Skip to content

Latest commit

 

History

History
113 lines (106 loc) · 44.9 KB

environment-variables.md

File metadata and controls

113 lines (106 loc) · 44.9 KB

Environment Variables

In the following you can find all the environment variables used in the TruBudget project. Use this list as reference for development and deployment.

Project Shortcut
Frontend ui
API api
Blockchain bc
Provisioning prov
Excel export service excel
Storage service storage
Email notification service email
Docker-compose scripts

If you need a .env.example file as a template, use the .env.example file in /scripts/operation. This file has all values pre-filled.

Env Variable Required Default Value Used by Description
ORGANIZATION yes - bc/api In the blockchain network, each node is represented by its organization name. This environment variable sets this organization name. It is used to create the organization stream on the blockchain and is also displayed in the frontend's top right corner.
ORGANIZATION_VAULT_SECRET yes - api This is the key to en-/decrypt user data of an organization. If you want to add a new node for your organization, you want users to be able to log in on either node. Make sure that the api connected to the new node has the same organization vault secret.
Caution: If you want to run TruBudget in production,make sure NOT to use the default value from the .env.example file!
API_HOST no bc/prov The IP address of one api which is connected to the node you want to connect to (The IP addresses are usually the same as for the P2P host address).
API_PORT no 8080 bc/prov The port used to connect to the api.
JWT_SECRET no [random] api/bc A string that is used to sign JWT which are created by the authenticate endpoint of the api
P2P_HOST no bc The IP address of the blockchain node you want to connect to.
P2P_PORT no 7447 bc The port on which all nodes in the blockchain network have exposed their MultiChain daemon for peer-to-peer connections. Beta nodes will connect to the P2P_PORT of the Alpha node through this variable. Alpha nodes will expose their MultiChain daemon through this variable.
PORT no 8080 for api, 8888 for excel api/export The port used to expose the API and excel-export for your installation. Example: If you run TruBudget locally and set API_PORT to 8080, you can reach the API via localhost:8080/api.
ROOT_SECRET no [random] api The root secret is the password for the root user. If you start with an empty blockchain, the root user is needed to add other users, approve new nodes,.. If you don't set a value via the environment variable, the API generates one randomly and prints it to the console
Caution: If you want to run TruBudget in production, make sure to set a secure root secret.
BLOCKCHAIN_PORT no 8085 api/bc The Port of the blockchain where the server is available for incoming http connections (e.g. readiness, versions, backup and restore)
MULTICHAIN_RPC_PASSWORD no [hardcoded] api/bc Password used by the API to connect to the blockchain. The password is set by the origin node upon start. Every beta node needs to use the same RPC password in order to be able to connect to the blockchain.
Hint: Although the MULTICHAIN_RPC_PASSWORD is not required it is highly recommended to set an own secure one
MULTICHAIN_RPC_PORT no 8000 api/bc The port used to expose the multichain daemon of your TruBudget blockchain installation(bc) for RPC connections. The port used to connect to the api of the multichain daemon. This will be used internally for the communication between the API and the multichain daemon.
MULTICHAIN_RPC_USER no multichainrpc api/bc The user used to connect to the multichain daemon.
MULTICHAIN_FEED_ENABLED no false bc If set to true the multichain-feed go script in src/multichain-feed/multichain-feed is passed to the mutlichain daemon and executed in a separate process.
BUILDTIMESTAMP no bc The /version endpoint returns this variable as buildTimeStamp property
BLOCKNOTIFY_SCRIPT no bc Configure the blocknotifiy argument of the multichain configuration like -blocknotify=[BLOCKNOTIFY_SCRIPT]
AUTOSTART no true bc If set to false multichain daemon will not start automatically.
RPC_ALLOW_IP no 0.0.0.0/0 bc It refers to an allowed IP address range, given either by IP or CIDR notation. 0.0.0.0/0 will allow access from anywhere.
