Skip to content

Commit

Permalink
fixup! Mention the special http value for PG_PROXY_PORT in README
Browse files Browse the repository at this point in the history
  • Loading branch information
@alco
alco committed Dec 11, 2023
1 parent e4bca5a commit 7d9ecc6
Showing 1 changed file with 24 additions and 24 deletions.
48 changes: 24 additions & 24 deletions components/electric/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,30 +79,30 @@ make stop_dev_env

The Electric application is configured using environment variables. Everything that doesn't have a default is required to run.

| Variable | Default | Description |
| ------------------------ | ---------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `DATABASE_URL` | | PostgreSQL connection URL for the database. |
| `DATABASE_REQUIRE_SSL` | `false` | Set to `yes` or `true` to require SSL for the connection to the database. Note that you can always configure SSL for the connection by adding `sslmode=require` to [the `DATABASE_URL` parameters](https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS). |
| `DATABASE_USE_IPV6` | `false` | Set to `yes` or `true` if your database is only accessible over IPv6. This is the case with Fly Postgres, for example. |
| | | |
| `ELECTRIC_USE_IPV6` | `true` | Set to `false` to force Electric to only listen on IPv4 interfaces. By default, Electric will accept inbound connections over both IPv6 and IPv4 when running on Linux. On Windows and some BSD systems inbound connections over IPv4 will not be accepted unless this setting is disabled. |
| `LOGICAL_PUBLISHER_HOST` | | Host of this electric instance for the reverse connection from Postgres. It has to be accessible from the Postgres instance that is running at `DATABASE_URL`. |
| `LOGICAL_PUBLISHER_PORT` | `5433` | Port number to use for reverse connections from Postgres. |
| `HTTP_PORT` | `5133` | Port for HTTP connections. Includes client websocket connections on `/ws`, and other functions on `/api`. |
| | | |
| `PG_PROXY_PORT` | `65432` | <p>Port number for connections to the [Postgres migrations proxy][1].</p><p>Setting this variable to the special value `http` enables the migrations proxy to accept connections from the proxy tunnel (`npx electric-sql proxy-tunnel`) when Electric is running behind a restrictive firewall that only allows HTTP/HTTPS connections. |
| `PG_PROXY_PASSWORD` | | Password to use when connecting to the Postgres proxy via `psql` or any other Postgres client. |
| | | |
| `AUTH_MODE` | `"secure"` | Authentication mode to use to authenticate Satellite clients. See below. |
| `AUTH_JWT_ALG` | | <p>The algorithm to use for JWT verification. Electric supports the following algorithms:</p><ul><li>`HS256`, `HS384`, `HS512`: HMAC-based cryptographic signature that relies on the SHA-2 family of hash functions.</li><li>`RS256`, `RS384`, `RS512`: RSA-based algorithms for digital signature.</li><li>`ES256`, `ES384`, `ES512`: ECC-based algorithms for digital signature.</li></ul> |
| `AUTH_JWT_KEY` | | The key to use for JWT verification. Must be appropriate for the chosen signature algorithm. For `RS*` and `ES*` algorithms, the key must be in PEM format. |
| `AUTH_JWT_NAMESPACE` | | <p>This is an optional setting that specifies the location inside the token of custom claims that are specific to Electric.</p><p>Currently, only the `user_id` custom claim is required.</p |
| `AUTH_JWT_ISS` | | <p>This optional setting allows you to specificy the "issuer" that will be matched against the `iss` claim extracted from auth tokens.</p><p>This can be used to ensure that only tokens created by the expected party are used to authenticate your Satellite client.</p> |
| `AUTH_JWT_AUD` | | <p>This optional setting allows you to specificy the "audience" that will be matched against the aud claim extracted from auth tokens.</p><p>This can be used to ensure that only tokens for a specific application are used to authenticate your Satellite client.</p> |
| | | |
| `ELECTRIC_INSTANCE_ID` | `electric` | Unique identifier of this Electric instance when running in a cluster (not yet supported). When running locally, you can use any string |

