getenv('LDAP_SSL_VERIFY')) === 'true' : true);
+defined('LDAP_START_TLS') or define('LDAP_START_TLS', strtolower(getenv('LDAP_START_TLS')) === 'true');
+defined('LDAP_USERNAME_CASE_SENSITIVE') or define('LDAP_USERNAME_CASE_SENSITIVE', strtolower(getenv('LDAP_USERNAME_CASE_SENSITIVE')) === 'true');
 
-defined('LDAP_BIND_TYPE') or define('LDAP_BIND_TYPE', 'anonymous');
-defined('LDAP_USERNAME') or define('LDAP_USERNAME', null);
-defined('LDAP_PASSWORD') or define('LDAP_PASSWORD', null);
+defined('LDAP_BIND_TYPE') or define('LDAP_BIND_TYPE', getenv('LDAP_BIND_TYPE') ?: 'anonymous');
+defined('LDAP_USERNAME') or define('LDAP_USERNAME', getenv('LDAP_USERNAME') ?: null);
+defined('LDAP_PASSWORD') or define('LDAP_PASSWORD', getenv('LDAP_PASSWORD') ?: null);
 
-defined('LDAP_USER_BASE_DN') or define('LDAP_USER_BASE_DN', '');
-defined('LDAP_USER_FILTER') or define('LDAP_USER_FILTER', '');
-defined('LDAP_USER_ATTRIBUTE_USERNAME') or define('LDAP_USER_ATTRIBUTE_USERNAME', 'uid');
-defined('LDAP_USER_ATTRIBUTE_FULLNAME') or define('LDAP_USER_ATTRIBUTE_FULLNAME', 'cn');
-defined('LDAP_USER_ATTRIBUTE_EMAIL') or define('LDAP_USER_ATTRIBUTE_EMAIL', 'mail');
-defined('LDAP_USER_ATTRIBUTE_GROUPS') or define('LDAP_USER_ATTRIBUTE_GROUPS', 'memberof');
-defined('LDAP_USER_ATTRIBUTE_PHOTO') or define('LDAP_USER_ATTRIBUTE_PHOTO', '');
-defined('LDAP_USER_ATTRIBUTE_LANGUAGE') or define('LDAP_USER_ATTRIBUTE_LANGUAGE', '');
-defined('LDAP_USER_CREATION') or define('LDAP_USER_CREATION', true);
+defined('LDAP_USER_BASE_DN') or define('LDAP_USER_BASE_DN', getenv('LDAP_USER_BASE_DN') ?: '');
+defined('LDAP_USER_FILTER') or define('LDAP_USER_FILTER', getenv('LDAP_USER_FILTER') ?: '');
+defined('LDAP_USER_ATTRIBUTE_USERNAME') or define('LDAP_USER_ATTRIBUTE_USERNAME', getenv('LDAP_USER_ATTRIBUTE_USERNAME') ?: 'uid');
+defined('LDAP_USER_ATTRIBUTE_FULLNAME') or define('LDAP_USER_ATTRIBUTE_FULLNAME', getenv('LDAP_USER_ATTRIBUTE_FULLNAME') ?: 'cn');
+defined('LDAP_USER_ATTRIBUTE_EMAIL') or define('LDAP_USER_ATTRIBUTE_EMAIL', getenv('LDAP_USER_ATTRIBUTE_EMAIL') ?: 'mail');
+defined('LDAP_USER_ATTRIBUTE_GROUPS') or define('LDAP_USER_ATTRIBUTE_GROUPS', getenv('LDAP_USER_ATTRIBUTE_GROUPS') ?: 'memberof');
+defined('LDAP_USER_ATTRIBUTE_PHOTO') or define('LDAP_USER_ATTRIBUTE_PHOTO', getenv('LDAP_USER_ATTRIBUTE_PHOTO') ?: '');
+defined('LDAP_USER_ATTRIBUTE_LANGUAGE') or define('LDAP_USER_ATTRIBUTE_LANGUAGE', getenv('LDAP_USER_ATTRIBUTE_LANGUAGE') ?: '');
+defined('LDAP_USER_CREATION') or define('LDAP_USER_CREATION', getenv('LDAP_USER_CREATION') ? strtolower(getenv('LDAP_USER_CREATION')) === 'true' : true);
 
