docs/content/4.backend/2.configuration.md

---
title: 'Configuration'
---
# Backend Config Reference

The config the backend can be provided in 3 ways.
- Make a `config.json` file in the working directory of the application (root of repository)
- Make a `.env` file in the working directory of the application (root of repository)
- Add environment variables to your system (or container)

## Method 1 - `config.json`

This method uses nesting. So the key `server.basePath`. Will result in a json file like this:
```json
{
    "server": {
        "basePath": "/backend",
    }
}
```

## Method 2 - `.env`

The environment variable names use double underscores as separators and `MWB_` as the prefix. So the key `server.basePath` will result in the .env file like this:
```sh
MWB_SERVER__BASE_PATH=/backend
```

## Method 3 - Environment

This method is identical to the `.env` method listed above, but you add the variables to the environment instead of writing it in a file.

# Reference

### `server.port`
Port number that the HTTP server listens on.

Example: `8080`

### `server.cors`
Space seperated list of allowed origins.

Example:
```
https://movie-web.app https://testing.movie-web.app
```

### `server.allowAnySite`
If this setting is set to true, it allows any origin to access the site.
This overwrites the setting at `server.cors`.

Example: `false`

### `server.trustProxy`
Should the server trust reverse proxy headers? This is used to identify users for ratelimiting

Example: `false`

### `server.trustCloudflare`
Should the server trust cloudflare IP headers? This is used to identify users for ratelimiting

Example: `false`

### `server.basePath`
Prefix for which path is being listened on. Useful you're hosting on `example.com/backend` for example.
If this is set, you shouldn't apply url rewriting before proxying.

Example: `/backend`

### `logging.format`
Logging format, Should be either `pretty` or `json`.

Example: `pretty`

### `postgres.connection` - REQUIRED
Connection URL for postgres instance, should contain the database in the URL.

Example: `postgresql://localhost:5432`

### `postgres.migrateOnBoot`
Run all migrations that haven't ran yet on boot.

Example: `false`

::alert{type="warn"}
If you have multiple replicas running, this can cause a lot of issues. We recommend only using this if you run only one replica.
::

### `postgres.debugLogging`
Log all postgres queries in the console, this outputs sensitive data so DO NOT run it in production.

Example: `false`

### `crypto.sessionSecret` - REQUIRED
The secret used to sign sessions. Must be at least 32 characters long.

Example: `Make your own`

### `meta.name` - REQUIRED

The name of the backend instance, this will be displayed to users who try to create an account.

Example: `Unofficial movie-web`

### `meta.description`

The description of the backend instance, this will be displayed to users who try to create an account.

Example: `This is not an official instance of movie-web`

### `captcha.enabled`

To protect your server from bot attacks, captcha's can be useful to enabled. If this is enabled, all other captcha related settings are required.

Example: `false`

### `captcha.secret`

Google Recaptcha secret key.

Example: `sjgaJ@3djasFVx`

### `captcha.clientKey`

Google Recaptcha site key.

Example: `2jf853z5bc63bvDb2323FAda`

### `ratelimits.enabled`

To protect bot attacks or spammy users, you can enabled ratelimits. Make sure your ip headers are properly forwarded if you're using a reverse proxy. Also see `server.trustProxy`. If this is enabled, all other ratelimit related settings are required.

Example: `false`

### `ratelimits.redisUrl`

Redis connection URL for storing ratelimit data. Just uses plain redis without any modules.

Example: `redis://localhost:6379`