ADF consists of multiple microservices, including own images, and some opensource images. In most cases configuration distributed through configuration server and delivered with configuration client (adfconfcli) a small init/process manager, which starts actual processes. Some images provided as-is, without adfconfcli integration, so they may need to be configured separately through ENV variables within compose file. Adfconfcli itself require minimal initial configuration to be able to introduce itself to configuration server. This requires several env variables to be set inside compose file too.
Within all configuration options BOLDs are mandatory to be set (defaults won’t fit any real case).
bool
true, t, 1 = true
false, f, 0 = false
any other value = false
default = false
(u)int
Integer value. Size could be 8, 16, 32, 64 etc.
string
Normal string representation
Theese values should be set within every related service description ENV variables in compose file, if service image contains adfconfcli.
| name | default value | value format | description |
|---|---|---|---|
| ADFCONF_HOST | localhost | string | hostname for ADF Configuration Server adfconfcli need to communicate with |
| ADFCONF_PORT | 3446 | string | port for ADF Configuration Server adfconfcli need to communicate with |
| ADFCONF_NAME | testing | string | name of the service adfconfcli managing in that instance |
| ADFCONF_PASS | testing | string | passkey, required to authenticate adfconfcli to the Configuration server |
| ADFCONF_TERMINATE_ON_UPDATE | false | bool | In normal mode adfconfcli would only restart managed process, when it finds any configuration value updated(changed) |
| ADFCONF_SKIP | false | bool | Could be deprecated any time soon! You only need it in case of emergency or testing. If configuratoin server not available or should be skipped, adfconfcli would unconditionally and immediately start managed process without setting any of the variables. You would need to set them |
| name | default value | value format | description |
|---|---|---|---|
| SYSTEM_NAME | ADF Server | string | Name of the system(installation) which would be displayed on top of the administration interface |
| HOST | 0.0.0.0 | string | host to listen for webservice connections |
| PORT | 3080 | string | Port number to run webservice |
| SERVE_TLS | false | bool | Defines if admin service should serve webservice through TLS or not. In production should be set to true! |
| TLS_PORT | 3443 | string | Port number to run webservice with TLS on |
| TLS_CERT | string | TLS certificate chain may be set directly in this option in PEM text format. If not set, would be read from file from fallback value of CERT_PATH | |
| TLS_KEY | string | TLS key may be set directly in this option in PEM text format. If not set, would be read from file from fallback value of KEY_PATH | |
| CERT_PATH | string | path to TLS certificate chain file mount within container | |
| KEY_PATH | string | path to TLS key file mount within container | |
