You are reading the documentation for an outdated Corteza release. 2024.9 is the latest stable Corteza release.

Server configuration

Connection to data store backend

DB_DSN

Type

string

Default

sqlite3://file::memory:?cache=shared&mode=memory

Description

Database connection string. = HTTP Client

HTTP_CLIENT_TIMEOUT

Type

time.Duration

Default

30s

Description

Default timeout for clients.

HTTP_CLIENT_TLS_INSECURE

Type

bool

Description

Allow insecure (invalid, expired TLS/SSL certificates) connections.

We strongly recommend keeping this value set to false except for local development or demos.

HTTP Server

HTTP_ADDR

Type

string

Default

:80

Description

IP and port for the HTTP server.

HTTP_API_BASE_URL

Type

string

Default

/

Description

When webapps are enabled (HTTP_WEBAPP_ENABLED) this is moved to '/api' if not explicitly set otherwise. API base URL is internaly prefixed with baseUrl

HTTP_API_ENABLED

Type

bool

HTTP_SERVER_ASSETS_PATH

Type

string

Description

Corteza will directly serve these assets (static files). When empty path is set (default value), embedded files are used.

HTTP_BASE_URL

Type

string

Default

/

Description

Base URL (prefix) for all routes (<baseUrl>/auth, <baseUrl>/api, …​)

DOMAIN

Type

string

Default

localhost

Description

Domain for the HTTP server.

DOMAIN_WEBAPP

Type

string

Default

localhost

Description

Domain for the HTTP webapp.

HTTP_ENABLE_DEBUG_ROUTE

Type

bool

Description

Enable /debug route.

HTTP_ENABLE_HEALTHCHECK_ROUTE

Type

bool

HTTP_METRICS

Type

bool

Description

Enable (prometheus) metrics.

HTTP_REPORT_PANIC

Type

bool

Description

Report HTTP panic to Sentry.

HTTP_ENABLE_VERSION_ROUTE

Type

bool

Description

Enable /version route.

HTTP_LOG_REQUEST

Type

bool

Description

Log HTTP requests.

HTTP_LOG_RESPONSE

Type

bool

Description

Log HTTP responses.

HTTP_METRICS_PASSWORD

Type

string

Description

Password for the metrics endpoint.

HTTP_METRICS_NAME

Type

string

Default

corteza

Description

Name for metrics endpoint.

HTTP_METRICS_USERNAME

Type

string

Default

metrics

Description

Username for the metrics endpoint.

HTTP_SSL_TERMINATED

Type

bool

Description

Is SSL termination enabled in ingres, proxy or load balancer that is in front of Corteza? By default, Corteza checks for presence of LETSENCRYPT_HOST environmental variable. This DOES NOT enable SSL termination in Cortreza!

HTTP_ERROR_TRACING

Type

bool

HTTP_SERVER_WEB_CONSOLE_ENABLED

Type

bool

Description

Enable web console. When running in dev environment, web console is enabled by default.

HTTP_SERVER_WEB_CONSOLE_PASSWORD

Type

string

Description

Password for the web console endpoint. When running in dev environment, password is not required.

Corteza intentionally sets default password to random chars to prevent security incidents.

HTTP_SERVER_WEB_CONSOLE_USERNAME

Type

string

Default

admin

Description

Username for the web console endpoint.

HTTP_WEBAPP_BASE_DIR

Type

string

Default

./webapp/public

HTTP_WEBAPP_BASE_URL

Type

string

Default

/

Description

Webapp base URL is internaly prefixed with baseUrl

HTTP_WEBAPP_ENABLED

Type

bool

HTTP_WEBAPP_LIST

Type

string

Default

admin,compose,workflow,reporter

RBAC options

RBAC_ANONYMOUS_ROLES

Type

string

Default

anonymous

Description

Space delimited list of role handles. These roles are automatically assigned to anonymous user. Memberships can not be managed for these roles.

RBAC_AUTHENTICATED_ROLES

Type

string

Default

authenticated

Description

Space delimited list of role handles. These roles are automatically assigned to authenticated user. Memberships can not be managed for these roles. System will refuse to start if roles listed here are also listed under anonymous roles

RBAC_BYPASS_ROLES

Type

string

Default

super-admin

Description

Space delimited list of role handles. These roles causes short-circuiting access control check and allowing all operations. System will refuse to start if check-bypassing roles are also listed as authenticated or anonymous auto-assigned roles.