-defined('LDAP_GROUP_ADMIN_DN') or define('LDAP_GROUP_ADMIN_DN', '');
-defined('LDAP_GROUP_MANAGER_DN') or define('LDAP_GROUP_MANAGER_DN', '');
+defined('LDAP_GROUP_ADMIN_DN') or define('LDAP_GROUP_ADMIN_DN', getenv('LDAP_GROUP_ADMIN_DN') ?: '');
+defined('LDAP_GROUP_MANAGER_DN') or define('LDAP_GROUP_MANAGER_DN', getenv('LDAP_GROUP_MANAGER_DN') ?: '');
 
-defined('LDAP_GROUP_PROVIDER') or define('LDAP_GROUP_PROVIDER', false);
-defined('LDAP_GROUP_BASE_DN') or define('LDAP_GROUP_BASE_DN', '');
-defined('LDAP_GROUP_FILTER') or define('LDAP_GROUP_FILTER', '');
-defined('LDAP_GROUP_USER_FILTER') or define('LDAP_GROUP_USER_FILTER', '');
-defined('LDAP_GROUP_ATTRIBUTE_NAME') or define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn');
+defined('LDAP_GROUP_PROVIDER') or define('LDAP_GROUP_PROVIDER', strtolower(getenv('LDAP_GROUP_PROVIDER')) === 'true');
+defined('LDAP_GROUP_BASE_DN') or define('LDAP_GROUP_BASE_DN', getenv('LDAP_GROUP_BASE_DN') ?: '');
+defined('LDAP_GROUP_FILTER') or define('LDAP_GROUP_FILTER', getenv('LDAP_GROUP_FILTER') ?: '');
+defined('LDAP_GROUP_USER_FILTER') or define('LDAP_GROUP_USER_FILTER', getenv('LDAP_GROUP_USER_FILTER') ?: '');
+defined('LDAP_GROUP_ATTRIBUTE_NAME') or define('LDAP_GROUP_ATTRIBUTE_NAME', getenv('LDAP_GROUP_ATTRIBUTE_NAME') ?: 'cn');
 
 // Proxy authentication
-defined('REVERSE_PROXY_AUTH') or define('REVERSE_PROXY_AUTH', false);
-defined('REVERSE_PROXY_USER_HEADER') or define('REVERSE_PROXY_USER_HEADER', 'REMOTE_USER');
-defined('REVERSE_PROXY_DEFAULT_ADMIN') or define('REVERSE_PROXY_DEFAULT_ADMIN', '');
-defined('REVERSE_PROXY_DEFAULT_DOMAIN') or define('REVERSE_PROXY_DEFAULT_DOMAIN', '');
+defined('REVERSE_PROXY_AUTH') or define('REVERSE_PROXY_AUTH', strtolower(getenv('REVERSE_PROXY_AUTH')) === 'true');
+defined('REVERSE_PROXY_USER_HEADER') or define('REVERSE_PROXY_USER_HEADER', getenv('REVERSE_PROXY_USER_HEADER') ?: 'REMOTE_USER');
+defined('REVERSE_PROXY_DEFAULT_ADMIN') or define('REVERSE_PROXY_DEFAULT_ADMIN', getenv('REVERSE_PROXY_DEFAULT_ADMIN') ?: '');
+defined('REVERSE_PROXY_DEFAULT_DOMAIN') or define('REVERSE_PROXY_DEFAULT_DOMAIN', getenv('REVERSE_PROXY_DEFAULT_DOMAIN') ?: '');
 