[1]: https://electric-sql.com/docs/usage/data-modelling/migrations
| Variable | Default | Description |
| ------------------------ | ---------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `DATABASE_URL` | | PostgreSQL connection URL for the database. |
| `DATABASE_REQUIRE_SSL` | `false` | Set to `yes` or `true` to require SSL for the connection to the database. Note that you can always configure SSL for the connection by adding `sslmode=require` to [the `DATABASE_URL` parameters](https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS). |
| `DATABASE_USE_IPV6` | `false` | Set to `yes` or `true` if your database is only accessible over IPv6. This is the case with Fly Postgres, for example. |
| | | |
| `ELECTRIC_USE_IPV6` | `true` | Set to `false` to force Electric to only listen on IPv4 interfaces. By default, Electric will accept inbound connections over both IPv6 and IPv4 when running on Linux. On Windows and some BSD systems inbound connections over IPv4 will not be accepted unless this setting is disabled. |
| `LOGICAL_PUBLISHER_HOST` | | Host of this electric instance for the reverse connection from Postgres. It has to be accessible from the Postgres instance that is running at `DATABASE_URL`. |
| `LOGICAL_PUBLISHER_PORT` | `5433` | Port number to use for reverse connections from Postgres. |
| `HTTP_PORT` | `5133` | Port for HTTP connections. Includes client websocket connections on `/ws`, and other functions on `/api`. |
| | | |
| `PG_PROXY_PORT` | `65432` | <p>Port number for connections to the [Postgres migrations proxy][1].</p><p>If you have Electric deployed behind a restrictive firewall that only allows HTTP/HTTPS connections, you can add the `http:` prefix to the port number. This will enable the tunelling mode in which the migrations proxy will accept WebSocket connections from the proxy tunnel (`npx electric-sql proxy-tunnel`).</p> |
| `PG_PROXY_PASSWORD` | | Password to use when connecting to the Postgres proxy via `psql` or any other Postgres client. |
| | | |
| `AUTH_MODE` | `"secure"` | Authentication mode to use to authenticate Satellite clients. See below. |
| `AUTH_JWT_ALG` | | <p>The algorithm to use for JWT verification. Electric supports the following algorithms:</p><ul><li>`HS256`, `HS384`, `HS512`: HMAC-based cryptographic signature that relies on the SHA-2 family of hash functions.</li><li>`RS256`, `RS384`, `RS512`: RSA-based algorithms for digital signature.</li><li>`ES256`, `ES384`, `ES512`: ECC-based algorithms for digital signature.</li></ul> |
| `AUTH_JWT_KEY` | | The key to use for JWT verification. Must be appropriate for the chosen signature algorithm. For `RS*` and `ES*` algorithms, the key must be in PEM format. |
| `AUTH_JWT_NAMESPACE` | | <p>This is an optional setting that specifies the location inside the token of custom claims that are specific to Electric.</p><p>Currently, only the `user_id` custom claim is required.</p |
| `AUTH_JWT_ISS` | | <p>This optional setting allows you to specificy the "issuer" that will be matched against the `iss` claim extracted from auth tokens.</p><p>This can be used to ensure that only tokens created by the expected party are used to authenticate your Satellite client.</p> |
| `AUTH_JWT_AUD` | | <p>This optional setting allows you to specificy the "audience" that will be matched against the aud claim extracted from auth tokens.</p><p>This can be used to ensure that only tokens for a specific application are used to authenticate your Satellite client.</p> |
| | | |
| `ELECTRIC_INSTANCE_ID` | `electric` | Unique identifier of this Electric instance when running in a cluster (not yet supported). When running locally, you can use any string |

[1]: https://electric-sql.com/docs/usage/data-modelling/migrations#migrations-proxy

**Authentication**

Expand Down

0 comments on commit 7d9ecc6

Please sign in to comment.