Settings Service Configuration
Configuration
Environment Variables
The settings service is configured via the following environment variables:
| Name | Type | Default Value | Description |
|---|---|---|---|
|
bool |
false |
Activates tracing. |
|
string |
|
The type of tracing. Defaults to "", which is the same as "jaeger". Allowed tracing types are "jaeger" and "" as of now. |
|
string |
|
The endpoint of the tracing agent. |
|
string |
|
The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset. |
|
string |
|
The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace". |
|
bool |
false |
Activates pretty log output. |
|
bool |
false |
Activates colorized log output. |
|
string |
|
The path to the log file. Activates logging to this file if set. |
|
string |
127.0.0.1:9194 |
Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed. |
|
string |
|
Token to secure the metrics endpoint. |
|
bool |
false |
Enables pprof, which can be used for profiling. |
|
bool |
false |
Enables zpages, which can be used for collecting and viewing in-memory traces. |
|
string |
127.0.0.1:9190 |
The bind address of the HTTP service. |
|
bool |
false |
Activates TLS for the http based services using the server certifcate and key configured via OCIS_HTTP_TLS_CERTIFICATE and OCIS_HTTP_TLS_KEY. If OCIS_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true. |
|
string |
|
Path/File name of the TLS server certificate (in PEM format) for the http services. |
|
string |
|
Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services. |
|
string |
/ |
Subdirectory that serves as the root for this HTTP service. |
|
[]string |
[*] |
A comma-separated list of allowed CORS origins. See following chapter for more details: Access-Control-Allow-Origin at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin |
|
[]string |
[GET POST PUT PATCH DELETE OPTIONS] |
A comma-separated list of allowed CORS methods. See following chapter for more details: Access-Control-Request-Method at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method |
|
[]string |
[Authorization Origin Content-Type Accept X-Requested-With] |
A comma-separated list of allowed CORS headers. See following chapter for more details: Access-Control-Request-Headers at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. |
|
bool |
true |
Allow credentials for CORS.See following chapter for more details: Access-Control-Allow-Credentials at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials. |
|
string |
127.0.0.1:9191 |
The bind address of the GRPC service. |
|
string |
metadata |
Store type configures the persistency driver. Supported values are "metadata" and "filesystem". |
|
string |
~/.ocis/settings |
The directory where the filesystem storage will store ocis settings. If not definied, the root directory derives from $OCIS_BASE_DATA_PATH:/settings. |
|
string |
127.0.0.1:9215 |
GRPC address of the STORAGE-SYSTEM service. |
|
string |
127.0.0.1:9215 |
GRPC address of the STORAGE-SYSTEM service. |
|
string |
|
ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format. |
|
string |
internal |
IDP of the oCIS STORAGE-SYSTEM system user. |
|
string |
|
API key for the STORAGE-SYSTEM system user. |
|
string |
|
The path to a JSON file with a list of bundles. If not definied, the default bundles will be loaded. |
|
string |
|
ID of the user that should receive admin privileges. Consider that the UUID can be encoded in some LDAP deployment configurations like in .ldif files. These need to be decoded beforehand. |
|
string |
|
The secret to mint and validate jwt tokens. |
|
bool |
false |
The default role assignments the demo users should be setup. |
| Name | Type | Default Value | Description |
|---|---|---|---|
|
bool |
false |
Activates tracing. |
|
string |
|
The type of tracing. Defaults to "", which is the same as "jaeger". Allowed tracing types are "jaeger" and "" as of now. |
|
string |
|
The endpoint of the tracing agent. |
|
string |
|
The HTTP endpoint for sending spans directly to a collector, i.e. http://jaeger-collector:14268/api/traces. Only used if the tracing endpoint is unset. |
|
string |
|
The log level. Valid values are: "panic", "fatal", "error", "warn", "info", "debug", "trace". |
|
bool |
false |
Activates pretty log output. |
|
bool |
false |
Activates colorized log output. |
|
string |
|
The path to the log file. Activates logging to this file if set. |
|
string |
127.0.0.1:9194 |
Bind address of the debug server, where metrics, health, config and debug endpoints will be exposed. |
|
string |
|
Token to secure the metrics endpoint. |
|
bool |
false |
Enables pprof, which can be used for profiling. |
|
bool |
false |
Enables zpages, which can be used for collecting and viewing in-memory traces. |
|
string |
127.0.0.1:9190 |
The bind address of the HTTP service. |
|
bool |
false |
Activates TLS for the http based services using the server certifcate and key configured via OCIS_HTTP_TLS_CERTIFICATE and OCIS_HTTP_TLS_KEY. If OCIS_HTTP_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with PROXY_INSECURE_BACKEND=true. |