 // Remember me authentication
-defined('REMEMBER_ME_AUTH') or define('REMEMBER_ME_AUTH', true);
+defined('REMEMBER_ME_AUTH') or define('REMEMBER_ME_AUTH', getenv('REMEMBER_ME_AUTH') ? strtolower(getenv('REMEMBER_ME_AUTH')) === 'true' : true);
 
 // Mail configuration
-defined('MAIL_CONFIGURATION') or define('MAIL_CONFIGURATION', true);
-defined('MAIL_FROM') or define('MAIL_FROM', 'notifications@kanboard.local');
-defined('MAIL_TRANSPORT') or define('MAIL_TRANSPORT', 'mail');
-defined('MAIL_SMTP_HOSTNAME') or define('MAIL_SMTP_HOSTNAME', '');
-defined('MAIL_SMTP_PORT') or define('MAIL_SMTP_PORT', 25);
-defined('MAIL_SMTP_USERNAME') or define('MAIL_SMTP_USERNAME', '');
-defined('MAIL_SMTP_PASSWORD') or define('MAIL_SMTP_PASSWORD', '');
-defined('MAIL_SMTP_ENCRYPTION') or define('MAIL_SMTP_ENCRYPTION', null);
-defined('MAIL_SENDMAIL_COMMAND') or define('MAIL_SENDMAIL_COMMAND', '/usr/sbin/sendmail -bs');
+defined('MAIL_CONFIGURATION') or define('MAIL_CONFIGURATION', getenv('MAIL_CONFIGURATION') ? strtolower(getenv('MAIL_CONFIGURATION')) === 'true' : true);
+defined('MAIL_FROM') or define('MAIL_FROM', getenv('MAIL_FROM') ?: 'notifications@kanboard.local');
+defined('MAIL_TRANSPORT') or define('MAIL_TRANSPORT', getenv('MAIL_TRANSPORT') ?: 'mail');
+defined('MAIL_SMTP_HOSTNAME') or define('MAIL_SMTP_HOSTNAME', getenv('MAIL_SMTP_HOSTNAME') ?: '');
+defined('MAIL_SMTP_PORT') or define('MAIL_SMTP_PORT', intval(getenv('MAIL_SMTP_PORT')) ?: 25);
+defined('MAIL_SMTP_USERNAME') or define('MAIL_SMTP_USERNAME', getenv('MAIL_SMTP_USERNAME') ?: '');
+defined('MAIL_SMTP_PASSWORD') or define('MAIL_SMTP_PASSWORD', getenv('MAIL_SMTP_PASSWORD') ?: '');
+defined('MAIL_SMTP_ENCRYPTION') or define('MAIL_SMTP_ENCRYPTION', getenv('MAIL_SMTP_ENCRYPTION') ?: null);
+defined('MAIL_SENDMAIL_COMMAND') or define('MAIL_SENDMAIL_COMMAND', getenv('MAIL_SENDMAIL_COMMAND') ?: '/usr/sbin/sendmail -bs');
 
 // Enable or disable "Strict-Transport-Security" HTTP header
-defined('ENABLE_HSTS') or define('ENABLE_HSTS', true);
+defined('ENABLE_HSTS') or define('ENABLE_HSTS', getenv('ENABLE_HSTS') ? strtolower(getenv('ENABLE_HSTS')) === 'true' : true);
 
 // Enable or disable "X-Frame-Options: DENY" HTTP header
-defined('ENABLE_XFRAME') or define('ENABLE_XFRAME', true);
+defined('ENABLE_XFRAME') or define('ENABLE_XFRAME', getenv('ENABLE_XFRAME') ? strtolower(getenv('ENABLE_XFRAME')) === 'true' : true);
 
 // Escape html inside markdown text
-defined('MARKDOWN_ESCAPE_HTML') or define('MARKDOWN_ESCAPE_HTML', true);
+defined('MARKDOWN_ESCAPE_HTML') or define('MARKDOWN_ESCAPE_HTML', getenv('MARKDOWN_ESCAPE_HTML') ? strtolower(getenv('MARKDOWN_ESCAPE_HTML')) === 'true' : true);
 
