Server configuration

string

Database connection string.

bool

Allow insecure (invalid, expired TLS/SSL certificates) connections.

time.Duration

Default timeout for clients.

string

IP and port for the HTTP server.

bool

Log HTTP requests.

bool

Log HTTP responses.

bool

bool

bool

Enable /version route.

bool

Enable /debug route.

bool

Enable (prometheus) metrics.

string

Name for metrics endpoint.

string

Username for the metrics endpoint.

string

Password for the metrics endpoint.

bool

Report HTTP panic to Sentry.

string

Base URL (prefix) for all routes (<baseUrl>/auth, <baseUrl>/api, …​)

bool

string

When webapps are enabled (HTTP_WEBAPP_ENABLED) this is moved to '/api' if not explicitly set otherwise. API base URL is internaly prefixed with baseUrl

bool

string

Webapp base URL is internaly prefixed with baseUrl

string

string

bool

Is SSL termination enabled in ingres, proxy or load balancer that is in front of Corteza? By default, Corteza checks for presence of LETSENCRYPT_HOST environmental variable. This DOES NOT enable SSL termination in Cortreza!

bool

Log RBAC related events and actions

string

string

Space delimited list of role handles. These roles causes short-circuiting access control check and allowing all operations. System will refuse to start if check-bypassing roles are also listed as authenticated or anonymous auto-assigned roles.

string

Space delimited list of role handles. These roles are automatically assigned to authenticated user. Memberships can not be managed for these roles. System will refuse to start if roles listed here are also listed under anonymous roles

string

Space delimited list of role handles. These roles are automatically assigned to anonymous user. Memberships can not be managed for these roles.

bool

Enable SCIM subsystem

string

Prefix for SCIM API endpoints

string

Secret to use to validate requests on SCIM API endpoints

bool

Use external IDs in SCIM API endpoints

string

Validates format of external IDs. Defaults to UUID

string

The SMTP server hostname.

int

The SMTP post.

string

The SMTP username.

string

The SMTP password.

string

The SMTP from email parameter

bool

Allow insecure (invalid, expired TLS certificates) connections.

string

bool

bool

bool

bool

Enable API Gateway

bool

Enable API Gateway debugging info

bool

Enable extra logging

bool

Enable incoming request body output in logs

bool

Enable full debug log on requests / responses - warning, includes sensitive data

bool

Follow redirects on proxy requests

time.Duration

Outbound request timeout

bool

Enable extra logging for authentication flows

bool

Password security allows you to disable constraints to which passwords must conform to.

string

Secret used for signing JWT tokens.

time.Duration

Access token lifetime

time.Duration

Refresh token lifetime

time.Duration

Experation time for the auth JWT tokens.

string

Redirect URL to be sent with OAuth2 authentication request to provider

provider placeholder is replaced with the actual value when used.

string

Secret used for securing cookies

string

Frontend base URL. Must be an absolute URL, with the domain. This is used for some redirects and links in auth emails.

string

Session cookie name

string

Session cookie path

string

Session cookie domain

bool

Defaults to true when HTTPS is used. Corteza will try to guess the this setting by

time.Duration

How long do we keep the temporary session

time.Duration

How long do we keep the permanent session

time.Duration

How often are expired sessions and tokens purged from the database

int

How many requests from a cerain IP address are allowed in a time window. Set to zero to disable

time.Duration

How many requests from a cerain IP address are allowed in a time window

string

Secret used for securing CSRF protection

bool

Enable CSRF protection

string

Form field name used for CSRF protection

string

Cookie name used for CSRF protection

string

Handle for OAuth2 client used for automatic redirect from /auth/oauth2/go endpoint.

This simplifies configuration for OAuth2 flow for Corteza Web applications as it removes the need to suply redirection URL and client ID (oauth2/go endpoint does that internally)

string

Path to js, css, images and template source files

When corteza starts, if path exists it tries to load template files from it. If not it uses statically embedded files.

When empty path is set (default value), embedded files are used.

bool

When enabled, corteza reloads template before every execution. Enable this for debugging or when developing auth templates.

