diff --git a/backend/app/routes.py b/backend/app/routes.py
index 5ec44f9..8726b5d 100644
--- a/backend/app/routes.py
+++ b/backend/app/routes.py
@@ -77,6 +77,9 @@ def logout():
 def register():
     if current_user.is_authenticated:
         return redirect(url_for('index'))
+    if not app.config['ALLOW_REGISTRATION'] == "true":
+        flash('Registration temporarily disabled.')
+        return redirect(url_for('login'))
     form = RegistrationForm()
     if form.validate_on_submit():
         user = User(username=form.username.data, email=form.email.data)
diff --git a/backend/config.py b/backend/config.py
index 94539de..c5d4f5b 100644
--- a/backend/config.py
+++ b/backend/config.py
@@ -16,6 +16,7 @@ class Config:
     ADMINS = [os.environ.get('DOTENV_ADMIN_EMAIL')]
     FROM_ADDRESS = os.environ.get('DOTENV_FROM_ADDRESS')
     REAL_HOSTNAME = os.environ.get('DOTENV_REAL_HOSTNAME')
+    ALLOW_REGISTRATION = os.environ.get('DOTENV_ALLOW_REGISTRATION')
 
 
     DC_LOGGING = True
diff --git a/compose.yaml b/compose.yaml
index 4c9c778..bff8591 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -44,6 +44,7 @@ services:
       - DOTENV_FROM_ADDRESS=${FLASK_MAIL_FROM}
       - DOTENV_JWT_PHRASE=${FLASK_JWT_PHRASE}
       - DOTENV_REAL_HOSTNAME=${FLASK_REAL_HOSTNAME}
+      - DOTENV_ALLOW_REGISTRATION=${ALLOW_REGISTRATION}
     #ports:
     #  - 8000:8000
     expose:
diff --git a/dotenv b/dotenv
index 6c95f51..923ea12 100644
--- a/dotenv
+++ b/dotenv
@@ -1,30 +1,30 @@
 # Example .env file
-DOTENV_MYSQL_ROOT_PASSWORD_OLD=rootp
-DOTENV_MYSQL_ROOT_PASSWORD=rootp
+DOTENV_MYSQL_ROOT_PASSWORD_OLD="aaa"
+DOTENV_MYSQL_ROOT_PASSWORD="aaa"
 
-DOTENV_MYSQL_GITEA_PASSWORD=giteap
-DOTENV_MYSQL_FLASK_PASSWORD=flaskp
+DOTENV_MYSQL_GITEA_PASSWORD="aaa"
+DOTENV_MYSQL_FLASK_PASSWORD="aaa"
 
-GITEA_MAIL_FROM="git@e.e"
+GITEA_MAIL_FROM="git@aaa"
 
 # Build ARG GPG_PP. May still need to be empty to avoid breakage.
 BUILD_GPG_PP=
 
 # Tor:
-# true/false
-USE_TOR=false
+# true/false:
+USE_TOR=true
 
 # Backend:
-
-FLASK_SECRET_KEY="flaskkey"
+FLASK_SECRET_KEY="aaa"
 # Inconsequential token: minimal inconvenience if exposed
-FLASK_TOKEN_I=dti
-
+FLASK_TOKEN_I="dti"
 # Consequential token: protect
-FLASK_TOKEN_C=dtc
-
-FLASK_MAIL_FROM="git@e.e"
+FLASK_TOKEN_C="dtc"
+# true/false:
+ALLOW_REGISTRATION=true
+FLASK_MAIL_FROM="git@aaa"
 # admin email must be valid send from with mail subsystem
-FLASK_ADMIN_EMAIL="git@e.e"
-FLASK_JWT_PHRASE="tphrase"
+FLASK_ADMIN_EMAIL="git@aaa"
+FLASK_JWT_PHRASE="aaa"
 FLASK_REAL_HOSTNAME="localhost"
+