RBAC_LOG

Type

bool

Description

Log RBAC related events and actions

RBAC_SERVICE_USER

Type

string

SCIM Server

SCIM_BASE_URL

Type

string

Default

/scim

Description

Prefix for SCIM API endpoints

SCIM_ENABLED

Type

bool

Description

Enable SCIM subsystem

SCIM_EXTERNAL_ID_AS_PRIMARY

Type

bool

Description

Use external IDs in SCIM API endpoints

SCIM_EXTERNAL_ID_VALIDATION

Type

string

Default

^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$

Description

Validates format of external IDs. Defaults to UUID

SCIM_SECRET

Type

string

Description

Secret to use to validate requests on SCIM API endpoints = Email sending

SMTP_FROM

Type

string

Description

The SMTP from email parameter

SMTP_HOST

Type

string

Description

The SMTP server hostname.

SMTP_PASS

Type

string

Description

The SMTP password.

SMTP_PORT

Type

int

Description

The SMTP post.

SMTP_TLS_INSECURE

Type

bool

Description

Allow insecure (invalid, expired TLS certificates) connections.

SMTP_TLS_SERVER_NAME

Type

string

SMTP_USER

Type

string

Description

The SMTP username. = Actionlog

ACTIONLOG_DEBUG

Type

bool

ACTIONLOG_ENABLED

Type

bool

ACTIONLOG_WORKFLOW_FUNCTIONS_ENABLED

Type

bool

API Gateway

APIGW_DEBUG

Type

bool

Description

Enable API Gateway debugging info

APIGW_ENABLED

Type

bool

Description

Enable API Gateway

APIGW_LOG_ENABLED

Type

bool

Description

Enable extra logging

APIGW_LOG_REQUEST_BODY

Type

bool

Description

Enable incoming request body output in logs

APIGW_PROFILER_ENABLED

Type

bool

Description

Enable profiler

APIGW_PROFILER_GLOBAL

Type

bool

Description

Profiler enabled for all routes

APIGW_PROXY_ENABLE_DEBUG_LOG

Type

bool

Description

Enable full debug log on requests / responses - warning, includes sensitive data

APIGW_PROXY_FOLLOW_REDIRECTS

Type

bool

Description

Follow redirects on proxy requests

APIGW_PROXY_OUTBOUND_TIMEOUT

Type

time.Duration

Default

30s

Description

Outbound request timeout = Authentication

AUTH_OAUTH2_ACCESS_TOKEN_LIFETIME

Type

time.Duration

Default

2h

Description

Lifetime of the access token. Should be shorter than lifetime of the refresh token.

AUTH_ASSETS_PATH

Type

string

Description

Path to js, css, images and template source files

When corteza starts, if path exists it tries to load template files from it.

When empty path is set (default value), embedded files are used.

AUTH_BASE_URL

Type

string

Description

Frontend base URL. Must be an absolute URL, with the domain. This is used for some redirects and links in auth emails.

Type

string

Default

same-site-authenticity-token

Description

Cookie name used for CSRF protection

AUTH_CSRF_ENABLED

Type

bool

Description

Enable CSRF protection

AUTH_CSRF_FIELD_NAME

Type

string

Default

same-site-authenticity-token

Description

Form field name used for CSRF protection

AUTH_CSRF_SECRET

Type

string

Description

Secret used for securing CSRF protection

If secret is not set, system auto-generates one from DB_DSN and HOSTNAME environment variables. Generated secret will change if you change any of these variables.

AUTH_DEFAULT_CLIENT

Type

string

Default

corteza-webapp

Description

Handle for OAuth2 client used for automatic redirect from /auth/oauth2/go endpoint.

This simplifies configuration for OAuth2 flow for Corteza Web applications as it removes the need to suply redirection URL and client ID (oauth2/go endpoint does that internally)

AUTH_DEVELOPMENT_MODE

Type

bool

Description

When enabled, corteza reloads template before every execution. Enable this for debugging or when developing auth templates.

Should be disabled in production where templates do not change between server restarts.

Type

string

Description

Secret used for securing cookies

If secret is not set, system auto-generates one from DB_DSN and HOSTNAME environment variables. Generated secret will change if you change any of these variables.

AUTH_EXTERNAL_REDIRECT_URL

Type

string

Description

Redirect URL to be sent with OAuth2 authentication request to provider

provider placeholder is replaced with the actual value when used.