 // API alternative authentication header, the default is HTTP Basic Authentication defined in RFC2617
-defined('API_AUTHENTICATION_HEADER') or define('API_AUTHENTICATION_HEADER', '');
+defined('API_AUTHENTICATION_HEADER') or define('API_AUTHENTICATION_HEADER', getenv('API_AUTHENTICATION_HEADER') ?: '');
 
 // Enable/disable url rewrite
-defined('ENABLE_URL_REWRITE') or define('ENABLE_URL_REWRITE', isset($_SERVER['HTTP_MOD_REWRITE']));
+defined('ENABLE_URL_REWRITE') or define('ENABLE_URL_REWRITE', getenv('ENABLE_URL_REWRITE') ?: isset($_SERVER['HTTP_MOD_REWRITE']));
 
 // Hide login form
-defined('HIDE_LOGIN_FORM') or define('HIDE_LOGIN_FORM', false);
+defined('HIDE_LOGIN_FORM') or define('HIDE_LOGIN_FORM', strtolower(getenv('HIDE_LOGIN_FORM')) === 'true');
 
 // Disabling logout (for external SSO authentication)
-defined('DISABLE_LOGOUT') or define('DISABLE_LOGOUT', false);
+defined('DISABLE_LOGOUT') or define('DISABLE_LOGOUT', strtolower(getenv('DISABLE_LOGOUT')) === true);
 
 // Bruteforce protection
-defined('BRUTEFORCE_CAPTCHA') or define('BRUTEFORCE_CAPTCHA', 3);
-defined('BRUTEFORCE_LOCKDOWN') or define('BRUTEFORCE_LOCKDOWN', 6);
-defined('BRUTEFORCE_LOCKDOWN_DURATION') or define('BRUTEFORCE_LOCKDOWN_DURATION', 15);
+defined('BRUTEFORCE_CAPTCHA') or define('BRUTEFORCE_CAPTCHA', intval(getenv('BRUTEFORCE_CAPTCHA')) ?: 3);
+defined('BRUTEFORCE_LOCKDOWN') or define('BRUTEFORCE_LOCKDOWN', intval(getenv('BRUTEFORCE_LOCKDOWN')) ?: 6);
+defined('BRUTEFORCE_LOCKDOWN_DURATION') or define('BRUTEFORCE_LOCKDOWN_DURATION', intval(getenv('BRUTEFORCE_LOCKDOWN_DURATION')) ?: 15);
 
 // Session duration in second (0 = until the browser is closed)
 // See http://php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime
-defined('SESSION_DURATION') or define('SESSION_DURATION', 0);
+defined('SESSION_DURATION') or define('SESSION_DURATION', intval(getenv('SESSION_DURATION')) ?: 0);
 
 // HTTP Client
-defined('HTTP_TIMEOUT') or define('HTTP_TIMEOUT', 10);
-defined('HTTP_MAX_REDIRECTS') or define('HTTP_MAX_REDIRECTS', 3);
-defined('HTTP_PROXY_HOSTNAME') or define('HTTP_PROXY_HOSTNAME', '');
-defined('HTTP_PROXY_PORT') or define('HTTP_PROXY_PORT', '3128');
-defined('HTTP_PROXY_USERNAME') or define('HTTP_PROXY_USERNAME', '');
-defined('HTTP_PROXY_PASSWORD') or define('HTTP_PROXY_PASSWORD', '');
-defined('HTTP_PROXY_EXCLUDE') or define('HTTP_PROXY_EXCLUDE', 'localhost');
-defined('HTTP_VERIFY_SSL_CERTIFICATE') or define('HTTP_VERIFY_SSL_CERTIFICATE', true);
+defined('HTTP_TIMEOUT') or define('HTTP_TIMEOUT', intval(getenv('HTTP_TIMEOUT')) ?: 10);
+defined('HTTP_MAX_REDIRECTS') or define('HTTP_MAX_REDIRECTS', intval(getenv('HTTP_MAX_REDIRECTS')) ?: 3);
+defined('HTTP_PROXY_HOSTNAME') or define('HTTP_PROXY_HOSTNAME', getenv('HTTP_PROXY_HOSTNAME') ?: '');
+defined('HTTP_PROXY_PORT') or define('HTTP_PROXY_PORT', getenv('HTTP_PROXY_PORT') ?: '3128');
+defined('HTTP_PROXY_USERNAME') or define('HTTP_PROXY_USERNAME', getenv('HTTP_PROXY_USERNAME') ?: '');
+defined('HTTP_PROXY_PASSWORD') or define('HTTP_PROXY_PASSWORD', getenv('HTTP_PROXY_PASSWORD') ?: '');
+defined('HTTP_PROXY_EXCLUDE') or define('HTTP_PROXY_EXCLUDE', getenv('HTTP_PROXY_EXCLUDE') ?: 'localhost');
+defined('HTTP_VERIFY_SSL_CERTIFICATE') or define('HTTP_VERIFY_SSL_CERTIFICATE', getenv('HTTP_VERIFY_SSL_CERTIFICATE') ? strtolower(getenv('HTTP_VERIFY_SSL_CERTIFICATE')) === 'true' : true);
 