|
string |
|
Path/File name of the TLS server certificate (in PEM format) for the http services. |
|
string |
|
Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the http services. |
|
string |
/ |
Subdirectory that serves as the root for this HTTP service. |
|
int |
604800 |
Browser cache control max-age value in seconds for settings Web UI assets. |
|
[]string |
[*] |
A comma-separated list of allowed CORS origins. See following chapter for more details: Access-Control-Allow-Origin at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin |
|
[]string |
[GET POST PUT PATCH DELETE OPTIONS] |
A comma-separated list of allowed CORS methods. See following chapter for more details: Access-Control-Request-Method at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Method |
|
[]string |
[Authorization Origin Content-Type Accept X-Requested-With] |
A comma-separated list of allowed CORS headers. See following chapter for more details: Access-Control-Request-Headers at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Request-Headers. |
|
bool |
true |
Allow credentials for CORS.See following chapter for more details: Access-Control-Allow-Credentials at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials. |
|
string |
127.0.0.1:9191 |
The bind address of the GRPC service. |
|
bool |
false |
Activates TLS for the grpc based services using the server certifcate and key configured via OCIS_GRPC_TLS_CERTIFICATE and OCIS_GRPC_TLS_KEY. If OCIS_GRPC_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with OCIS_GRPC_CLIENT_TLS_MODE=insecure. |
|
string |
|
Path/File name of the TLS server certificate (in PEM format) for the grpc services. |
|
string |
|
Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the grpc services. |
|
string |
|
TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification. |
|
string |
|
Path/File name for the root CA certificate (in PEM format) used to validate TLS server certificates of the go-micro based grpc services. |
|
string |
metadata |
Store type configures the persistency driver. Supported values are "metadata" and "filesystem". |
|
string |
~/.ocis/settings |
The directory where the filesystem storage will store ocis settings. If not definied, the root directory derives from $OCIS_BASE_DATA_PATH:/settings. |
|
string |
127.0.0.1:9215 |
GRPC address of the STORAGE-SYSTEM service. |
|
string |
127.0.0.1:9215 |
GRPC address of the STORAGE-SYSTEM service. |
|
string |
|
ID of the oCIS STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format. |
|
string |
internal |
IDP of the oCIS STORAGE-SYSTEM system user. |
|
string |
|
API key for the STORAGE-SYSTEM system user. |
|
string |
|
ID of the user that should receive admin privileges. Consider that the UUID can be encoded in some LDAP deployment configurations like in .ldif files. These need to be decoded beforehand. |
|
string |
|
Serve settings Web UI assets from a path on the filesystem instead of the builtin assets. Can be used for development and customization. |
|
string |
|
The secret to mint and validate jwt tokens. |
|
bool |
false |
The default role assignments the demo users should be setup. |
YAML Example
Note that the filename shown below has been chosen on purpose.
See the Configuration File Naming for details when setting up your own configuration.
# Autogenerated
# Filename: settings-config-example.yaml
tracing:
enabled: false
type: ""
endpoint: ""
collector: ""
log:
level: ""
pretty: false
color: false
file: ""
debug:
addr: 127.0.0.1:9194
token: ""
pprof: false
zpages: false
http:
addr: 127.0.0.1:9190
tls:
enabled: false
cert: ""
key: ""
root: /
cors:
allow_origins:
- '*'
allow_methods:
- GET
- POST
- PUT
- PATCH
- DELETE
- OPTIONS
allow_headers:
- Authorization
- Origin
- Content-Type
- Accept
- X-Requested-With
allow_credentials: true
grpc:
addr: 127.0.0.1:9191
tls: null
grpc_client_tls: null
store_type: metadata
data_path: ~/.ocis/settings
metadata_config:
gateway_addr: 127.0.0.1:9215
storage_addr: 127.0.0.1:9215
system_user_id: ""
system_user_idp: internal
system_user_api_key: ""
bundles_path: ""
admin_user_id: ""
token_manager:
jwt_secret: ""
set_default_assignments: false# Autogenerated
# Filename: settings-config-example.yaml
tracing:
enabled: false
type: ""
endpoint: ""
collector: ""
log:
level: ""
pretty: false
color: false
file: ""
debug:
addr: 127.0.0.1:9194
token: ""
pprof: false
zpages: false
http:
addr: 127.0.0.1:9190
tls:
enabled: false
cert: ""
key: ""
root: /
cache_ttl: 604800
cors:
allow_origins:
- '*'
allow_methods:
- GET
- POST
- PUT
- PATCH
- DELETE
- OPTIONS
allow_headers:
- Authorization
- Origin
- Content-Type
- Accept
- X-Requested-With
allow_credentials: true
grpc:
addr: 127.0.0.1:9191
tls:
enabled: false
cert: ""
key: ""
grpc_client_tls:
mode: ""
cacert: ""
store_type: metadata
data_path: ~/.ocis/settings
metadata_config:
gateway_addr: 127.0.0.1:9215
storage_addr: 127.0.0.1:9215
system_user_id: ""
system_user_idp: internal
system_user_api_key: ""
admin_user_id: ""
asset:
path: ""
token_manager:
jwt_secret: ""
set_default_assignments: false