AUTH_GARBAGE_COLLECTOR_INTERVAL

Type

time.Duration

Default

15min

Description

How often are expired sessions and tokens purged from the database

AUTH_JWT_ALGORITHM

Type

string

Default

HS512

Description

Algoritm to be use for JWT signature.

Supported valus: - HS256, HS384, HS512 - PS256, PS384, PS512, - RS256, RS384, RS512

Provide shared secret string for HS256, HS384, HS512 and full private key or path to the file PS* and RS* algorithms.

AUTH_JWT_KEY

Type

string

Description

Raw private key or absolute or relative path to the file containing one.

AUTH_LOG_ENABLED

Type

bool

Description

Enable extra logging for authentication flows

AUTH_PASSWORD_SECURITY

Type

bool

Description

Password security allows you to disable constraints to which passwords must conform to.

Disabling password security can be useful for development environments as it removes the need for complex passwords. Password security should be enabled on production environments to avoid security incidents

AUTH_PROVISION_SUPER_USER

Type

string

Description

When set, Corteza creates one or more users with the configured values using provided email as a password. It skips existing (email, handle). All new users are assigned to all bypass roles.

When set in production, Corteza stops and reports an error

AUTH_OAUTH2_REFRESH_TOKEN_LIFETIME

Type

time.Duration

Default

72h

Description

Lifetime of the refresh token. Should be much longer than lifetime of the access token.

Refresh tokens are used to exchange expired access tokens with new ones.

AUTH_REQUEST_RATE_LIMIT

Type

int

Default

60

Description

How many requests from a cerain IP address are allowed in a time window. Set to zero to disable

AUTH_REQUEST_RATE_WINDOW_LENGTH

Type

time.Duration

Default

1m

Description

How many requests from a cerain IP address are allowed in a time window

AUTH_JWT_SECRET

Type

string

Description

Secret used for signing JWT tokens. Value is used only when HS256, HS384 or HS512 algorithm is used.

If secret is not set, system auto-generates one from DB_DSN and HOSTNAME environment variables. Generated secret will change if you change any of these variables.

Type

string

Description

Session cookie domain

Type

string

Default

session

Description

Session cookie name

Type

string

Description

Session cookie path

Type

bool

Description

Defaults to true when HTTPS is used. Corteza will try to guess the this setting by

AUTH_SESSION_LIFETIME

Type

time.Duration

Default

24h

Description

Maximum time user is allowed to stay idle when logged in without "remember-me" option and before session is expired.

Recomended value is between an hour and a day.

This affects only profile (/auth) pages. Using applications (admin, compose, …​) does not prolong the session.

AUTH_SESSION_PERM_LIFETIME

Type

time.Duration

Default

8640h

Description

Duration of the session in /auth lasts when user logs-in with "remember-me" option.

If set to 0, "remember-me" option is removed. = Connection to Corredor

CORREDOR_ADDR

Type

string

Default

localhost:50051

Description

Hostname and port of the Corredor gRPC server.

CORREDOR_DEFAULT_EXEC_TIMEOUT

Type

time.Duration

CORREDOR_ENABLED

Type

bool

Description

Enable/disable Corredor integration

CORREDOR_LIST_REFRESH

Type

time.Duration

CORREDOR_LIST_TIMEOUT

Type

time.Duration

Default

2s

CORREDOR_MAX_BACKOFF_DELAY

Type

time.Duration

Default

1m

Description

Max delay for backoff on connection.

CORREDOR_MAX_RECEIVE_MESSAGE_SIZE

Type

int

Description

Max message size that can be recived.

CORREDOR_RUN_AS_ENABLED

Type

bool

CORREDOR_CLIENT_CERTIFICATES_CA

Type

string

Default

ca.crt

CORREDOR_CLIENT_CERTIFICATES_ENABLED

Type

bool

CORREDOR_CLIENT_CERTIFICATES_PATH

Type

string

Default

/certs/corredor/client

CORREDOR_CLIENT_CERTIFICATES_PRIVATE

Type

string

Default

private.key

CORREDOR_CLIENT_CERTIFICATES_PUBLIC

Type

string

Default

public.crt

CORREDOR_CLIENT_CERTIFICATES_SERVER_NAME

Type

string

Environment

ENVIRONMENT

Type

string

Default

production

Events and scheduler

EVENTBUS_SCHEDULER_ENABLED

Type

bool

Description

Enable eventbus scheduler.