| DB_URL | mongodb://localhost:27017 | string | URL for mongo database connection. In normal production environment it should point to mongos service, which acts as mongo sharded cluster interface, but could also point to standalone mongo server with replicaset mode initialized for main databases. |
| AUDIT_DB_NAME | adf_audit | string | Name of the database used for audit logging. |
| USERS_DB_NAME | adf_users | string | Name of the database used for user storage. |
| TGOTP_DB_NAME | adf_tgotp | string | Name of the database used for telegram bot. |
| SYSLOGADDR | localhost:514 | string | Address and port of syslog server to pass logs to |
| SYSLOGPROTO | udp | string | only udp supported at that moment |
| LOGFORMAT | json | string | only json supported at that moment |
| AUTOPROVISION | false | bool | Enables autoprovision for users, using LDAP_CONNECTORS which should be explicitly enabled for autoprovision within admin interface |
| AUTOPROVISION_SCHEDULE | 0 0 0/1 * * * * | string | Cron-like schedule for autoprovision, but with seconds on the first placeholder. Defaults to every 1 hour provision. |
| ACTIVATE_TG_ON_PROV | string | Sets behaviour of the system, when autoprovision performed. If new user found and being registered in the system, it would define weither or not automatically activate telegram method to that user by email. Possible values are * (means any user) or some [group_name] (only for users that participating certain group). This method of activation works only at registration time! Adding user to particular group later would do nothing. | |
| MAILER_HOST | localhost | string | SMTP server hostname/addr. You may want to set it to your real SMTP server hostname. |
| MAILER_PORT | 587 | uint16 | SMTP server port |
| MAILER_USER | None | string | SMTP username. If not set, SMTP would try to send mail messages without authentication |
| MAILER_PASS | None | string | SMTP password |
| MAILER_FROM | adf@localhost | string | What address would appear in FROM header of mail message. Usually it should be noreply@yourdomain.tld |
| MAILER_FROM_NAME | ADF Server | string | Name of the sender for FROM header of mail message. |
| MAILER_TRANSPORT_TYPE | SmtpStarttls | string | Type of the SMTP server connection. Could be either: SmtpStarttls, SmtpTls,SmtpInsecure, Api (last optoin uses Postal api to send out mail messages) |
| MAILER_TLS_IGNORECERT | false | bool | Weither to ignore certificate of the SMTP server or not |
| MAILER_RESTRICTIONS | string | Restriction in form of regular expression, which checks outgoing email address for pattern. If regular expression matches, then email pass the filter and released, if no match, then message would be suppressed. Example: “^[^@]+@adf.rs$” | |
| TGBOT_SERVICE_ADDR | tgbot | string | ADF TGbot API address. Used to send out notifications to user. |
| TGBOT_SERVICE_PORT | 8643 | uint16 | ADF TGbot API port |
| SELFSERVICE_ENABLED | false | bool | Should ADF selfservice be enabled or not? Currently it supports password change for users that forced to change password on next logon by administrator. User would receive telegram notification on login authorization event in that case. |
| SELFSERVICE_ADDRESSES | localhost | string | Comma separated hostnames or addresses of ADF GW machines, which should be called by admin service to establish TCP connection to enable bilateral message exchange. |