EXTERNAL_IP no bc The EXTERNAL_IP option is the IP address with which the current node can be reached. The variable is forwarded to the multichain daemon as externalip argument. This will be reported to other nodes in the Trubudget network. By default, daemon will try to automatically detect an external IP address. However, this might not always be accurate, especially if a node is behind a NAT or a firewall. By using EXTERNAL_IP, you can manually specify the IP. This can be useful if you want to ensure that your node is reachable at a specific address. If your node is not actually reachable at the specified IP address (e.g. because of a firewall), other nodes might not be able to connect to it.
Example: If you have a VM running on 22.22.22.22 and you want to start a beta node from this VM to connect to an alpha running on 11.11.11.11, you set EXTERNAL_IP to 11.11.11.11 on alpha node and 22.22.22.22 on beta node.
NODE_ENV yes development or production bc Environment: Default development when running development-script. Production when running production-script
CERT_PATH no bc The path to the certificate used by the blockchain to authenticate with the connection peer. Note that self-signed certificates are not allowed in production environments. More information can be found here
CERT_CA_PATH no bc The path to the certificate authority root certificate by the blockchain to authenticate with the connection peer. Note that self-signed certificates are not allowed in production environments.More information can be found here
CERT_KEY_PATH no bc The path to the certificate key used by the blockchain to authenticate with the connection peer. More information can be found here
ACCESS_CONTROL_ALLOW_ORIGIN no "*" bc/api/excel/storage/email Since the services use CORS, the domain by which it can be called needs to be set. Setting this value to "*" means that it can be called from any domain. Read more about this topic here.
MULTICHAIN_DIR no /root bc The path to the multichain folder where the blockchain data is persisted. For installations via docker compose, this refers to the path within the docker container of the blockchain. For bare metal installations, this refers to the path on the machine the blockchain is running on.
PRETTY_PRINT no true * Decides whether the logs printed by services are pretty printed or not. Pretty printed logs are easier to read while non-pretty printed logs are easier to store and use e.g. in the ELK (Elasticsearch-Logstash-Kabana) stack.
TAG no main scripts The tag defines the version of the image that is pulled from the docker hub.
NODE_ENV no ui/api If set to development search Trubudget's external services on localhost, api will allow any string as password. If set to production disable Redux devtools extension.
REACT_APP_VERSION no ui Injected version via $npm_package_version in.env file to ensure the version is shown in the frontend
INLINE_RUNTIME_CHUNK no false frontend Scripts that are injected by React will not be injected inline but as script with src="...". Important for being able to enforce a stricter Content Security Policy
REACT_APP_EMAIL_SERVICE_ENABLED no false ui When enabled, the frontend requests a email-service readiness call when entering the login screen.
If true the email section in the user-profile is enabled
EMAIL_HOST no - ui IP address of the email notification service
EMAIL_PORT no 8890 ui Port of the email notification service
REACT_APP_EXPORT_SERVICE_ENABLED no false ui If true the frontend requests a export-service readiness call when entering the login screen and
the export button is shown at the side navbar
EXPORT_HOST no - ui IP address of the excel export service
EXPORT_PORT no 8888 ui Port of the excel export service
REACT_APP_LOGGING no false ui When enabled, the log/error messages on the frontend are send back to the frontend-collector
REACT_APP_LOG_LEVEL no trace ui Values are: info or error or trace. When set to trace all state transitions of the ui are logged to console & sent back to the frontend-collector
REACT_APP_LOGGING_SERVICE_HOST no localhost ui Host of the frontend-collector
REACT_APP_LOGGING_SERVICE_PORT no 3000 ui Port on which the frontend-collector is listening
REACT_APP_LOGGING_SERVICE_HOST_SSL no false ui Defines whether the frontend logger uses SSL to communicate with the frontend-collector. When used in production, SSL must be enabled!
REACT_APP_LOGGING_PUSH_INTERVAL no 20 ui Defines in which intervals the collected log-messages should be push to the frontend-collector (in seconds).
DB_TYPE no pg email Type of database. A supported list can be found in the Database Configuration section
DB_NAME no trubudget_email_service email Name of the database
DB_USER no postgres email User name for connected database
DB_PASSWORD no test email Password for connected database
DB_HOST no localhost email IP of connected database
DB_PORT no 5432 email Port of connected database
DB_SCHEMA no public email Schema of connected database