EVENTBUS_SCHEDULER_INTERVAL

Type

time.Duration

Default

60s

Description

Set time interval for eventbus scheduler. = federation

FEDERATION_SYNC_DATA_MONITOR_INTERVAL

Type

time.Duration

Default

1m

Description

Delay in seconds for data sync

FEDERATION_SYNC_DATA_PAGE_SIZE

Type

int

Default

100

Description

Bulk size in fetching for data sync

FEDERATION_ENABLED

Type

bool

Description

Federation enabled on system, it toggles rest API endpoints, possibility to map modules in Compose and sync itself

FEDERATION_HOST

Type

string

Default

local.cortezaproject.org

Description

Host that is used during node pairing, also included in invitation

FEDERATION_LABEL

Type

string

Default

federated

Description

Federation label

FEDERATION_SYNC_STRUCTURE_MONITOR_INTERVAL

Type

time.Duration

Default

2m

Description

Delay in seconds for structure sync

FEDERATION_SYNC_STRUCTURE_PAGE_SIZE

Type

int

Default

1

Description

Bulk size in fetching for structure sync = Limits

LIMIT_SYSTEM_USERS

Type

int

Description

Maximum number of valid (not deleted, not suspended) users = locale

LOCALE_DEVELOPMENT_MODE

Type

bool

Description

When enabled, Corteza reloads language files on every request Enable this for debugging or developing.

LOCALE_LANGUAGES

Type

string

Default

en

Description

List of compa delimited languages (language tags) to enable. In case when an enabled language can not be loaded, error is logged.

When loading language configurations (config.xml) from the configured path(s).

LOCALE_LOG

Type

bool

Description

Log locale related events and actions

LOCALE_PATH

Type

string

Description

One or more paths to locale config and translation files, separated by colon
When with LOCALE_DEVELOPMENT_MODE=true, default value for path is ../../locale

LOCALE_QUERY_STRING_PARAM

Type

string

Default

lng

Description

Name of the query string parameter used to pass the language tag (it overrides Accept-Language header). Set it to empty string to disable detection from the query string. This parameter is ignored if only one language is enabled

LOCALE_RESOURCE_TRANSLATIONS_ENABLED

Type

bool

Description

When enabled, an editor for resource translations is enabled in UI = log

LOG_DEBUG

Type

bool

Description

Disables json format for logging and enables more human-readable output with colors.

Disable for production.

LOG_FILTER

Type

string

Description

Log filtering rules by level and name (log-level:log-namespace). Please note that level (LOG_LEVEL) is applied before filter and it affects the final output!

Leave unset for production.

Example: warn+:* :auth,workflow. Log warnings, errors, panic, fatals. Everything from auth and workflow is logged.

See more examples and documentation here: https://github.com/moul/zapfilter

LOG_INCLUDE_CALLER

Type

bool

Description

Set to true to see where the logging was called from.

Disable for production.

LOG_LEVEL

Type

string

Default

warn

Description

Minimum logging level. If set to "warn", Levels warn, error, dpanic panic and fatal will be logged.

Recommended value for production: warn

Possible values: debug, info, warn, error, dpanic, panic, fatal

LOG_STACKTRACE_LEVEL

Type

string

Default

dpanic

Description

Include stack-trace when logging at a specified level or below. Disable for production.

Possible values: debug, info, warn, error, dpanic, panic, fatal

Messaging queue

MESSAGEBUS_ENABLED

Type

bool

Description

Enable messagebus

MESSAGEBUS_LOG_ENABLED

Type

bool

Description

Enable extra logging for messagebus watchers = Monitoring

MONITOR_INTERVAL

Type

time.Duration

Default

5m

Description

Output (log) interval for monitoring. = Object (file) storage

MINIO_ACCESS_KEY

Type

string

MINIO_BUCKET

Type

string

Default

{component}

Description

component placeholder is replaced with service name (e.g system).

MINIO_ENDPOINT

Type

string

MINIO_PATH_PREFIX

Type

string

Description

component placeholder is replaced with service name (e.g system).

MINIO_SSEC_KEY

Type

string

MINIO_SECRET_KEY

Type

string

MINIO_SECURE

Type

bool

MINIO_STRICT

Type

bool

STORAGE_PATH

Type

string

Default

var/store

Description

Location where uploaded files are stored. = Provisioning

PROVISION_ALWAYS

Type

bool

Description

Controls if provision should run when the server starts.