| SELFSERVICE_SUBDOMAIN | localhost | string | SNI domain name used to connect ADF GW machines, on which the selfservice is server. Currently supported only one. |
| SELFSERVICE_TLS_PORT | 443 | uint16 | Port used to connect to ADF GW |
| SELFSERVICE_SECRET | some random 64 symbol shared secret… | string | Shared secret that should be set on both sides to allow connection of ADF Admin service to ADF GW selfservice interface. |
| SELFSERVICE_CHPASS_VALIDITY | 10 | uint64 | Time allotted for password change via selfservice. |
| SELFSERVICE_FORCEPASS_NOTIF_TPL | Dear User. System noticed that your account forced to renew your password. Unfortunately we can’t proceed with authentication.\n Please follow the link to selfservice which were activated for you for limited timeframe: https://{address}/lp/chp?token= | string | Template of notification to user if selfservice were activated for him at login authorization event. |
| EMERG_BYPASS_AVAIL | false | bool | Emergency bypass allows certain administrators to enable bypass of second factor in case of emergency (Internet lockout, external messaging services banned or unavailable), to allow users to enter with less factors. Usually you don’t need that option, but in some organizations business continuity requires to sacrifice security for business processes to continue running. |
| EMERG_BYPASS_VOTE_MIN | 64 | uint8 | Weight of role required to be able to vote. Current builtin roles are: auditor=8, operator=64, admin=128, superadmin=255. Users would vote for Emerg bypass by their weights, until required total weight would be reached. It allows simple but flexible way of delegating right to vote for it. Superadmin has exclusive right to vote alone, because uint8 won’t exceed 255, which exactly the weight of superadmin. This might be changed in future. |
| EMERG_BYPASS_VOTE_REQ | 129 | uint8 | Total weight of votes required to enable bypass. By default admin+operator (or superadmin alone) may be sufficient to achieve necessary weight. |
| PFL_THRESHOLD | 5 | uint8 | Determines threshold of failed password attempts allowed before lock. |
| PFL_EVENT_DURATION | 300 | uint32 | Password failed event TTL duration. |
| PFL_NOTIF_TPL | Dear {username}! Your account exceeded failed password checks threshold. You should wait before some previous attempts expire, depending on your local password policy. | string | Notification message template sent when PFL timelock become active. |
| AUDIT_RETENTION | 365 | uint64 | Audit logs retention period in days. |
| COMM_DISCOVERY | relay:3448(relay) | string | Messaging service discovery. |
| COMM_SERVICE_NAME | admin | string | Messaging service credentials name. |
| COMM_SERVICE_KEY | string | Messaging service credentials key. |
| name | default value | value format | description |
|---|---|---|---|
| TG_API_KEY | string | Telegram API key from BotFather | |
| TG_BOT_NAME | string | Telegram bot name. | |
| WEBHOOK_ENABLE | false | bool | Defines if bot should use webhooks (true) or polling (false). |