-defined('TOTP_ISSUER') or define('TOTP_ISSUER', 'Kanboard');
+defined('TOTP_ISSUER') or define('TOTP_ISSUER', getenv('TOTP_ISSUER') ?: 'Kanboard');
 
 // Comma separated list of fields to not synchronize when using external authentication providers
-defined('EXTERNAL_AUTH_EXCLUDE_FIELDS') or define('EXTERNAL_AUTH_EXCLUDE_FIELDS', 'username');
+defined('EXTERNAL_AUTH_EXCLUDE_FIELDS') or define('EXTERNAL_AUTH_EXCLUDE_FIELDS', getenv('EXTERNAL_AUTH_EXCLUDE_FIELDS') ?: 'username');
 
 // Documentation URL
-defined('DOCUMENTATION_URL_PATTERN') or define('DOCUMENTATION_URL_PATTERN', 'https://docs.kanboard.org/en/%s/user_guide/%s.html');
+defined('DOCUMENTATION_URL_PATTERN') or define('DOCUMENTATION_URL_PATTERN', getenv('DOCUMENTATION_URL_PATTERN') ?: 'https://docs.kanboard.org/en/%s/user_guide/%s.html');
diff --git a/docker/etc/php7/php-fpm.d/env.conf b/docker/etc/php7/php-fpm.d/env.conf
index 23f6ce3d6..650a8cf63 100644
--- a/docker/etc/php7/php-fpm.d/env.conf
+++ b/docker/etc/php7/php-fpm.d/env.conf
@@ -1,3 +1,156 @@
 env[DATABASE_URL] = $DATABASE_URL
-env[DEBUG] = $DEBUG
 env[API_AUTHENTICATION_TOKEN] = $API_AUTHENTICATION_TOKEN
+
+; Data directory location
+env[DATA_DIR] = $DATA_DIR
+
+; Files directory (attachments)
+env[FILES_DIR] = $FILES_DIR
+
+; Available cache drivers are "file" and "memory"
+env[CACHE_DRIVER] = $CACHE_DRIVER
+
+; Cache folder (file driver)
+env[CACHE_DIR] = $CACHE_DIR
+
+; Plugins settings
+env[PLUGINS_DIR] = $PLUGINS_DIR
+env[PLUGIN_API_URL] = $PLUGIN_API_URL
+env[PLUGIN_INSTALLER] = $PLUGIN_INSTALLER
+
+; Enable/disable debug
+env[DEBUG] = $DEBUG
+
+; Logging drivers: syslog, stdout, stderr, system or file
+env[LOG_DRIVER] = $LOG_DRIVER
+
+; Logging file
+env[LOG_FILE] = $LOG_FILE
+
+; Application version
+env[APP_VERSION] = $APP_VERSION
+
+; Run automatically database migrations
+env[DB_RUN_MIGRATIONS] = $DB_RUN_MIGRATIONS
+
+; Database driver: sqlite, mysql or postgres
+env[DB_DRIVER] = $DB_DRIVER
+
+; Sqlite configuration
+env[DB_FILENAME] = $DB_FILENAME
+
+; Mysql/Postgres configuration
+env[DB_USERNAME] = $DB_USERNAME