PROVISION_PATH

Type

string

Default

provision/*

Description

Colon seperated paths to config files for provisioning. = Sentry monitoring

SENTRY_DSN

Type

string

Description

Set to enable Sentry client.

SENTRY_ATTACH_STACKTRACE

Type

bool

Description

Attach stacktraces

SENTRY_DEBUG

Type

bool

Description

Print out debugging information.

SENTRY_DIST

Type

string

Description

Set reported distribution.

SENTRY_ENVIRONMENT

Type

string

Description

Set reported environment.

SENTRY_MAX_BREADCRUMBS

Type

int

Description

Maximum number of bredcrumbs.

SENTRY_RELEASE

Type

string

Description

Set reported Release.

SENTRY_SAMPLE_RATE

Type

float64

Description

Sample rate for event submission (0.0 - 1.0. defaults to 1.0)

SENTRY_SERVERNAME

Type

string

Description

Set reported Server name.

SENTRY_WEBAPP_DSN

Type

string

Description

Set to enable Sentry client for webapp. = Rendering engine

TEMPLATE_RENDERER_GOTENBERG_ADDRESS

Type

string

Description

Gotenberg rendering container address.

TEMPLATE_RENDERER_GOTENBERG_ENABLED

Type

bool

Description

Is Gotenberg rendering container enabled. = Data store (database) upgrade

UPGRADE_ALWAYS

Type

bool

Description

Controls if the upgradable systems should be upgraded when the server starts.

UPGRADE_DEBUG

Type

bool

Description

Enable/disable debug logging. To enable debug logging set UPGRADE_DEBUG=true. = Delay system startup

WAIT_FOR

Type

time.Duration

Description

Delays API startup for the amount of time specified (10s, 2m…​). This delay happens before service (WAIT_FOR_SERVICES) probing.

WAIT_FOR_SERVICES

Type

string

Description

Space delimited list of hosts and/or URLs to probe. Host format: host or host:443 (port will default to 80).

Services are probed in parallel.

WAIT_FOR_SERVICES_PROBE_INTERVAL

Type

time.Duration

Default

5s

Description

Interval between service probes.

WAIT_FOR_SERVICES_PROBE_TIMEOUT

Type

time.Duration

Default

30s

Description

Timeout for each service probe.

WAIT_FOR_SERVICES_TIMEOUT

Type

time.Duration

Default

1m

Description

Max time for each service probe.

WAIT_FOR_STATUS_PAGE

Type

bool

Description

Show temporary status web page. = Websocket server

WEBSOCKET_LOG_ENABLED

Type

bool

Description

Enable extra logging for authentication flows

WEBSOCKET_PING_PERIOD

Type

time.Duration

Default

119s

WEBSOCKET_PING_TIMEOUT

Type

time.Duration

Default

120s

WEBSOCKET_TIMEOUT

Type

time.Duration

Default

15s

Description

Time before WsServer gets timed out. = Workflow

WORKFLOW_CALL_STACK_SIZE

Type

int

Description

Defines the maximum call stack size between workflows

WORKFLOW_EXEC_DEBUG

Type

bool

Description

Enables verbose logging for workflow execution

WORKFLOW_REGISTER

Type

bool

Description

Registers enabled and valid workflows and executes them when triggered

WORKFLOW_STACK_TRACE_ENABLED

Type

bool

Description

Enables execution stack trace construction

WORKFLOW_STACK_TRACE_FULL

Type

bool

Description

Forces the stack trace to record all steps = Discovery

DISCOVERY_BASE_URL

Type

string

Description

Indicates host of corteza discovery server

DISCOVERY_CORTEZA_DOMAIN

Type

string

Description

Indicates host of corteza compose webapp

DISCOVERY_DEBUG

Type

bool

Description

Enable discovery related activity info

DISCOVERY_ENABLED

Type

bool

Description

Enable discovery endpoints = attachment

AVATAR_INITIALS_BACKGROUND_COLOR

Type

string

Default

#F3F3F3

Description

Avatar initials background color

AVATAR_INITIALS_COLOR

Type

string

Default

#162425

Description

Avatar initials text color

AVATAR_INITIALS_FONT_PATH

Type

string

Default

fonts/Poppins-Regular.ttf

Description

Avatar initials font file path

ATTACHMENT_AVATAR_MAX_FILE_SIZE

Type

int64

Description

Avatar image maximum upload size, default value is 1MB = webapp

WEBAPP_SCSS_DIR_PATH

Type

string

Description

Path to custom SCSS source files directory