| WEBHOOK_URL | string | Public url that Telegram will send updates to. This should be set if WEBHOOK_ENABLED=true. | |
| WEBHOOK_PORT | 8443 | uint16 | Port number to listen webhook updates. |
| HOST | 0.0.0.0 | string | ADF TGbot API host. |
| PORT | 8646 | uint16 | ADF TGbot API port. |
| SERVE_TLS | true | bool | Defines if admin service should serve webservice through TLS or not. In production should be set to true! |
| KEY | string | Certificate as a String: -----BEGIN CERTIFICATE----- … -----END CERTIFICATE----- If the value is empty then KEY_PATH will be used. |
|
| CERT | string | Certificate as a String: -----BEGIN CERTIFICATE----- … -----END CERTIFICATE----- If the value is empty then CERT_PATH will be used. |
|
| KEY_PATH | shared/default/key.pem | string | Path to TLS key file mount within container. This is only used if KEY value is empty. |
| CERT_PATH | shared/default/cert.pem | string | Path to TLS certificate chain file mount within container. This is only used if CERT value is empty. |
| SOURCE_LOGIN | string | Login for API submission. | |
| SOURCE_PASSWORD | string | Password for API submission. | |
| MEDIA_PATH | shared/default | string | Path to confirm.png and deny.png |
| LEADER_API_PORT | 8080 | uint16 | Port number to run API on Leader. |
| REQWEST_RETRY_INTERVAL | 3 | uint16 | Time in seconds after which the request must be resent to Leader API in case of a failure. |
| MAX_REQWEST_RETRIES | 3 | uint16 | Number of repeated requests to Leader API, after which an error will be returned. |
| MONGO_URL | mongodb://mongo:27017/?maxPoolSize=20&w=majority | string | URL for mongo database connection. In normal production environment it should point to mongos service, which acts as mongo sharded cluster interface, but could also point to standalone mongo server with replicaset mode initialized for main databases. |
| DATABASE_NAME | tgotp | string | Name of the database used for telegram bot. |
| USER_COLLECTION | user_linking | string | Name of the collection used for linked users. |
| REQ_COLLECTION | pending_requests | string | Name of the collection used for dynauth requests. |
| OTP_COLLECTION | otp_requests | string | Name of the collection used for OTP requests. |
| CUSTOM_MESSAGE_COLLECTION | custom_message_requests | string | Name of the collection used for custom message requests. |
| DIALOG_COLLECTION | dialogs | string | Name of the collection used for tg dialogue states. |
| MESSAGES_COLLECTION | messages | string | Name of the collection used for messages for users in different languages. |
| MESSAGES_JSON_PATH | shared/default/message_lang.json | string | Path to json with messages for users in different languages. |
| NODES_SOCKET_PORT | 12345 | uint16 | Port number to run UdpSocket on Nodes. |
| NODES_MAX_COUNT | 3 | uint16 | Number of running nodes within container. |
| LEADER_INTERVAL | 1000 | uint16 | Frequency in milliseconds at which Leader sends messages. |
| FOLLOWER_COEF | 5 | uint32 | Minimum Follower lifetime is calculated as LEADER_INTERVAL multiplied by FOLLOWER_COEF. |
| MESSAGE_DISCOVERY_METHOD | dns | string | Sets the method for discovering other nodes in the cluster. Possible values are dns or broadcast. Otherwise dns. |