Should be disabled in production where templates do not change between server restarts.

bool

Enable/disable Corredor integration

string

Hostname and port of the Corredor gRPC server.

time.Duration

Max delay for backoff on connection.

int

Max message size that can be recived.

time.Duration

time.Duration

time.Duration

bool

bool

string

string

string

string

string

string

bool

Enable eventbus sheduler.

time.Duration

Set time interval for eventbus scheduler.

bool

Federation enabled on system, it toggles rest API endpoints, possibility to map modules in Compose and sync itself

string

Federation label

string

Host that is used during node pairing, also included in invitation

time.Duration

Delay in seconds for structure sync

int

Bulk size in fetching for structure sync

time.Duration

Delay in seconds for data sync

int

Bulk size in fetching for data sync

int

Maximum number of valid (not deleted, not suspended) users

string

List of compa delimited languages (language tags) to enable. In case when an enabled language can not be loaded, error is logged.

When loading language configurations (config.xml) from the configured path(s).

string

One or more paths to locale config and translation files, separated by colon

string

Name of the query string parameter used to pass the language tag (it overrides Accept-Language header). Set it to empty string to disable detection from the query string. This parameter is ignored if only one language is enabled

bool

When enabled, Corteza all

bool

Log locale related events and actions

bool

When enabled, Corteza reloads language files on every request Enable this for debugging or developing.

bool

Disables JSON format for logging and enables more human-readable output with colors.

Disable for production.

string

Minimum logging level. If set to "warn", Levels warn, error, dpanic panic and fatal will be logged.

Recommended value for production: warn

Possible values: debug, info, warn, error, dpanic, panic, fatal

string

Log filtering rules by level and name (log-level:log-namespace). Please note that level (LOG_LEVEL) is applied before filter and it affects the final output!

Leave unset for production.

Example: warn+:* :auth,workflow. Log warnings, errors, panic, fatals. Everything from auth and workflow is logged.

See more examples and documentation here: https://github.com/moul/zapfilter

bool

Set to true to see where the logging was called from.

Disable for production.

string

Include stack-trace when logging at a specified level or below. Disable for production.

Possible values: debug, info, warn, error, dpanic, panic, fatal

bool

Enable messagebus

bool

Enable extra logging for messagebus watchers

time.Duration

Output (log) interval for monitoring.

string

Location where uploaded files are stored.

string

bool

string

string

string

string

component placeholder is replaced with service name (e.g system).

string

component placeholder is replaced with service name (e.g system).

bool

bool

Enable plugins

string

List of colon seperated paths or patterns where plugins could be found

bool

Controls if provision should run when the server starts.

string

Colon seperated paths to config files for provisioning.

bool

Enable extra logging // fixme add some more description

string

Set to enable Sentry client.

bool

Print out debugging information.

bool

Attach stacktraces

float32

Sample rate for event submission (0.0 - 1.0. defaults to 1.0)

int

Maximum number of bredcrumbs.

string

Set reported Server name.

string

Set reported Release.

string

Set reported distribution.

string

Set reported environment.

string

Gotenberg rendering container address.

bool

Is Gotenberg rendering container enabled.

bool

Enable/disable debug logging. To enable debug logging set UPGRADE_DEBUG=true.

bool

Controls if the upgradable systems should be upgraded when the server starts.

time.Duration

Delays API startup for the amount of time specified (10s, 2m…​). This delay happens before service (WAIT_FOR_SERVICES) probing.

bool

Show temporary status web page.

string

Space delimited list of hosts and/or URLs to probe. Host format: host or host:443 (port will default to 80).

time.Duration

Max time for each service probe.

time.Duration

Timeout for each service probe.

time.Duration

Interval between service probes.

bool

Enable extra logging for authentication flows

time.Duration

Time before WsServer gets timed out.

time.Duration

time.Duration

bool

Registers enabled and valid workflows and executes them when triggered

bool

Enables verbose logging for workflow execution

int

Defines the maximum call stack size between workflows