DB_SSL no false email If true the DB connection is using the SSL protocol
USER_TABLE no users email Name of the table which is created if the first email address is inserted
SMTP_USER no testuser email This is forwarded to the auth prop of the nodemailer's transport-options, to authenticate with the credentials of the configured SMTP server
SMTP_PASSWORD no test email IP of external SMTP-Server used to actually send notification emails
SMTP_HOST no localhost email IP of external SMTP-Server used to actually send notification emails
SMTP_PORT no 2500 email Port of external SMTP-Server
SMTP_SSL no false email If true the external SMTP-Server connection is using the SSL protocol
SQL_DEBUG no false email The SQL Debug option is forwarded to the knex configuration
EMAIL_FROM no Trubudget Notification Service👻 email This is injected into the from field of the email notification
EMAIL_SUBJECT no Trubudget Notification email This is injected into the subject field of the email notification
EMAIL_TEXT no You have received a notification. email This is injected into the body of the email notification
LOG_LEVEL no info all Defines the log output. Supported levels are trace, debug, info, warn, error, fatal
SIGNING_METHOD no node api Possible signing methods are: node and user. Transactions on the chain will be signed using either the address of the node or the address of the specific user publishing that transaction.
ENCRYPTION_PASSWORD no - api If set, all data that is send to the MultiChain node and external storage will be symmetrically encrypted by the ENCRYPTION_PASSWORD
JWT_SECRET no - (required) email A secret of min length of 32 - It is used to verify the JWT_TOKEN sent by users of the email-service endpoints
AUTHENTICATION no JWT email If set to none, no JWT-Token is required for all endpoints. If set JWT, a JWT token is necessary
DOCUMENT_FEATURE_ENABLED no false api If true, all uploaded documents are stored using trubudget's storage-service. If false, the document feature of TruBudget is disabled, and trying to upload a document will result in an error.
DOCUMENT_EXTERNAL_LINKS_ENABLED no false api If true, it is possible to use external documents links also without trubudget's storage-service. If false, the external documents links feature of TruBudget is still possible to use in case DOCUMENT_FEATURE_ENABLED equals "true".
STORAGE_SERVICE_HOST no localhost storage IP address of storage service
STORAGE_SERVICE_PORT no 8090 storage Port of storage service
STORAGE_SERVICE_EXTERNAL_URL no - api IP and port of own connected storage service accessible externally
STORAGE_PROVIDER minio Set to azure-storage if you use Azure Storage Account, otherwise defaults to minio
MINIO_ACCESS_KEY no minio storage Access key for Minio server
MINIO_SECRET_KEY no minio123 storage Secret (Password) for Minio server
MINIO_PORT no 9000 storage Port of connected Minio
MINIO_HOST no localhost storage IP address of connected Minio server
MINIO_BUCKET_NAME no trubudget storage Bucket name of the connected Minio server
MINIO_REGION us-east-1 Region where the bucket is created. This parameter is optional. Default value is us-east-1.
LOGGER_PORT yes 3000 logging Port where the frontend-collector is exposed
API_HOST yes localhost logging API host
API_PORT yes 8080 logging API port
LOG_LEVEL yes trace logging Log-level
LOGGING_SERVICE_CACHE_DURATION yes 20 logging Defines how long valid JWT should be cached (in minutes).
LOGGING_SERVICE_NODE_ENV yes production logging Environment
CI_COMMIT_SHA "" bc/api/excel/storage/email Defines the CI_COMMIT_SHA property returned by the version endpoint.
RATE_LIMIT no - api If set, API will limit the number of requests from any individual IP address to the set number per minute. Can be set to any number, but shouldn't be set too low.

Kubernetes

Env Variable Required Default Value Used by Description
EXPOSE_MC no false bc If set to true Trubudget tries to expose it's multichain via kubernetes' ingress. First a kubernetes config file is searched in /.kube/config. If not found and the MC is deployed in a cluster, it is searching for the service account to get the information. After configuration the externalip arg is set to the ip of the service' ingress of the configured clusterSERVICE_NAME and NAMESPACE are required to access the ingress of the service.
KUBE_SERVICE_NAME no bc This variable is only required if EXPOSE_MC is set to true. It defines which service the kubernetes client should search for in the configured kubernetes cluster
KUBE_NAMESPACE no bc This variable is only required if EXPOSE_MC is set to true. It defines in which namespace the kubernetes client should search for the given service