| LOOKUP_ADDRS | string | Performs a DNS lookup of the IP address of nodes in the cluster for the given hostnames. Example: “hostname1,hostname2,hostname3”. This should be set if MESSAGE_DISCOVERY_METHOD=dns. | |
| MULTICAST_ADDR | 224.0.0.1 | string | Looks up the IP addresses of nodes in the cluster using a multicast address. This should be set if MESSAGE_DISCOVERY_METHOD=multicast. |
| MAX_MISS_REQUESTS | 100 | uint16 | Number of missed requests from the leader. The leader and everyone else will remove the node from the address list if exceeded. |
| LOG_PATH | log/log.redb | string | Path to entry log. It must be a redb file. |
| RUNNING_IN_SWARM | true | bool | Determines whether the application is running in Swarm mode. |
| LINK_VALIDITY | 1 | uint16 | Time of life in hours of issued random link for binding user with his telegram account. |
| REMOVE_LINKED_WHEN_BLOCKED | false | bool | Sets behaviour of the system, when user blocks a bot. If set to true, it removes linking. |
| OTP_LIFETIME | 120 | uint16 | OTP code validity time in seconds. |
| OTP_TRIES_LIMIT | 3 | uint16 | Number of wrong OTP checks. Sends a new code, sets failed_checks to 0 and increases retry_counter by 1 if reached this value. |
| OTP_RETRY_LIMIT | 3 | uint16 | Number of retry OTP checks. Blocks the user on OTP_BLOCKED_TIME if reached this value. |
| OTP_BLOCKED_TIME | 15 | uint32 | Time of user blocking in minutes. |
| DYN_LIFETIME | 60 | uint16 | DynAuth request validity time in seconds. |
| CUSTOM_MESSAGE_LIFETIME | 120 | uint16 | CustomMessage request validity time in seconds. |
| SYSLOGADDR | localhost:514 | string | Address and port of syslog server to pass logs to. |
| LOG_HUMAN_READABLE | false | bool | Enables human_readable for LogLayer. |
| name | default value | value format | description |
|---|---|---|---|
| TGBOT_URI | (mandatory if no AUTH_API used) ??? … | ||
| DOMAIN_PASS | (mandatory if AD join required) … | ||
| ADC_IP | (mandatory if AD join required) … | ||
| ADC_REALM | (mandatory if AD join required) … | ||
| ADC_HOST | (mandatory if AD join required) … | ||
| WORKGROUP | (mandatory if AD join required) … |
if [[ -n “${RADIUS_LDAP_TGBOT_DYNAUTH_PORT}” ]] ; then
ENV_MANDATORY RADIUS_LDAP_TGBOT_DYNAUTH_FILTER
fi
if [[ -n “${RADIUS_LDAP_PORT}” ]] ; then
ENV_MANDATORY RADIUS_LDAP_FILTER
ENV_MANDATORY DOMAIN_LDAP_USER
ENV_MANDATORY DOMAIN_LDAP_USER
ENV_MANDATORY DOMAIN_PASS
ENV_MANDATORY DOMAIN_OU
fi
if default used
if [[ “${RADIUS_TRANSPORT,}” == “tls” ]] ; then
ENV_MANDATORY RADIUS_TLS_CERT
ENV_MANDATORY RADIUS_TLS_KEY
fi
if [[ “${RADIUS_OTP_SEND_TRANSPORT,}” == “tls” ]] ; then
ENV_MANDATORY RADIUS_OTP_SEND_TLS_CERT
ENV_MANDATORY RADIUS_OTP_SEND_TLS_KEY
fi
if [[ “${RADIUS_OTP_CHECK_TRANSPORT,}” == “tls” ]] ; then
ENV_MANDATORY RADIUS_OTP_CHECK_TLS_CERT
ENV_MANDATORY RADIUS_OTP_CHECK_TLS_KEY_PASS
fi
if [[ “${RADIUS_OTP_PASS_TRANSPORT,}” == “tls” ]] ; then
ENV_MANDATORY RADIUS_OTP_PASS_TLS_CERT
ENV_MANDATORY RADIUS_OTP_PASS_TLS_KEY
fi
if [[ “${RADIUS_EAP_TRANSPORT,}” == “tls” ]] ; then
ENV_MANDATORY RADIUS_EAP_TLS_CERT
ENV_MANDATORY RADIUS_EAP_TLS_KEY
fi
if [[ “${RADIUS_ACCOUNTING_TRANSPORT,}” == “tls” ]] ; then