+env[DB_PASSWORD] = $DB_PASSWORD
+env[DB_HOSTNAME] = $DB_HOSTNAME
+env[DB_NAME] = $DB_NAME
+env[DB_PORT] = $DB_PORT
+env[DB_SSL_KEY] = $DB_SSL_KEY
+env[DB_SSL_CERT] = $DB_SSL_CERT
+env[DB_SSL_CA] = $DB_SSL_CA
+env[DB_VERIFY_SERVER_CERT] = $DB_VERIFY_SERVER_CERT
+env[DB_TIMEOUT] = $DB_TIMEOUT
+
+; Database backend group provider
+env[DB_GROUP_PROVIDER] = $DB_GROUP_PROVIDER
+env[DB_USER_PROVIDER] = $DB_USER_PROVIDER
+
+; LDAP configuration
+env[LDAP_AUTH] = $LDAP_AUTH
+env[LDAP_SERVER] = $LDAP_SERVER
+env[LDAP_PORT] = $LDAP_PORT
+env[LDAP_SSL_VERIFY] = $LDAP_SSL_VERIFY
+env[LDAP_START_TLS] = $LDAP_START_TLS
+env[LDAP_USERNAME_CASE_SENSITIVE] = $LDAP_USERNAME_CASE_SENSITIVE
+
+env[LDAP_BIND_TYPE] = $LDAP_BIND_TYPE
+env[LDAP_USERNAME] = $LDAP_USERNAME
+env[LDAP_PASSWORD] = $LDAP_PASSWORD
+
+env[LDAP_USER_BASE_DN] = $LDAP_USER_BASE_DN
+env[LDAP_USER_FILTER] = $LDAP_USER_FILTER
+env[LDAP_USER_ATTRIBUTE_USERNAME] = $LDAP_USER_ATTRIBUTE_USERNAME
+env[LDAP_USER_ATTRIBUTE_FULLNAME] = $LDAP_USER_ATTRIBUTE_FULLNAME
+env[LDAP_USER_ATTRIBUTE_EMAIL] = $LDAP_USER_ATTRIBUTE_EMAIL
+env[LDAP_USER_ATTRIBUTE_GROUPS] = $LDAP_USER_ATTRIBUTE_GROUPS
+env[LDAP_USER_ATTRIBUTE_PHOTO] = $LDAP_USER_ATTRIBUTE_PHOTO
+env[LDAP_USER_ATTRIBUTE_LANGUAGE] = $LDAP_USER_ATTRIBUTE_LANGUAGE
+env[LDAP_USER_CREATION] = $LDAP_USER_CREATION
+
+env[LDAP_GROUP_ADMIN_DN] = $LDAP_GROUP_ADMIN_DN
+env[LDAP_GROUP_MANAGER_DN] = $LDAP_GROUP_MANAGER_DN
+
+env[LDAP_GROUP_PROVIDER] = $LDAP_GROUP_PROVIDER
+env[LDAP_GROUP_BASE_DN] = $LDAP_GROUP_BASE_DN
+env[LDAP_GROUP_FILTER] = $LDAP_GROUP_FILTER
+env[LDAP_GROUP_USER_FILTER] = $LDAP_GROUP_USER_FILTER
+env[LDAP_GROUP_ATTRIBUTE_NAME] = $LDAP_GROUP_ATTRIBUTE_NAME
+
+; Proxy authentication
+env[REVERSE_PROXY_AUTH] = $REVERSE_PROXY_AUTH
+env[REVERSE_PROXY_USER_HEADER] = $REVERSE_PROXY_USER_HEADER
+env[REVERSE_PROXY_DEFAULT_ADMIN] = $REVERSE_PROXY_DEFAULT_ADMIN
+env[REVERSE_PROXY_DEFAULT_DOMAIN] = $REVERSE_PROXY_DEFAULT_DOMAIN
+
+; Remember me authentication
+env[REMEMBER_ME_AUTH] = $REMEMBER_ME_AUTH
+
+; Mail configuration
+env[MAIL_CONFIGURATION] = $MAIL_CONFIGURATION
+env[MAIL_FROM] = $MAIL_FROM
+env[MAIL_TRANSPORT] = $MAIL_TRANSPORT
+env[MAIL_SMTP_HOSTNAME] = $MAIL_SMTP_HOSTNAME
+env[MAIL_SMTP_PORT] = $MAIL_SMTP_PORT
+env[MAIL_SMTP_USERNAME] = $MAIL_SMTP_USERNAME
+env[MAIL_SMTP_PASSWORD] = $MAIL_SMTP_PASSWORD
+env[MAIL_SMTP_ENCRYPTION] = $MAIL_SMTP_ENCRYPTION
+env[MAIL_SENDMAIL_COMMAND] = $MAIL_SENDMAIL_COMMAND
+
+; Enable or disable "Strict-Transport-Security" HTTP header
+env[ENABLE_HSTS] = $ENABLE_HSTS
+
+; Enable or disable "X-Frame-Options: DENY" HTTP header
+env[ENABLE_XFRAME] = $ENABLE_XFRAME
+
+; Escape html inside markdown text
+env[MARKDOWN_ESCAPE_HTML] = $MARKDOWN_ESCAPE_HTML
+
+; API alternative authentication header, the default is HTTP Basic Authentication defined in RFC2617
+env[API_AUTHENTICATION_HEADER] = $API_AUTHENTICATION_HEADER
+
+; Enable/disable url rewrite
+env[ENABLE_URL_REWRITE] = $ENABLE_URL_REWRITE
+
+; Hide login form
+env[HIDE_LOGIN_FORM] = $HIDE_LOGIN_FORM
+
+; Disabling logout (for external SSO authentication)
+env[DISABLE_LOGOUT] = $DISABLE_LOGOUT
+
+; Bruteforce protection
+env[BRUTEFORCE_CAPTCHA] = $BRUTEFORCE_CAPTCHA
+env[BRUTEFORCE_LOCKDOWN] = $BRUTEFORCE_LOCKDOWN
+env[BRUTEFORCE_LOCKDOWN_DURATION] = $BRUTEFORCE_LOCKDOWN_DURATION
+
+; Session duration in second (0 = until the browser is closed)
+; See http:;php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime
+env[SESSION_DURATION] = $SESSION_DURATION
+
+; HTTP Client
+env[HTTP_TIMEOUT] = $HTTP_TIMEOUT
+env[HTTP_MAX_REDIRECTS] = $HTTP_MAX_REDIRECTS
+env[HTTP_PROXY_HOSTNAME] = $HTTP_PROXY_HOSTNAME
+env[HTTP_PROXY_PORT] = $HTTP_PROXY_PORT
+env[HTTP_PROXY_USERNAME] = $HTTP_PROXY_USERNAME
+env[HTTP_PROXY_PASSWORD] = $HTTP_PROXY_PASSWORD
+env[HTTP_PROXY_EXCLUDE] = $HTTP_PROXY_EXCLUDE
+env[HTTP_VERIFY_SSL_CERTIFICATE] = $HTTP_VERIFY_SSL_CERTIFICATE
+
+env[TOTP_ISSUER] = $TOTP_ISSUER
+
+; Comma separated list of fields to not synchronize when using external authentication providers
+env[EXTERNAL_AUTH_EXCLUDE_FIELDS] = $EXTERNAL_AUTH_EXCLUDE_FIELDS
+
+; Documentation URL
+env[DOCUMENTATION_URL_PATTERN] = $DOCUMENTATION_URL_PATTERN
+