ENV_MANDATORY RADIUS_ACCOUNTING_TLS_CERT
ENV_MANDATORY RADIUS_ACCOUNTING_TLS_KEY
fi
if [[ “${RADIUS_LDAP_TGBOT_DYNAUTH_TRANSPORT,}” == “tls” ]] ; then
ENV_MANDATORY RADIUS_LDAP_TGBOT_DYNAUTH_TLS_CERT
ENV_MANDATORY RADIUS_LDAP_TGBOT_DYNAUTH_TLS_KEY
fi
if [[ “${RADIUS_LDAP_TRANSPORT,}” == “tls” ]] ; then
ENV_MANDATORY RADIUS_LDAP_TLS_CERT
ENV_MANDATORY RADIUS_LDAP_TLS_KEY
fi
TGBOT_URI
export TGBOT_DYNAUTH_SUBMIT_URI=“${TGBOT_DYNAUTH_SUBMIT_URI:-${TGBOT_URI}/dynauth/submit}”
export TGBOT_OTP_SEND_URI=“${TGBOT_OTP_SEND_URI:-${TGBOT_URI}/otp/send}”
export TGBOT_OTP_CHECK_URI=“${TGBOT_OTP_CHECK_URI:-${TGBOT_URI}/otp/check}”
export TGBOT_DYNAUTH_SEND_URI=“${TGBOT_DYNAUTH_SEND_URI:-${TGBOT_URI}/dynauth/send}”
export TGBOT_DYNAUTH_CHECK_URI=“${TGBOT_DYNAUTH_CHECK_URI:-${TGBOT_URI}/dynauth/check}”
export TGBOT_NAS_IP_PREFIX=“${TGBOT_NAS_IP_PREFIX:-NAS-IP_prefix_}”
ADF.admin API root: $
if [ -n “${AUTH_API_URI}” ]
then
export AUTH_API__CHECK_USER_URI=“${AUTH_API__AUTHORIZE_URI:-${AUTH_API_URI}/authorize}”
export AUTH_API__CHECK_PASS_URI=“${AUTH_API__AUTH_URI:-${AUTH_API_URI}/auth}”
fi
radius protocol settings
export RADIUS_PROTO=“${RADIUS_PROTO:-udp}”
export RADIUS_TRANSPORT=“${RADIUS_TRANSPORT:-udp}”
#RADIUS_TLS_CERT
#RADIUS_TLS_KEY
#RADIUS_TLS_KEY_PASS
defaults for OPT_SEND
export RADIUS_OTP_SEND_PROTO=“${RADIUS_OTP_SEND_PROTO:-${RADIUS_PROTO}}”
export RADIUS_OTP_SEND_TRANSPORT=“${RADIUS_OTP_SEND_TRANSPORT:-${RADIUS_TRANSPORT}}”
export RADIUS_OTP_SEND_TLS_CERT=“${RADIUS_OTP_SEND_TLS_CERT:-${RADIUS_TLS_CERT}}”
export RADIUS_OTP_SEND_TLS_KEY=“${RADIUS_OTP_SEND_TLS_KEY:-${RADIUS_TLS_KEY}}”
export RADIUS_OTP_SEND_TLS_KEY_PASS=“${RADIUS_OTP_SEND_TLS_KEY_PASS:-${RADIUS_TLS_KEY_PASS}}”
defaults for OPT_CHECK
export RADIUS_OTP_CHECK_PROTO=“${RADIUS_OTP_CHECK_PROTO:-${RADIUS_PROTO}}”
export RADIUS_OTP_CHECK_TRANSPORT=“${RADIUS_OTP_CHECK_TRANSPORT:-${RADIUS_TRANSPORT}}”
export RADIUS_OTP_CHECK_TLS_CERT=“${RADIUS_OTP_CHECK_TLS_CERT:-${RADIUS_TLS_CERT}}”
export RADIUS_OTP_CHECK_TLS_KEY=“${RADIUS_OTP_CHECK_TLS_KEY:-${RADIUS_TLS_KEY}}”
export RADIUS_OTP_CHECK_TLS_KEY_PASS=“${RADIUS_OTP_CHECK_TLS_KEY_PASS:-${RADIUS_TLS_KEY_PASS}}”
defaults for OPT_PASS
export RADIUS_OTP_PASS_PROTO=“${RADIUS_OTP_PASS_PROTO:-${RADIUS_PROTO}}”
export RADIUS_OTP_PASS_TRANSPORT=“${RADIUS_OTP_PASS_TRANSPORT:-${RADIUS_TRANSPORT}}”
export RADIUS_OTP_PASS_TLS_CERT=“${RADIUS_OTP_PASS_TLS_CERT:-${RADIUS_TLS_CERT}}”
export RADIUS_OTP_PASS_TLS_KEY=“${RADIUS_OTP_PASS_TLS_KEY:-${RADIUS_TLS_KEY}}”
export RADIUS_OTP_PASS_TLS_KEY_PASS=“${RADIUS_OTP_PASS_TLS_KEY_PASS:-${RADIUS_TLS_KEY_PASS}}”
defaults for EAP
export RADIUS_EAP_PROTO=“${RADIUS_EAP_PROTO:-${RADIUS_PROTO}}”
export RADIUS_EAP_TRANSPORT=“${RADIUS_EAP_TRANSPORT:-${RADIUS_TRANSPORT}}”
export RADIUS_EAP_TLS_CERT=“${RADIUS_EAP_TLS_CERT:-${RADIUS_TLS_CERT}}”
export RADIUS_EAP_TLS_KEY=“${RADIUS_EAP_TLS_KEY:-${RADIUS_TLS_KEY}}”
export RADIUS_EAP_TLS_KEY_PASS=“${RADIUS_EAP_TLS_KEY_PASS:-${RADIUS_TLS_KEY_PASS}}”
defaults for ACCOUNTING
export RADIUS_ACCOUNTING_PROTO=“${RADIUS_ACCOUNTING_PROTO:-${RADIUS_PROTO}}”
export RADIUS_ACCOUNTING_TRANSPORT=“${RADIUS_ACCOUNTING_TRANSPORT:-${RADIUS_TRANSPORT}}”
export RADIUS_ACCOUNTING_TLS_CERT=“${RADIUS_ACCOUNTING_TLS_CERT:-${RADIUS_TLS_CERT}}”
export RADIUS_ACCOUNTING_TLS_KEY=“${RADIUS_ACCOUNTING_TLS_KEY:-${RADIUS_TLS_KEY}}”
export RADIUS_ACCOUNTING_TLS_KEY_PASS=“${RADIUS_ACCOUNTING_TLS_KEY_PASS:-${RADIUS_TLS_KEY_PASS}}”
defaults for LDAP_TGBOT_DYNAUTH
export RADIUS_LDAP_TGBOT_DYNAUTH_PROTO=“${RADIUS_LDAP_TGBOT_DYNAUTH_PROTO:-${RADIUS_PROTO}}”
export RADIUS_LDAP_TGBOT_DYNAUTH_TRANSPORT=“${RADIUS_LDAP_TGBOT_DYNAUTH_TRANSPORT:-${RADIUS_TRANSPORT}}”
export RADIUS_LDAP_TGBOT_DYNAUTH_TLS_CERT=“${RADIUS_LDAP_TGBOT_DYNAUTH_TLS_CERT:-${RADIUS_TLS_CERT}}”
export RADIUS_LDAP_TGBOT_DYNAUTH_TLS_KEY=“${RADIUS_LDAP_TGBOT_DYNAUTH_TLS_KEY:-${RADIUS_TLS_KEY}}”
export RADIUS_LDAP_TGBOT_DYNAUTH_TLS_KEY_PASS=“${RADIUS_LDAP_TGBOT_DYNAUTH_TLS_KEY_PASS:-${RADIUS_TLS_KEY_PASS}}”
defaults for LDAP
export RADIUS_LDAP_PROTO=“${RADIUS_LDAP_PROTO:-${RADIUS_PROTO}}”
export RADIUS_LDAP_TRANSPORT=“${RADIUS_LDAP_TRANSPORT:-${RADIUS_TRANSPORT}}”
export RADIUS_LDAP_TLS_CERT=“${RADIUS_LDAP_TLS_CERT:-${RADIUS_TLS_CERT}}”
export RADIUS_LDAP_TLS_KEY=“${RADIUS_LDAP_TLS_KEY:-${RADIUS_TLS_KEY}}”
export RADIUS_LDAP_TLS_KEY_PASS=“${RADIUS_LDAP_TLS_KEY_PASS:-${RADIUS_TLS_KEY_PASS}}”
| name | default value | value format | description |
|---|---|---|---|
| FLUENTD_CONF | (mandatory) string | ||
| FLUENTD_PLUGINS | (mandatory) string | (path) | |
| FLUENTD_LOG | (mandatory) string | (path) | |
| AUDIT_DB_NAME | “adf_audit” | string | |
| ERROR_DB_NAME | “adf_error” | string | |
| OTHER_DB_NAME | “adf_all_logs” | string | |
| AUDIT_REPLICA_SET | “adf_rs” | string | |
| ERROR_REPLICA_SET | “adf_rs” | string | |
| OTHER_REPLICA_SET | “adf_rs” | string | |
| AUDIT_COLLECTION | “audit” | string | |
| ERROR_COLLECTION | “error” | string | |
| OTHER_COLLECTION | “all” | string | |
| AUDIT_DB_URL | “${DB_URL}/${AUDIT_DB_NAME}” | string | |
| ERROR_DB_URL | “${DB_URL}/${ERROR_DB_NAME}” | string | |
| OTHER_DB_URL | “${DB_URL}/${OTHER_DB_NAME}” | string | |
| AUDIT_CAPPED_SIZE | size | ||
| ERROR_CAPPED_SIZE | size | ||
| OTHER_CAPPED_SIZE | 1024m | size |
| REMOTE_SYSLOG_HOST | | | |
| REMOTE_SYSLOG_PORT | 1999 | port | |
| REMOTE_SYSLOG_PROTO | tcp | string | tcp / udp |
| name | default value | value format | description |
|---|---|---|---|
| MONGO_URI | - | string | |
| DUMP_PATH | - | string | |
| DUMP_PREFIX | - | string | |
| DUMP_SUFFIX | - | string | |
| DEBUG | - | flag | |
| LOG_PATH | - | path |
SSO-web-proxy
| name | default value | value format | description |
|---|---|---|---|
| PROXY_HOSTNAME | |||
| APACHE_HTTPS_PORT | 80 | (mandatory) string | |
| APACHE_HTTP_PORT | 443 | (mandatory) string | |
| PROXY_CERT | |||
| PROXY_CERT_KEY | |||
| PROXY_DEST | |||
| PROXY_USE_SSL | false | flag | (empty for ‘false’) |
| PROXY_KRB_ADC_HOST | |||
| PROXY_KRB_ADC_IP | |||
| PROXY_KRB_AUTH_NAME | |||
| PROXY_KRB_DOMAIN_NAME | |||
| PROXY_KRB_KEYTAB | |||
| PROXY_KRB_REALM | |||
| PROXY_KRB_SERVICENAME | |||
| TZ | string | Timezone string (ex. “Europe/Moscow”) | |
| DEBUG | false | bool | |
| APACHE_KRB_DEBUG | apache config: LogLevel debug auth_kerb:$ |
Kirill B. Lebedev, 2024
Proprietary. Copying without licensing agreement prohibited.